All In One Keylogger

Category:	Adware and PUAs	Protection available since:	20 Dec 2011 17:07:52 (GMT)
Type:	Unspecified PUA	Last Updated:	19 Jan 2013 22:57:10 (GMT)

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of All In One Keylogger include:

Example 1

File Information

Size: 156K
SHA-1: 114f181e836c70a0e382d0f3c70b65c6d0337978
MD5: 3827034187f35374d28ea1d3486bce4b
CRC-32: a4a19141
File type: Windows executable
First seen: 2011-12-20

Example 2

File Information

Size: 4.4M
SHA-1: bf06d91c81fddc0e796ea038f55567e452181bf9
MD5: 6f34ae294d8c9e8827e00e65af2b655d
CRC-32: 5e36f5e9
File type: Windows executable
First seen: 2011-12-20

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\is-RE9JH.tmp\_isetup\_shfoldr.dll
c:\Documents and Settings\test user\Local Settings\Temp\is-G53OH.tmp\sample.tmp
c:\Documents and Settings\test user\Local Settings\Temp\is-RE9JH.tmp\_isetup\_RegDLL.tmp
c:\Documents and Settings\test user\Local Settings\Temp\is-RE9JH.tmp\_isetup\_iscrypt.dll

Processes Created

c:\docume~1\support\locals~1\temp\is-g53oh.tmp\sample.tmp

Example 3

File Information

Size: 2.3M
SHA-1: 002c12ab0b9d7d68887ef6e341aa1034d9893ec4
MD5: a04a672326370d0e52a5c45dd8caa265
CRC-32: 9f964429
File type: Windows executable
First seen: 2012-12-07

Runtime Analysis

Registry Keys Created

HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}\InprocServer32\2.0.0.0
Class
System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens
HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}\ProgId
(Default)
System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens
HKLM\SOFTWARE\Licenses
{0AB249BA633C01DE5}
V>□□□□□□□p□□□□□0□□□□□@□□□+□ f□□□□□□□□□□□□□□□□ =□□□□□=□`□□□`□P□□@B□ □□@`□P□□□V□P□□□□□ .□□b□□5□□□□P□□ y□p□□0-□0□□□□□□]□□□□□□□□□□□□□□□□□y□p=□□□□□]□□□□ □□□□□□□□p□□□□□□b□□V□□*□pX□□□□□□□`□□ □□`□□@□□□□□□□□□F□
HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}\InprocServer32
(Default)
mscoree.dll
HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
(Default)
HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}\InprocServer32\1.0.5000.0
RuntimeVersion
v1.1.4322
HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}\InprocServer32\4.0.0.0
Class
System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens
HKCR\CLSID\{C10A8A4D-E8D3-342C-99F9-9F564AE52EDA}
(Default)
System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

All In One Keylogger

Example 1

File Information

Example 2

File Information

Runtime Analysis

Dropped Files

Processes Created

Example 3

File Information

Runtime Analysis

Registry Keys Created

Free Mac Anti-Virus

Popular topics