Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a Winlogon notification package so that the installed module is loaded into the address space of winlogon.exe.
Registers a 32-bit in-process server DLL.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

Memory Modifications

Process NameProcess FilenameMain Module Size
DriverInstaller.exe%ProgramFiles%\KeyScrambler\DriverInstaller.exe147,456 bytes
[generic host process][generic host process filename]20,480 bytes
ns25.tmp%Temp%\nsy1B.tmp\ns25.tmp20,480 bytes
ns28.tmp%Temp%\nsy1B.tmp\ns28.tmp20,480 bytes
ns2F.tmp%Temp%\nsy1B.tmp\ns2F.tmp20,480 bytes
ns32.tmp%Temp%\nsy1B.tmp\ns32.tmp20,480 bytes
KeyScrambler.exe%ProgramFiles%\KeyScrambler\KeyScrambler.exe520,192 bytes
nsA.tmp%Temp%\nsd3.tmp\nsA.tmp20,480 bytes
KeyScramblerPremium_Setup.exe%Temp%\KeyScrambler-Mohamed-ASRAR\KeyScramblerPremium_Setup.exe274,432 bytes
ns10.tmp%Temp%\nsd3.tmp\ns10.tmp20,480 bytes
ns13.tmp%Temp%\nsd3.tmp\ns13.tmp20,480 bytes
ns4.tmp%Temp%\nsd3.tmp\ns4.tmp20,480 bytes
nsD.tmp%Temp%\nsd3.tmp\nsD.tmp20,480 bytes
ns7.tmp%Temp%\nsd3.tmp\ns7.tmp20,480 bytes
keyscramblerlogon.exe%ProgramFiles%\keyscrambler\keyscramblerlogon.exe520,192 bytes
ns1E.tmp%Temp%\nsy1B.tmp\ns1E.tmp20,480 bytes
ns22.tmp%Temp%\nsy1B.tmp\ns22.tmp20,480 bytes
ns2B.tmp%Temp%\nsy1B.tmp\ns2B.tmp20,480 bytes

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
www.qfxsoftware.com80www.qfxsoftware.comwww.qfxsoftware.com
download.qfxsoftware.com80download.qfxsoftware.comdownload.qfxsoftware.com

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.