Threat Encyclopedia

Riskware/PassView

description-logoAnalysis

Riskware/PassView is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP. Since this is a generic detection, riskware that are detected as Riskware/PassView may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Files detected as Riskware/PassView fall under the category of password recovery tools and is classified as greyware.

  • These files may potentially compromise or weaken a user's security by displaying the saved passwords and details from certain applications/programs on the user's computer.

  • Depending on the tool, passwords may be recovered from the following applications/programs:
    • Email Clients:
      • Eudora
      • Gmail
      • IncrediMail
      • Hotmail
      • IncrediMail
      • Mozilla Thunderbird
      • Netscape
      • Outlook
    • Web Browsers:
      • Chrome
      • FireFox
      • Internet Explorer
      • Opera
      • Safari

  • Below are images of the password recovery tools:

    • Figure 1: Password recovery tool for email clients.


    • Figure 2: Password recovery tool for web browser.


    • Figure 3: Password recovery tool for web browser.


  • Following are some of the exact file hashes associated with this detection:
    • Md5: 3e81668df5b7ae38fb883663020454fe
      Sha256: e61bf9bd369c8de2cf56b331b03d14773accc2857c7d52d325c1bf727c7f61ae
    • Md5: 64ce7b9de8918df073c22143a971ef9d
      Sha256: 700c053da68ba071145672e2ddba2a6189e14912ab0501f6bd5108dbdbab6eb4
    • Md5: 1258a816dcd08b85895aecf7140ed2da
      Sha256: 38929e3bf6c539a0c27e6fa10d63168bbbbe551c5b396fb06bc7a4513336f6e3

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry