Troj/Keylog-OO

Category: Viruses and Spyware Protection available since:19 Jan 2013 04:34:59 (GMT)
Type: Trojan Last Updated:19 Jan 2013 04:34:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Keylog-OO include:

Example 1

File Information

Size
24K
SHA-1
189db621164eaa4079da7352a692b875af23d036
MD5
2a5f3377da242d230df2a75c7d4b3a1e
CRC-32
3ce4a402
File type
Windows executable
First seen
2013-01-19

Example 2

File Information

Size
1.5M
SHA-1
9a7ec3c084513ff783aec5bfe978f8c52daf4430
MD5
d1a4b371f7ffc14171ee0c8251ce2a7e
CRC-32
7f30267f
File type
Windows executable
First seen
2013-01-18

Runtime Analysis

Dropped Files
  • C:\Program Files\Khfmv\Psplhau.dat
    Size
    57
    SHA-1
    a0fce339a52db49870842420f7aae931747a4551
    MD5
    2416c87b9301e3d8142c9ef1d3e3a311
    CRC-32
    0ab92218
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-19
  • C:\Program Files\Khfmv\Psplhau.exe
    Size
    1.4M
    SHA-1
    c5a09c127703804c8e64adda954c668298927e6d
    MD5
    2098c895549c7f49009612fe876e8088
    CRC-32
    6f940641
    File type
    Windows executable
    First seen
    2013-01-19
  • C:\Program Files\Khfmv\ac.dll
    Size
    24K
    SHA-1
    189db621164eaa4079da7352a692b875af23d036
    MD5
    2a5f3377da242d230df2a75c7d4b3a1e
    CRC-32
    3ce4a402
    File type
    Windows executable
    First seen
    2013-01-19
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Giygsu
    "C:\Program Files\Khfmv\Psplhau.exe"
Processes Created
  • c:\program files\khfmv\psplhau.exe
DNS Requests
  • smtp.gmail.com

Example 3

File Information

Size
1.4M
SHA-1
c5a09c127703804c8e64adda954c668298927e6d
MD5
2098c895549c7f49009612fe876e8088
CRC-32
6f940641
File type
Windows executable
First seen
2013-01-19

download Try Sophos products for free
Download now