Wowcraft.c is a trojan that monitors opened windows and steals user login names and passwords related to popular computer games "World of Warcraft" and "The Legend of Mir". Gathered data is transferred to a predefined remote host. Wowcraft.c can also terminate running security-related software and log user keystrokes.
debugprogram.exeexert.exelsass.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun op=percentWindowspercentlsass.exeHKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePageCommand(Default)=C:Program FilesInternet Explorerintexplore.com percent1HKEY_LOCAL_MACHINESOFTWAREClasses.exe(Default)=WindowFilesHKEY_LOCAL_MACHINESOFTWAREClasses.exe(Default)=percentWindirpercentexert.exe "percent1" percent*HKEY_LOCAL_MACHINESOFTWAREClassesftpShellOpenCommand(Default)=C:Program FilesInternet Explorerintexplore.com percent1HKEY_LOCAL_MACHINESOFTWAREClasseshtmlfileShellOpenCommand(Default)=C:Program FilesCommon Filesintexplore.pif percent1HKEY_LOCAL_MACHINESOFTWAREClasseshtmlfileShellOpenCommand(Default)=C:Program FilesInternet Explorerintexplore.com -nohomeHKEY_LOCAL_MACHINESOFTWAREClassesHTTPShellOpenCommand(Default)=C:Program FilesCommon Filesintexplore.pif -nohomeHKEY_LOCAL_MACHINESOFTWAREClassesWindowFilesShellOpenCommand(Default)=WindowFilesHKEY_LOCAL_MACHINESOFTWAREClassesWindowFilesShellOpenCommand(Default)=percentWindirpercentexert.exe "percent1" percent*HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetintexplore.pifHKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainCheck_Associations=no