Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Monitoring.ActiveKeyLogger Analysis Report
Threat Submitted On: 6/14/2007 6:35:18 AM
Threat Analysed On: 6/14/2007 11:35:18 AM
Threat Updated On: 1/28/2011 2:12:08 AM
Type : Monitoring
Symptoms of ActiveKeyLogger
  • Capture the activities performed by the user on a system
  • Captured information is sent to the intruder.
  • The intruder can access the compromised machine at real-time.
Information
Alias : Monitor.Win32.ActiveKeyLogger.26
Md5 Hash : [1ee18e3ebda3d752332eefc243b181eb]
File Size : (1329241 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: activity keylogger.lnk
Path : %homepath%\desktop

Md5Hash :3c8dc48eee5a9f317a2d6fa21ff88db8 ( 769 bytes)
File: akl help.chm
Path : %programfiles%\active key logger

Md5Hash :f5b58f244a559b4dbd7572370492b9a7 ( 14520 bytes)
File: license.txt
Path : %programfiles%\active key logger

Md5Hash :48c0e8273e83b044150c078dc584bc8c ( 3500 bytes)
File: sys32win.exe
Path : %programfiles%\active key logger

Md5Hash :3b556a8cdbd600f47eb4a2cedd296d49 ( 1011712 bytes)
File: uninstall.exe
Path : %programfiles%\active key logger

Md5Hash :8d19ae4a562cf24b2541ac860ebf8547 ( 50743 bytes)
File: win32pc.dll
Path : %programfiles%\active key logger

Md5Hash :7f01aa482ab8512577370f6b8399035b ( 24064 bytes)
File: achat.dll
Path : %programfiles%\activity keylogger

Md5Hash :277ebde747350ffd0227c054f3dd2399 ( 358912 bytes)
File: help.chm
Path : %programfiles%\activity keylogger

Md5Hash :1210a67c6a021f7457c8267259d843af ( 37939 bytes)
File: is-1qho8.tmp
Path : %programfiles%\activity keylogger

Md5Hash :10bf0fca27222f5ea0abcd034cbc955f ( bytes)
File: is-4qsh4.tmp
Path : %programfiles%\activity keylogger

Md5Hash :( bytes)
File: is-7r1q2.tmp
Path : %programfiles%\activity keylogger

Md5Hash :1210a67c6a021f7457c8267259d843af ( bytes)
File: is-9mgls.tmp
Path : %programfiles%\activity keylogger

Md5Hash :22ac02a2d9fa6dd49f28395b1c487b48 ( bytes)
File: is-apk38.tmp
Path : %programfiles%\activity keylogger

Md5Hash :( bytes)
File: is-bjaqu.tmp
Path : %programfiles%\activity keylogger

Md5Hash :( bytes)
File: is-cdb2o.tmp
Path : %programfiles%\activity keylogger

Md5Hash :15dd539b58a5a7903ad3a06165baa33e ( bytes)
File: is-eo14v.tmp
Path : %programfiles%\activity keylogger

Md5Hash :f8bdb76918172f8c554a1bd73408ea69 ( bytes)
File: is-km5g5.tmp
Path : %programfiles%\activity keylogger

Md5Hash :4d66cb3cb4ed941c3fa52da6dfb391b6 ( bytes)
File: is-ku75b.tmp
Path : %programfiles%\activity keylogger

Md5Hash :8d0baf04409e7aa26236477715f229b7 ( bytes)
File: is-ujs8h.tmp
Path : %programfiles%\activity keylogger

Md5Hash :( bytes)
File: is-2cd9l.tmp
Path : %programfiles%\activity keylogger\log\icons

Md5Hash :024f29e005ac00f2f040760715adde20 ( bytes)
File: unknownicon.bmp
Path : %programfiles%\activity keylogger\log\icons

Md5Hash :024f29e005ac00f2f040760715adde20 ( 1782 bytes)
File: is-aa6jh.tmp
Path : %programfiles%\activity keylogger\log

Md5Hash :c1573693a918605364d301d0696242b4 ( bytes)
File: null.htm
Path : %programfiles%\activity keylogger\log

Md5Hash :c1573693a918605364d301d0696242b4 ( 866 bytes)
File: unins000.dat
Path : %programfiles%\activity keylogger

Md5Hash :114a7815202d6f38b0bb99dabe6e0173 ( 3701 bytes)
File: white.lis
Path : %programfiles%\activity keylogger

Md5Hash :4d66cb3cb4ed941c3fa52da6dfb391b6 ( 32 bytes)
File: active key logger.lnk
Path : %userprofile%\start menu\programs

Md5Hash :f4821335a982904a67f576a1ff319fdf ( 795 bytes)
File: activity keylogger help.lnk
Path : %userprofile%\start menu\programs\activity keylogger

Md5Hash :1f58b2173d27a3a8e9d829bf3ad6a276 ( 709 bytes)
File: activity keylogger.lnk
Path : %userprofile%\start menu\programs\activity keylogger

Md5Hash :72f194003762964789ff5ed27067daae ( 781 bytes)
File: uninstall activity keylogger.lnk
Path : %userprofile%\start menu\programs\activity keylogger

Md5Hash :02bf9452e2d547e4a1a96e969f861a81 ( 749 bytes)
File: akl help.lnk
Path : %userprofile%\start menu\programs

Md5Hash :9f57ba055ba504c12acfada4f1e77416 ( 795 bytes)
File: uninstall.lnk
Path : %userprofile%\start menu\programs

Md5Hash :4dcd7854d2e14038453b2ee228e96adb ( 577 bytes)
File: aikconf.dat
Path : %windir%

Md5Hash :( bytes)
File: is-le8r7.tmp
Path : %windir%

Md5Hash :277ebde747350ffd0227c054f3dd2399 ( bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1d9fcc9ef4f32d30ec5690b3cfa07561 ( 416770 bytes)
1ee18e3ebda3d752332eefc243b181eb ( 1329241 bytes)
1ee62a78884d4286c4760c92dc9ff610 ( 1187842 bytes)
63593f49c66ae5d1d98708f7133c56a6 ( 663552 bytes)
636d3683ece98d14eb14ba8619bd6fd6 ( 358912 bytes)
719a1dbfcd7d707ab4a00b00cc15da46 ( 641183 bytes)
a7d72e329f022cd01295231e51c2bb7b ( 685702 bytes)
b51e99cf1f8c5b933e641baaa1161649 ( 641181 bytes)
c21ba9c74818af71c2c203cfef52dbca ( 1177602 bytes)
d5f90c08c6e806bba09d23ee50f786a4 ( 545131 bytes)
e8eb02fa2d1dc6dfc54764d2237b8f86 ( 758831 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
activity = "%programfiles%\activity keylogger\akey.exe"
Creates the following child process(s) on execution:

%systemdrive%\docume~1\antisp~1\locals~1\temp\is-j7fcq.tmp\is-ttvd6.tmp /sl4 $1017e %workingdir%\[random name].exe 1105139 51200 /silent /s /s /qn /sp- /passive -s -s

Moves the Following Files to Given Location :-
Moves :%programfiles%\activity keylogger\is-e4ig7.tmp
To : %programfiles%\activity keylogger\unins000.exe
Moves :%windir%\is-le8r7.tmp
To : %windir%\achat.dll
Moves :%windir%\is-gem3g.tmp
To : %windir%\akeysettings.ini
Moves :%programfiles%\activity keylogger\is-apk38.tmp
To : %programfiles%\activity keylogger\achat.dll
Moves :%programfiles%\activity keylogger\is-4qsh4.tmp
To : %programfiles%\activity keylogger\akeysettings.ini
Moves :%programfiles%\activity keylogger\is-cdb2o.tmp
To : %programfiles%\activity keylogger\akey.exe
Moves :%programfiles%\activity keylogger\is-1qho8.tmp
To : %programfiles%\activity keylogger\hide.dll
Moves :%programfiles%\activity keylogger\is-9mgls.tmp
To : %programfiles%\activity keylogger\license.txt
Moves :%programfiles%\activity keylogger\is-ku75b.tmp
To : %programfiles%\activity keylogger\warning.txt
Moves :%programfiles%\activity keylogger\is-bjaqu.tmp
To : %programfiles%\activity keylogger\systemlog.txt
Moves :%programfiles%\activity keylogger\is-km5g5.tmp
To : %programfiles%\activity keylogger\white.lis
Moves :%programfiles%\activity keylogger\is-ujs8h.tmp
To : %programfiles%\activity keylogger\black.lis
Moves :%programfiles%\activity keylogger\log\icons\is-2cd9l.tmp
To : %programfiles%\activity keylogger\log\icons\unknownicon.bmp
Moves :%programfiles%\activity keylogger\log\is-aa6jh.tmp
To : %programfiles%\activity keylogger\log\null.htm
Moves :%programfiles%\activity keylogger\is-7r1q2.tmp
To : %programfiles%\activity keylogger\help.chm
Moves :%programfiles%\activity keylogger\is-eo14v.tmp
To : %programfiles%\activity keylogger\readme.txt

NOTE:

1. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
4. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
5. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.