Analysis of TR/Spy.SpyEye

less than 1 minute read

avira_logo_red_rgb (2)Avira TechBlog: SpyEye is a malware family which we are monitoring for some time. Today we are analyzing a sample which is detected as TR/Spy.SpyEye.flh by Avira products.

The Trojan is able to inject code in running processes and can perform the following functions:

  • Capture network traffic
  • Send and receive network packets in order to bypass application firewalls
  • Hide and prevent access to the startup registry entry
  • Hide and prevent access to the binary code
  • Hide the own process on injected processes
  • Steal information from Internet Explorer and Mozilla Firefox

A detailed analysis of this malware by Liviu Serban, Virus Researcher at Avira.

You can read this useful article here: http://techblog.avira.com/2011/03/30/analysis-of-trspy-spyeye/en/


This analysis is also available as download here (PDF).

Leave a comment