Fandom

Malware Wiki

Spycar

1,321pages on
this wiki
Add New Page
Comments0 Share

Hoax.Win32.Spycar.a or Spycar is a hoax program that runs on Win32 Operating Systems.

BehaviorEdit

Spycar is a spyware program that represents security risk for a local system. When executed, Spycar displays a message box, as shown below :

Spycar Messagebox (?)

The following files were created in the system:

# Filename(s) File Size
1 %Temp%\AlterHostsFile.exe 10,240 bytes
2 %Temp%\HKCU_Run.exe 11,776 bytes
3 %Temp%\HKCU_RunOnce.exe 11,776 bytes
4 %Temp%\HKLM_Run.exe 11,776 bytes
5 %Temp%\HKLM_RunOnce.exe 11,776 bytes
6 %Temp%\HKLM_RunOnceEx.exe 11,776 bytes
7 %Temp%\IE-HomePageLock.exe 9,728 bytes
8 %Temp%\IE-KillAdvancedTab.exe 10,240 bytes
9 %Temp%\IE-KillConnectionsTab.exe 10,240 bytes
10 %Temp%\IE-KillContentTab.exe 10,240 bytes
11 %Temp%\IE-KillGeneralTab.exe 10,240 bytes
12 %Temp%\IE-KillPrivacyTab.exe 10,240 bytes
13 %Temp%\IE-KillProgramsTab.exe 10,240 bytes
14 %Temp%\IE-KillSecurityTab.exe 10,240 bytes
15 %Temp%\IE-SetHomePage.exe 10,240 bytes
16 %Temp%\IE-SetSearchPage.exe 10,240 bytes
17 [file and pathname of the sample #1] 72,128 bytes

There were new processes created in the system :

Process Name Process Filename Main Module Size
HKCU_RunOnce.exe %Temp%\hkcu_runonce.exe 20,480 bytes
HKLM_Run.exe %Temp%\hklm_run.exe 20,480 bytes
HKLM_RunOnce.exe %Temp%\hklm_runonce.exe 20,480 bytes
HKLM_RunOnceEx.exe %Temp%\hklm_runonceex.exe 20,480 bytes
IE-HomePageLock.exe %Temp%\ie-homepagelock.exe 20,480 bytes
IE-KillAdvancedTab.exe %Temp%\ie-killadvancedtab.exe 20,480 bytes
IE-KillConnectionsTab.exe %Temp%\ie-killconnectionstab.exe 20,480 bytes
IE-KillContentTab.exe %Temp%\ie-killcontenttab.exe 20,480 bytes
IE-KillGeneralTab.exe %Temp%\ie-killgeneraltab.exe 20,480 bytes
IE-KillPrivacyTab.exe %Temp%\ie-killprivacytab.exe 20,480 bytes
IE-KillProgramsTab.exe %Temp%\ie-killprogramstab.exe 20,480 bytes
IE-KillSecurityTab.exe %Temp%\ie-killsecuritytab.exe 20,480 bytes
IE-SetHomePage.exe %Temp%\ie-sethomepage.exe 24,576 bytes
IE-SetSearchPage.exe %Temp%\ie-setsearchpage.exe 24,576 bytes
AlterHostsFile.exe %Temp%\alterhostsfile.exe 20,480 bytes
HKCU_Run.exe %Temp%\hkcu_run.exe 20,480 bytes

The following Registry Keys were created:

  • HKEY_CURRENT_USER\Software\Intelguardians
  • HKEY_CURRENT_USER\Software\Intelguardians\Spycar
  • HKEY_CURRENT_USER\Software\Intelguardians\Spycar\Complete
  • HKEY_CURRENT_USER\Software\Intelguardians\Spycar\Pending

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.