| Visit ThreatExpert web site | | | Close Report |
[PCTools] [Symantec] [Kaspersky Lab] [McAfee] [Ikarus]| What's been found | Severity Level |
| Capability to send out email message(s) with the built-in SMTP client engine. |  |
| Creates a startup registry entry. |  |
| Registers a 32-bit in-process server DLL. | |
| Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module). | |
| Contains characteristics of an identified security risk. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | Possible Security Risk |
| Threat Category | Description |
 |
A spyware program that represents security risk for a local system |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %DesktopDir%\PAL - CSS.lnk | 750 bytes | MD5: 0x1B1DD99CEC075D4AD2299C4A12C93964 SHA-1: 0x132FAB0A5B7B7B8FE558DCFE4A15366163724AC9 |
(not available) |
| 2 |
%System%\PAL\CSS\atl71.dll
|
89,088 bytes | MD5: 0x8F2097E8B174F38178570C611464935F SHA-1: 0x86476819229F4BF00F32E5F0969E19C5B61D1B2A |
(not available) |
| 3 |
%System%\PAL\CSS\cpu.exe
|
45,056 bytes | MD5: 0xA7918DAD4F42B9C6A573006449AD0914 SHA-1: 0x9FAE677650261230566C6D34F63A4FCC0E58B23F |
Keylog-PAL [McAfee] Virus.Win32.Rootkit [Ikarus] |
| 4 | %System%\PAL\CSS\CSS - Shareware License.txt | 4,523 bytes | MD5: 0x982A6FAEB5C9EC273BDE5E85D918171D SHA-1: 0xDDFE20584900EF2DC16958D78B1B806977A3A73C |
(not available) |
| 5 |
%System%\PAL\CSS\explorer.exe
|
22,016 bytes | MD5: 0xABAE7E3B0A82C891C6646FF382D67AD5 SHA-1: 0x9AE45A8B46B3ACA54111AA7C2C5E8A6448274903 |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]not-a-virus:Monitor.Win32.KeyLog.32 [Kaspersky Lab]Generic PUP.a [McAfee]MonitoringTool:Win32/Csysserv [Microsoft]not-a-virus:Monitor.Win32.KeyLog [Ikarus] |
| 6 |
%System%\PAL\CSS\IEGuard.dll
|
360,448 bytes | MD5: 0x6E18C5CC38A3266277EA411EACC2DE7D SHA-1: 0xCD170FDBF431A36539B58593E8FC8504ED66136C |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]Mal/Generic-A [Sophos]MonitoringTool:Win32/Csysserv [Microsoft]MonitoringTool.Win32.Csysserv [Ikarus] |
| 7 |
%System%\PAL\CSS\ijl15.dll
|
352,256 bytes | MD5: 0x4FC074C3C6CF290BB2C11E5C31C97B27 SHA-1: 0x95A0EA2ECB46FF8424D76D2F3BB9878794F57AE9 |
(not available) |
| 8 |
%System%\PAL\CSS\klpf.exe
|
815,104 bytes | MD5: 0x788BF3443BADE8B86C390F90690783A8 SHA-1: 0x3D572D750605DBD663EFC069AB31347FCE8DB85D |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]MonitoringTool:Win32/Csysserv [Microsoft]Trojan.SuspectCRC [Ikarus] |
| 9 | %System%\PAL\CSS\log\default\2010_12_01_14_26_50_.txt | 943 bytes | MD5: 0xD3770EDF6C70FFFE8B02F095A2BF911C SHA-1: 0xE2E20374209DDCA80765B4A336FB75B0604A8284 |
(not available) |
| 10 | %System%\PAL\CSS\log\%UserName%\2010_12_01_14_26_51_.txt | 815 bytes | MD5: 0x668AA56ABBDD9B9E8C49053602C4BA41 SHA-1: 0x438C2F407A8FB983C054D869BBD16985541F14D8 |
(not available) |
| 11 |
%System%\PAL\CSS\MFC71.dll
|
1,060,864 bytes | MD5: 0xF35A584E947A5B401FEB0FE01DB4A0D7 SHA-1: 0x664DC99E78261A43D876311931694B6EF87CC8B9 |
(not available) |
| 12 |
%System%\PAL\CSS\MkShort.exe
|
12,800 bytes | MD5: 0xA046595A914725C135D85E3CF68B0CC5 SHA-1: 0x1CF137A60FE2AD401417455CE0563A6FACD8ED64 |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]MonitoringTool:Win32/Csysserv [Microsoft]MonitoringTool [Ikarus] |
| 13 |
%System%\PAL\CSS\msvcp71.dll
|
499,712 bytes | MD5: 0x561FA2ABB31DFA8FAB762145F81667C2 SHA-1: 0xC8CCB04EEDAC821A13FAE314A2435192860C72B8 |
(not available) |
| 14 |
%System%\PAL\CSS\msvcr71.dll
|
348,160 bytes | MD5: 0x86F1895AE8C5E8B17D99ECE768A70732 SHA-1: 0xD5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
(not available) |
| 15 | %System%\PAL\CSS\readme!!!.txt | 164 bytes | MD5: 0x6CBBC1FE17647379D4F647EC69B95BC4 SHA-1: 0xB5AA51DFD1D583DD08BF44EBB46ECAD0290FA7EE |
(not available) |
| 16 |
%System%\PAL\CSS\regsvr32.exe
|
10,000 bytes | MD5: 0x86E56792D01380EC4880EC22E4A1BCE6 SHA-1: 0xE4DEFB01B5419C750FEE7095A3A54157561346BB |
(not available) |
| 17 |
%System%\PAL\CSS\run32dll.exe
|
102,400 bytes | MD5: 0x6B90C4FA8ACF03F35642E9ECB5393F4E SHA-1: 0x2C6CECBB295425D8009D53916E5CDF2BDF9EA288 |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]not-a-virus:Monitor.Win32.KeyLog.k [Kaspersky Lab]Generic PWS.y [McAfee]Mal/Generic-A [Sophos]MonitoringTool:Win32/Csysserv [Microsoft]not-a-virus:Monitor.Win32.KeyLog [Ikarus] |
| 18 |
%System%\PAL\CSS\svchost.exe
|
90,112 bytes | MD5: 0x18C63F5100E0CECE87F820A941C47904 SHA-1: 0x9A6FFEAE8C953D26112E5CB45CE7D78705CBDEAB |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]not-a-virus:Monitor.Win32.KeyLog.b [Kaspersky Lab]Generic PUP.a [McAfee]MonitoringTool:Win32/Csysserv [Microsoft]not-a-virus:Monitor.Win32.KeyLog [Ikarus] |
| 19 |
%System%\PAL\CSS\TheHook.dll
|
28,672 bytes | MD5: 0x98482CB82C0D207B3D8E83CAEF3255E6 SHA-1: 0x645347A2B20C41642F254924D17E1B49821CC5E1 |
Spyware.ComSurveilSys!rem [PCTools] Spyware.ComSurveilSys [Symantec]not-a-virus:Monitor.Win32.KeyLog.32 [Kaspersky Lab]Generic PUP.e [McAfee]MonitoringTool:Win32/Csysserv [Microsoft]not-a-virus:Monitor.Win32.KeyLog [Ikarus] |
| 20 |
%System%\PAL\CSS\TheHookXP.dll
|
9,216 bytes | MD5: 0x61CF82E79C44EBC67978924848F145C7 SHA-1: 0x0FC2B674DC2ED0E79CECB9FB7E3E55EA9BC9154A |
Application.Pal_Computer_Surveillance_System_3.2 [PCTools] Spyware.ComSurveilSys [Symantec]not-a-virus:Monitor.Win32.KeyLog.32 [Kaspersky Lab]Generic KeyLog.b [McAfee] MonitoringTool:Win32/Csysserv [Microsoft]not-a-virus:Monitor.Win32.KeyLog [Ikarus] |
| 21 |
%System%\PAL\CSS\Uninstall.exe
|
48,939 bytes | MD5: 0x377EA8EE867427F6E27F876140994CFF SHA-1: 0x743D1A212078CED16E20C50E943E7A5D93D0FF08 |
(not available) |
| 22 |
%System%\PAL\CSS\UNZIP.EXE
|
159,744 bytes | MD5: 0xF35B2E2D664167D88280281972D40EE4 SHA-1: 0x3F6B987A8C754442C0A9656B0976FE980F6D07B5 |
(not available) |
| 23 |
%System%\PAL\CSS\ZIP.EXE
|
126,976 bytes | MD5: 0xE3A4B873FDCCC484A4F2C4172949E38B SHA-1: 0x1916DFF9E6CA10F255A1AB9E1FD601CBFB695B12 |
(not available) |
| 24 | %System%\PAL\CSS\zip_copyright.txt | 2,460 bytes | MD5: 0xD90138172BC3AE710EA30900FFB3E523 SHA-1: 0xE4B4881C8674C7B333E69D19674BAAFB02BFA59B |
(not available) |
| 25 | [file and pathname of the sample #1] | 1,661,631 bytes | MD5: 0xDAC3B051DA602782D0775DD15C28A900 SHA-1: 0x1FBBA9B2D8C40F1CE3777EF229AADC9845B26211 |
Application.Pal_Computer_Surveillance_System_3.2 [PCTools] Spyware.ComSurveilSys [Symantec]not-a-virus:Monitor.Win32.KeyLog.32, not-a-virus:Monitor.Win32.KeyLog.k, not-a-virus:Monitor.Win32.KeyLog.b [Kaspersky Lab] Generic PWS.y [McAfee]not-a-virus:Monitor.Win32.KeyLog [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 3,825,664 bytes |
| Service Name | Display Name | Status | Service Filename |
| Windows LAN Service Manager | Windows LAN Service Manager | "Running" | %System%\PAL\CSS\svchost.exe |
 | Registry Modifications |
 | Other details |
 |
Ukraine |
 |
Russian Federation |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.