WndTest

Description

(Cylance) WndTest is the evolution of the PVZ tool chain into a single executable. The tool chain is minimized down to a command and control communications, keystroke logging, and clipboard monitoring. The command and control still supports upgrading, downloading, and executing of applications, as well as executing batch scripts. WndTest installs as a service and has been observed attempting to impersonate Adobe Report Service. WndTest starts using PHP servers for its command and control server, some of which are listed as defaced sites.

Names

Name
WndTest

Category

Malware

Type

• Backdoor
• Keylogger
• Info stealer

Information

• https://www.cylance.com/content/dam/cylance/pdfs/reports/Cylance_Operation_Cleaver_Report.pdf

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.wndtest

Other Information

Uuid

a93adfe0-0977-4462-b74b-eefe7ac82ff8

Last Card Change

2020-04-23