Provide feedback
Send us feedback
Tell us about your experience
Submit feedback
Thank you for your feedback
Published Mar 10, 2015
|
Updated Sep 15, 2017
TrojanSpy:Win32/Hesperbot.A
What to do now
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find hidden malware.
Protect your sensitive information
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
Get more help
You can also see our advanced troubleshooting page for more help.
If you’re using Windows XP , see our Windows XP end of support page .
Technical information
Threat behavior
Installation
This threat can create files on your PC, including:
The malware uses code injection to make it harder to detect and remove. It can inject code into running processes.
Payload
Collects your sensitive information
This threat can collect your sensitive information without your consent. This can include:
The keys you press
The applications you open
Your web browsing history
Your credit card information
Your user names and passwords
It can also imitate a legitimate website to lure you into revealing your sensitive information.
Additional information
Creates a mutex
This threat can create one or more mutexes on your PC. For example:
Global\awasysakiwapeluwiwekijipukyzyjozafyfacyjakiqolefilimujopqf.mutex
Global\inst_abubaskzabonizytakexyminykivaruvizodekehacekibabirahydawali
Global\inst_adakewawlsyrabecusynytaqxseqejijyxudutinukesirutotuwfxywebu
Global\inst_afatogypixewjnevymodxxeqhwidekymenydccikoqbweqohizehiryximy
Global\inst_ibejyhumysobfhalewudizutycapafuvypasuzulavybyjjgufivdnigozg
Global\inst_odoraverehecemegwqulicuqesufypuweradylaxufetarygibozoxulthy
Global\inst_ojoneryzgbujiqajoghldbdlygukeriguruhudtpogysqqdzzdiwqfibila
Global\lock_anesigotakazamsnohyzuwibifikakukosenazaxivisegasovyzepovaze
Global\lock_irwfipopucomezenaturevovfbejedycebyrygolurehanojosnqipuncry
Global\lock_ojuwuliwepitelenagedirihaxktugesevofinycadozoxemkpyxywocylu
It might use this mutex as an infection marker to prevent more than one copy of the threat running on your PC.
This malware description was published using automated analysis of file SHA1 a57a8eac788b401023fa0712e7450185ccb8b466 .
Prevention
Symptoms
The following can indicate that you have this threat on your PC:
You see a file similar to:
The presence of a mutex such as:
Global\awasysakiwapeluwiwekijipukyzyjozafyfacyjakiqolefilimujopqf.mutex Global\inst_abubaskzabonizytakexyminykivaruvizodekehacekibabirahydawali Global\inst_adakewawlsyrabecusynytaqxseqejijyxudutinukesirutotuwfxywebu Global\inst_afatogypixewjnevymodxxeqhwidekymenydccikoqbweqohizehiryximy Global\inst_ibejyhumysobfhalewudizutycapafuvypasuzulavybyjjgufivdnigozg Global\inst_odoraverehecemegwqulicuqesufypuweradylaxufetarygibozoxulthy Global\inst_ojoneryzgbujiqajoghldbdlygukeriguruhudtpogysqqdzzdiwqfibila Global\lock_anesigotakazamsnohyzuwibifikakukosenazaxivisegasovyzepovaze Global\lock_irwfipopucomezenaturevovfbejedycebyrygolurehanojosnqipuncry Global\lock_ojuwuliwepitelenagedirihaxktugesevofinycadozoxemkpyxywocylu
Debug Version = 1.0.0.0;