| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Threat Category | Description |
 |
A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.) |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\windows\TEMP\00000000.rma | 833 bytes | MD5: 0x62F592E717A15D878D4CCAFD684C8803 SHA-1: 0x1304C92DD421C98A741E87C590430FE5A489C411 |
(not available) |
| 2 |
%Temp%\windows\TEMP\00000000.urm
%Temp%\windows\TEMP\00000001.urm %Temp%\windows\TEMP\00000002.urm %Temp%\windows\TEMP\00000004.urm %Temp%\windows\TEMP\00000006.urm %Temp%\windows\TEMP\00000007.urm %Temp%\windows\TEMP\00000008.urm |
55 bytes | MD5: 0x830A8177111CD99AB3119CB37CE105E7 SHA-1: 0x83877912F2F228D3D205F82AFECEF9DA40805D9B |
(not available) |
| 3 | %Temp%\windows\TEMP\00000001.rma | 825 bytes | MD5: 0x9678A6E33C794BC1CB48C6BA777BCCF8 SHA-1: 0xF282A6D39457608356FB22625AFF1431EC24535D |
(not available) |
| 4 | %Temp%\windows\TEMP\00000002.rma | 829 bytes | MD5: 0xEAFECF8840DE2C9AC0C257CC85FE00C0 SHA-1: 0x6B802F0B4F8A6CBC965FE205B27C7AACF9D66A1A |
(not available) |
| 5 | %Temp%\windows\TEMP\00000003.rma | 891 bytes | MD5: 0xCC7A170FB62617E812DEACF0A67CCF9A SHA-1: 0xA5492A4276CB52EAF6F72DCBD5978AD9C22B6C3B |
(not available) |
| 6 |
%Temp%\windows\TEMP\00000003.urm
%Temp%\windows\TEMP\00000005.urm %Temp%\windows\TEMP\00000009.urm |
31 bytes | MD5: 0x10CD74321295D52C1949A5ABD662DBC3 SHA-1: 0x4AD1F6F112C5F378FAE752DCA722D1EE50D66220 |
(not available) |
| 7 | %Temp%\windows\TEMP\00000004.rma | 1,137 bytes | MD5: 0xA3376B2BE0349F8EBA7E3F5BF5FA930C SHA-1: 0x8CDF1E6D4834DA6D47CE34CB508D2245661258EB |
(not available) |
| 8 | %Temp%\windows\TEMP\00000005.rma | 891 bytes | MD5: 0x05568526FB0EDA5FD1DCC31C858A117A SHA-1: 0x990473F9A544A3CB6B957B03AD9A37FB49D528DD |
(not available) |
| 9 | %Temp%\windows\TEMP\00000006.rma | 825 bytes | MD5: 0x30546900BC282B42949F4040FCC0D91E SHA-1: 0xC12241A7F23F066E63E0B28D26145249FDA1B819 |
(not available) |
| 10 | %Temp%\windows\TEMP\00000007.rma | 1,131 bytes | MD5: 0xE5D1902D9342752384DE1851B4A026E2 SHA-1: 0x60D99956CCF1E880D980FE7CAD07916DF66E8A5A |
(not available) |
| 11 | %Temp%\windows\TEMP\00000008.rma | 833 bytes | MD5: 0xA00A34349166047F6E17389782A0EE8A SHA-1: 0x0B659668C36F18BEBBFA8AFDE08AD0BEFD23A52E |
(not available) |
| 12 | %Temp%\windows\TEMP\00000009.rma | 1,065 bytes | MD5: 0xA4CA530AB426A6439DD041F8EA0170BC SHA-1: 0x7B1ED9631A4978A8BCCA5EF84C8A5ED5587A7CDD |
(not available) |
| 13 | %Temp%\windows\TEMP\00000010.rma | 845 bytes | MD5: 0x75D38141301E2FD4A4728748C1873781 SHA-1: 0x7C7E200303B2BBD1D462E28717670FF5DDE71E41 |
(not available) |
| 14 |
%Temp%\windows\TEMP\00000010.urm
%Temp%\windows\TEMP\00000011.urm %Temp%\windows\TEMP\00000012.urm %Temp%\windows\TEMP\00000017.urm |
55 bytes | MD5: 0x145CED959FF85B0900459B7EC92FF1A8 SHA-1: 0x4CB202D15D1E52D05F28CA8783486E6D22BDC0BE |
(not available) |
| 15 | %Temp%\windows\TEMP\00000011.rma | 837 bytes | MD5: 0x50C215D01846C3EE0CA17AE21207534B SHA-1: 0xDF1B79C8BB982E25EB60D7BB9AA5FD64BB8AEF57 |
(not available) |
| 16 | %Temp%\windows\TEMP\00000012.rma | 841 bytes | MD5: 0x81E2F730D41B966AFB0276F051B696AC SHA-1: 0x58C54892536AE52C9F1EF210BCE8D3ED8E1B5BF9 |
(not available) |
| 17 | %Temp%\windows\TEMP\00000013.rma | 989 bytes | MD5: 0xEC4C34BB771A8B787E8F41739BBC798A SHA-1: 0x0BCF28A305F8BB5B982ED1800A0BD1EE799B5EA8 |
(not available) |
| 18 |
%Temp%\windows\TEMP\00000013.urm
%Temp%\windows\TEMP\00000014.urm %Temp%\windows\TEMP\00000015.urm %Temp%\windows\TEMP\00000016.urm %Temp%\windows\TEMP\00000018.urm %Temp%\windows\TEMP\00000019.urm |
55 bytes | MD5: 0x3A2D5FC374236D408354DCCD2CDE27FC SHA-1: 0xB4D4847DC41C390B94AB23FDFDE79418B83475D6 |
(not available) |
| 19 | %Temp%\windows\TEMP\00000014.rma | 1,235 bytes | MD5: 0x78477A531E6D8F3FDB476D1625876B24 SHA-1: 0x77BC45515FAAE5BBA474E69922226DF815555027 |
(not available) |
| 20 | %Temp%\windows\TEMP\00000015.rma | 989 bytes | MD5: 0x66F75BC9A3A0B739AAB3478DBF58CA18 SHA-1: 0x30A597B1AE472C44F1E3F2F966466271D17162E3 |
(not available) |
| 21 | %Temp%\windows\TEMP\00000016.rma | 837 bytes | MD5: 0xCF6FAB85B949D7EEF47503FA3B006C02 SHA-1: 0x040F490B01B41769CE2B81BC7AE78E480D278F3A |
(not available) |
| 22 | %Temp%\windows\TEMP\00000017.rma | 1,229 bytes | MD5: 0xC2D925459591B3377E7E233738147851 SHA-1: 0x40CF4CCA41BF9C332814471C81DF97A75FA58B6A |
(not available) |
| 23 | %Temp%\windows\TEMP\00000018.rma | 845 bytes | MD5: 0x57E8086FE976980F11CDB901A2459772 SHA-1: 0xB30A261272EF033F4FFE2B17BB31BC3D856CB025 |
(not available) |
| 24 | %Temp%\windows\TEMP\00000019.rma | 1,077 bytes | MD5: 0xF6F92EE09FE8F13E25C678DEF3F23CB3 SHA-1: 0x9584DE805701E133E9509F99608102C72FCBD1E3 |
(not available) |
| 25 | %Temp%\windows\TEMP\506A204D.qsp | 512,000 bytes | MD5: 0xD0F59445943A01DB0A6795B151660D25 SHA-1: 0x4C820BE7D3AE39268C07D0FCF878F7D7A7119A16 |
Infostealer [Symantec] |
| 26 | [file and pathname of the sample #1] | 68,219 bytes | MD5: 0xF2AF78C21588B6EC553B742D3A5ED67B SHA-1: 0xE3D20A75C4285787E5433179755325571A229A92 |
(not available) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.