ThreatExpert Report

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 19 August 2012, 04:18:07
Processing time: 8 min 39 sec
Submitted sample:

File MD5: 0xDF3E3E50189B6227277E6248F55A3DA0
File SHA-1: 0x961F5BFDCE4E112A8C9F63FF7D116C9AC7938FF0
Filesize: 2,010,488 bytes

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonPrograms%\Installation.net Software\AntiKeylogger\AntiKeylogger Help.lnk	933 bytes	MD5: 0x5CA7F1EAEFE30E2AE47EB9635140613F SHA-1: 0xA0D1E4B3261A9555CA88EA45A9187A91D3F9D3A3
2	%CommonPrograms%\Installation.net Software\AntiKeylogger\AntiKeylogger.lnk	982 bytes	MD5: 0x4966E2810393C04CE1C45C71A1AB77B1 SHA-1: 0xF1C9642463F5930417564FD49263A4AC3296A33A
3	%CommonPrograms%\Installation.net Software\AntiKeylogger\Startup Config.lnk	992 bytes	MD5: 0xF88C65A021C3594EDACB676B9354E35A SHA-1: 0xC8EF982F3964F5D73FDDED8DA469CBABEFCEC2DF
4	%CommonPrograms%\Installation.net Software\AntiKeylogger\Uninstall.lnk	957 bytes	MD5: 0x3D6D566F1ABC83D337843CA5EFC5A0C4 SHA-1: 0xF7C997F3AD93C46C98839D8AE92E4DC50D0004E3
5	%DesktopDir%\AntiKeylogger.lnk %StartMenu%\AntiKeylogger.lnk	860 bytes	MD5: 0x1ADD28D423DFF28E08CB16CA53518343 SHA-1: 0xE2B4641EBA979B4B979CF1027CF59C83890E9FF5
6	%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiHook.dll	170,056 bytes	MD5: 0x795E349DFE880859FEA11AB45C308944 SHA-1: 0x54DD2BCB695125AFAB0E7DA0902FF1FED0491889
7	%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiKeylogger.exe	1,204,816 bytes	MD5: 0xDF525A1190DCE99F07A174C4E2876FA1 SHA-1: 0xD70332DFB15C826F33143B28AAA3D59F8D3FD199
8	%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiKeyloggerService.exe	508,000 bytes	MD5: 0x2C35ADC6545304677E2DDF15EE028354 SHA-1: 0xF8C70DD2DD4F95B5975AAE2EF737FEDA01F19FAE
9	%ProgramFiles%\Installation.net Software\AntiKeylogger\CheckProcess.exe	723,536 bytes	MD5: 0x5892E6532648ED8B95695416D06FE6A5 SHA-1: 0x161444D708211BE975A6B210C55355812E874CC3
10	%ProgramFiles%\Installation.net Software\AntiKeylogger\data.xml	5,440 bytes	MD5: 0xB61D66FC8B4FC617986B51556D2DA97E SHA-1: 0x9D9557E7D6934CA9B9FD102D272915E76523210B
11	%ProgramFiles%\Installation.net Software\AntiKeylogger\getProcesses.dll	94,800 bytes	MD5: 0xCACFCAE6886AEC9187DF73B4A22AEBB3 SHA-1: 0xD98B2C826B0FA5D3F3FD8FE28B4B11102942DEF0
12	%ProgramFiles%\Installation.net Software\AntiKeylogger\help.chm	19,415 bytes	MD5: 0x7171F2D4A9CE3DF77F34F30630EC7AEA SHA-1: 0x75C700F8A12DAA6C3F7EC889D333A7A4890EA80F
13	%ProgramFiles%\Installation.net Software\AntiKeylogger\md5.dll	93,248 bytes	MD5: 0x52CDF44A263CCE5BD23591E412E877E5 SHA-1: 0x1129AC5C5AC2BF7B8D1EABD9E30D0854F9EBB601
14	%ProgramFiles%\Installation.net Software\AntiKeylogger\SendMessages.exe	43,600 bytes	MD5: 0xC918BD69A522BB52360878154EF92605 SHA-1: 0x9863A9B0E31AFEBCFDC39F13896B626122A3631E
15	%ProgramFiles%\Installation.net Software\AntiKeylogger\StartupConfig.exe	844,376 bytes	MD5: 0x77AEDA8947147072B22094F186CF41A9 SHA-1: 0x09795E62C41AEA0F6D39557FCD557867EE3FC5D1
16	%ProgramFiles%\Installation.net Software\AntiKeylogger\unins000.dat	5,044 bytes	MD5: 0x4FB3DD1F42CAED300659B4B2AA5E35B8 SHA-1: 0x08FC5DF0588F53976E41939A9669B56FA1FAC416
17	%ProgramFiles%\Installation.net Software\AntiKeylogger\unins000.exe	781,146 bytes	MD5: 0x7D6573AE03BDE53E40FF1265D35AAAB8 SHA-1: 0xE574317253E5F2D401CBFF1B306679E6F3F73795
18	[file and pathname of the sample #1]	2,010,488 bytes	MD5: 0xDF3E3E50189B6227277E6248F55A3DA0 SHA-1: 0x961F5BFDCE4E112A8C9F63FF7D116C9AC7938FF0

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%StartMenu% is a variable that refers to the file system directory containing Start menu items. A typical path is C:\Documents and Settings\[UserName]\Start Menu.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%CommonPrograms%\Installation.net Software
%CommonPrograms%\Installation.net Software\AntiKeylogger
%ProgramFiles%\Installation.net Software
%ProgramFiles%\Installation.net Software\AntiKeylogger
%ProgramFiles%\Installation.net Software\AntiKeylogger\backup
%ProgramFiles%\Installation.net Software\AntiKeylogger\skins

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
CheckProcess.exe	%ProgramFiles%\Installation.net Software\AntiKeylogger\CheckProcess.exe	782,336 bytes
sendmessages.exe	%ProgramFiles%\installation.net software\antikeylogger\sendmessages.exe	69,632 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	167,936 bytes
[filename of the sample #1 without extension].tmp	%Temp%\is-KKEPV.tmp\[filename of the sample #1 without extension].tmp	831,488 bytes
AntiKeyloggerService.exe	%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiKeyloggerService.exe	557,056 bytes
antikeylogger.exe	%ProgramFiles%\installation.net software\antikeylogger\antikeylogger.exe	1,273,856 bytes

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

There was a new service created in the system:

Service Name	Display Name	Status	Service Filename
AntiKeylogger	Anti Keylogger	"Running"	%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiKeyloggerService.exe

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F9796EC3-D5B9-47E8-BA62-5ED6269433C0}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\CompleteAntiKeyLogger
HKEY_LOCAL_MACHINE\SOFTWARE\CompleteAntiKeyLogger\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\CompleteAntiKeyLogger\SpyPro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIKEYLOGGER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIKEYLOGGER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIKEYLOGGER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiKeylogger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiKeylogger\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiKeylogger\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIKEYLOGGER
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIKEYLOGGER\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIKEYLOGGER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiKeylogger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiKeylogger\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiKeylogger\Enum
HKEY_CURRENT_USER\CLSID
HKEY_CURRENT_USER\CLSID\{F9796EC3-D5B9-47E8-BA62-5ED6269433C0}
HKEY_CURRENT_USER\CLSID\{F9796EC3-D5B9-47E8-BA62-5ED6269433C0}\Info

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F9796EC3-D5B9-47E8-BA62-5ED6269433C0}_is1]

Inno Setup: Setup Version = "5.2.3"
Inno Setup: App Path = "%ProgramFiles%\Installation.net Software\AntiKeylogger"
InstallLocation = "%ProgramFiles%\Installation.net Software\AntiKeylogger\"
Inno Setup: Icon Group = "Installation.net Software\AntiKeylogger"
Inno Setup: User = "%UserName%"
Inno Setup: Selected Tasks = "quicklaunchicon,desktopicon,startmenuicon"
Inno Setup: Deselected Tasks = "startupicon"
DisplayName = "AntiKeylogger 1.0"
UninstallString = ""%ProgramFiles%\Installation.net Software\AntiKeylogger\unins000.exe""
QuietUninstallString = ""%ProgramFiles%\Installation.net Software\AntiKeylogger\unins000.exe" /SILENT"
URLInfoAbout = "http://www.installation.net/"
HelpLink = "http://www.installation.net/"
URLUpdateInfo = "http://www.installation.net/"
NoModify = 0x00000001
NoRepair = 0x00000001
InstallDate = "20120819"

[HKEY_LOCAL_MACHINE\SOFTWARE\CompleteAntiKeyLogger\SpyPro]

%System%\msvcrt42.dll = "A:HH:2012/08/19-04.18.45:ENABLE"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIKEYLOGGER\0000\Control]

*NewlyCreated* = 0x00000000
ActiveService = "AntiKeylogger"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIKEYLOGGER\0000]

Service = "AntiKeylogger"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Anti Keylogger"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIKEYLOGGER]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiKeylogger\Enum]

0 = "Root\LEGACY_ANTIKEYLOGGER\0000"
Count = 0x00000001
NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiKeylogger\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiKeylogger]

Type = 0x00000010
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiKeyloggerService.exe"
DisplayName = "Anti Keylogger"
ObjectName = "LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIKEYLOGGER\0000\Control]

*NewlyCreated* = 0x00000000
ActiveService = "AntiKeylogger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIKEYLOGGER\0000]

Service = "AntiKeylogger"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Anti Keylogger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIKEYLOGGER]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiKeylogger\Enum]

0 = "Root\LEGACY_ANTIKEYLOGGER\0000"
Count = 0x00000001
NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiKeylogger\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiKeylogger]

Type = 0x00000010
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "%ProgramFiles%\Installation.net Software\AntiKeylogger\AntiKeyloggerService.exe"
DisplayName = "Anti Keylogger"
ObjectName = "LocalSystem"

[HKEY_CURRENT_USER\CLSID\{F9796EC3-D5B9-47E8-BA62-5ED6269433C0}\Info]

Data = 00 05 00 00 00 BC FA 12 00 51 05 91 7C A4 FB 12 00 18 EE 90 7C 70 05 91 7C FF FF FF FF 6D 05 91 7C 62 19 91 7C 93 19 91 7C 80 C0 97 7C 70 19 91 7C 78 60 19 00 38 00 00 00 C4 3D 15 00 00 F0 FD 7F 8C FB 12 00 DF A5 46 00 E8 FB 12 00 18 EE 90 7C 78 19 9

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.