PWS:MSIL/Kelopol.B is a trojan password stealer. It captures user and system information and sends this data to an attacker via SMTP email.
PWS:MSIL/Kelopol.B may be installed by other malware.
Captures & sends sensitive information
When run, it captures user and system information such as the following:
- computer name
- user login name
- list of applications in use
- list of web services running with hashes of each
Collected data is then sent via SMTP email to a Gmail user account named "rifai1".
The trojan contains the following string which is never displayed:
Based off of the polymorphic keylogger tutorial written by <name redacted>
Analysis by Haoran Yu & Patrick Nolan
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.