Submission Summary:

What's been foundSeverity Level
Contains characteristics of an identified security risk.


Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.


Possible Security Risk

Security RiskDescription
Spyware.EliteKeylogger!sd5 Spyware.EliteKeylogger!sd5 is a spyware program that monitors internet activity and users browsing habits.
Application.Elite_Keylogger Elite Keylogger is a monitoring software from 'Widestep Keyloggers Software'. It runs in stealth mode and captures all keystrokes (i.e. everything that is typed), including information about all applications used, all conversations, emails, websites visited, clipboard data etc. It can take snapshots of the system at regular time intervals. It has the ability to save the log files in encrypted format and send them to the email address specified by the person who installed it. Removal of this software is advisable if not installed for a purpose.

Threat CategoryDescription
A spyware program that represents security risk for a local system


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %System%\gdisvr.exe 2,224,128 bytes MD5: 0x1CCBCF8EE2EBFF7A0BC2B0B703D8731A
SHA-1: 0x4B05567225CBB85310D30379CE3167AF88713AB2
Spyware.EliteKeylogger!sd5 [PCTools]
Spyware.EliteKeylogger [Symantec]
Trojan-Dropper.Win32.VB.ts [Ikarus]
packed with Armadillo [Kaspersky Lab]
2 %System%\hgfsnt.sys 16,896 bytes MD5: 0x95FED28113B2B8BD0E915D7E820F23DE
SHA-1: 0xED78B1B40FC32555BBA8EF53B200CB1F566FD772
Spyware.EliteKeylogger!sd5 [PCTools]
Spyware.EliteKeylogger [Symantec]
not-a-virus:Monitor.Win32.EliteKeylogger.30 [Kaspersky Lab]
Keylog-Elt [McAfee]
not-a-virus:Monitor.Win32.EliteKeylogger.30 [Ikarus]
3 %System%\kbdn32.dll 118,784 bytes MD5: 0xB5EA5AA8945CEDD1C7517EB3079EE82E
SHA-1: 0x18EC901025DCDADA6AA300061E073B127589529A
Spyware.EliteKeylogger!sd5 [PCTools]
Spyware.EliteKeylogger [Symantec]
not-a-virus:Monitor.Win32.EliteKeylogger.a [Kaspersky Lab]
Virus.Win32.Agent.TBL [Ikarus]
4 %System%\netbex.sys 20,480 bytes MD5: 0xE29ED26DD319B791D327930B9E10F675
SHA-1: 0x5D64D3F21C5AF132353777090120C81110576CC2
Spyware.EliteKeylogger!sd5 [PCTools]
Spyware.EliteKeylogger [Symantec]
5 %System%\nikedr2k.sys 462,080 bytes MD5: 0xEB4966F42C15186828E12951C6231125
SHA-1: 0xD8E2E5899D125A6D93799473885EFA5B1D487E30
Spyware.EliteKeylogger!sd5 [PCTools]
Spyware.EliteKeylogger [Symantec]
not-a-virus:Monitor.Win32.EliteKeylogger.21 [Kaspersky Lab]
not-a-virus:Monitor.Win32.EliteKeylogger.21 [Ikarus]
6 [file and pathname of the sample #1] 3,866,347 bytes MD5: 0xC05D7BE80FAC4166BCBB7D3D7729D425
SHA-1: 0x6AB4CD74AFACBBBA764AC5EE1948972F96AB416A
Application.Elite_Keylogger [PCTools]
Spyware.EliteKeylogger [Symantec]
not-a-virus:Monitor.Win32.EliteKeylogger.a, not-a-virus:Monitor.Win32.EliteKeylogger.21, not-a-virus:Monitor.Win32.EliteKeylogger.30 [Kaspersky Lab]
Virus.Win32.Spyware [Ikarus]


Memory Modifications

Process NameProcess FilenameMain Module Size
gdisvr.exe%System%\gdisvr.exe6,385,664 bytes
[filename of the sample #1][file and pathname of the sample #1]3,895,296 bytes


Registry Modifications


Other details



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.