Win32/Caphaw [Threat Name] go to Threat

Win32/Caphaw.N [Threat Variant Name]

Category trojan
Size 3717121 B
Aliases Trojan:Win32/Caphaw.A (Microsoft)
  Infostealer (Symantec)
  Win32:Caphaw-V (Avast)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


The trojan does not create any copies of itself.

The trojan is usually a part of other malware.

Information stealing

Win32/Caphaw.N is a trojan that steals sensitive information.

The trojan collects the following information:

  • FTP account information
  • login user names for certain applications/services
  • login passwords for certain applications/services
  • e-mail accounts data

The following programs are affected:

  • 32bit FTP
  • AceFTP
  • Auto FTP Manager
  • Bitkinex
  • BlueZone Secure FTP
  • BulletProof FTP
  • Classic FTP
  • Core FTP
  • CuteFTP
  • DirectFTP
  • Directory Opus
  • EmFTP
  • ExpanDrive
  • Far Manager
  • FileZilla
  • FlashFXP
  • Fling FTP
  • Frigate
  • FTP Commander
  • FTP Control
  • FTP Explorer
  • FTP Now
  • FTP Rush
  • FTP Surfer
  • FTP Voyager
  • Microsoft Outlook
  • NetDrive
  • SecureFX
  • SmartFTP
  • SoftX FTP Client
  • The Bat!
  • Total Commander
  • TurboFTP
  • UltraFXP
  • Web Site Publisher
  • WebDrive FTP Client
  • WinSCP
  • WS_FTP

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (2) URLs. The HTTP, TCP, ICMP protocol is used.

The trojan checks for Internet connectivity by trying to connect to the following addresses:


The trojan can be used to gain full access to the compromised computer.

The trojan serves as a proxy server.

The trojan hooks the following Windows APIs:

  • BeginPaint (user32.dll)
  • CallWindowProcA (user32.dll)
  • CallWindowProcW (user32.dll)
  • CreateProcessA (kernel32.dll)
  • CreateProcessAsUserW (kernel32.dll)
  • CreateProcessW (kernel32.dll)
  • DefDlgProcA (user32.dll)
  • DefDlgProcW (user32.dll)
  • DefMDIChildProcA (user32.dll)
  • DefMDIChildProcW (user32.dll)
  • DefWindowProcA (user32.dll)
  • DefWindowProcW (user32.dll)
  • EndPaint (user32.dll)

Please enable Javascript to ensure correct displaying of this content and refresh this page.