Submission Summary:

What's been foundSeverity Level
Creates a startup registry entry.
Contains characteristics of an identified security risk.


Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.


Possible Security Risk

Threat CategoryDescription
A spyware program that represents security risk for a local system


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\ukl\encryptedlogs\%UserName%\log.ukl 879 bytes MD5: 0x954B56332E10C7D0893955E0F8709E59
SHA-1: 0x733AB7C62625751482B421B59AF5D805BDFDF138
(not available)
2 %CommonAppData%\ukl\ukl.cfg 912 bytes MD5: 0x36EF9EABEB27EB07C144656E06C3A65D
SHA-1: 0xB1E3A29667CE9E9CD813A289E86D210A8840FCE6
(not available)
3 %CommonAppData%\uklpr\appface.dll 725,696 bytes MD5: 0xA7C56B14973AFA5114169DC233499C88
SHA-1: 0xD004F08CBAFBB08F376A12C554BD9B9623B07B8F
(not available)
4 %CommonAppData%\uklpr\KLKlMon.dll 915,968 bytes MD5: 0xDE21EC32871B106F297A35D6874079EF
SHA-1: 0xF69709AD72B9876105D5B33E649DA466269EFDEB
Keylog-Ultimate.dll [McAfee]
packed with ASProtect [Kaspersky Lab]
5 %CommonAppData%\uklpr\LICENSE.txt 3,864 bytes MD5: 0x3D9A91EE5200FCB03BBFD199A32B2702
SHA-1: 0x6DF60404E632E519B8BD86D48F3D44C38155EB2E
(not available)
6 %CommonAppData%\uklpr\ui.urf 31,543 bytes MD5: 0xC26986C8D8D4DDA216FA24262D2F8673
SHA-1: 0x7147BAEEA49ABD0F2FEA0B1A235D9971E6D01D42
(not available)
7 %CommonAppData%\uklpr\Ultimate_Keylogger_Website.url 132 bytes MD5: 0x76F1DDEE8AE847B297941A688486EBB0
SHA-1: 0x145413FA01F796275611551D15AB2803FF7D6B88
(not available)
8 %CommonAppData%\uklpr\unukl.exe 107,256 bytes MD5: 0xDF76477A778689EEF83CA89D94732536
SHA-1: 0xC0BE3111C751EED4538D9CEAF883A253892F4AA4
(not available)
9 %CommonAppData%\uklpr\Valla.dll 86,016 bytes MD5: 0x05C789531FAE05E59F985C7AB6C56C3A
SHA-1: 0x6A301D1FC1B77833F712357915184421071AFDD1
(not available)
10 %CommonAppData%\uklpr\wmpusrvc.chm 74,338 bytes MD5: 0x4CD125EAE748861F4CD4F36EE9A67EEA
SHA-1: 0xD961661C33150AE0522EE3FD4D9A2BAAB2BBCC20
(not available)
11 %CommonAppData%\uklpr\wmpusrvc.exe 2,891,776 bytes MD5: 0xB524194A14AAD9184AECC105A00E6C05
SHA-1: 0xC3268105976DBDB82E11BD070B5E1D8A8683B3DF
packed with PE_Patch [Kaspersky Lab]
12 [file and pathname of the sample #1] 3,680,785 bytes MD5: 0xB93D2E2C9CCC44DB06BEA5C8D7EEE71A
SHA-1: 0x3B5670BA26160D94AA866BE6B19C0F33824BAD78
Spyware.UltimateKeylog [Symantec]


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]212,992 bytes


Registry Modifications


Other details

Russian Federation



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.