Win32/Chip [Threat Name] go to Threat

Win32/Chip.A [Threat Variant Name]

Category trojan
Size 22064 B
Aliases Trojan-GameThief.Win32.Tibia.bwr (Kaspersky)
  PWS-Tibia (McAfee)
Short description

Win32/Chip.A is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine.

Installation

When executed, the trojan copies itself into the folder:

  • %windir%

with the following file names:

  • lsass.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKLM\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "lsass.exe" = "%windir%\­lsass.exe"
Information stealing

Win32/Chip.A is a trojan that steals account names and passwords for the following online games:

  • Tibia

The trojan contains a list of (1) IP addresses.


The trojan can send the information to a remote machine. The HTTP protocol is used.

Other information

If it succeeds, the trojan removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.