Win32/Potao [Threat Name] go to Threat
Win32/Potao.H [Threat Variant Name]
| Category | trojan |
Short description
Win32/Potao.H is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.
Installation
The trojan does not create any copies of itself.
The trojan is usually a part of other malware with name Win32/Potao.D .
Information stealing
The trojan collects the following information:
- operating system version
- computer name
- list of computer users
- language settings
- list of files/folders on a specific drive
- file(s) content
- computer IP address
- list of recently opened/executed files
- a list of recently visited URLs
- installed antivirus software
- installed program components under [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] Registry subkeys
- list of running processes
- video controller type
- CPU information
- USB storage devices information
- screenshots
- logged keystrokes
The trojan collects information related to the following applications:
- Safari
- Windows Live Mail
- Mozilla Thunderbird
- Microsoft Outlook
- Mozilla Firefox
- Opera
- Internet Explorer
- Google Chrome
The trojan attempts to send gathered information to a remote machine.