This Trojan logs the user’s keystrokes. This Trojan is designed to steal a range of confidential information. It harvests information entered via the keyboard and the mouse. It is a Windows PE EXE file. It is 4,096 bytes in size. It is packed using UPX. The unpacked file is approximately 15KB in size.
In order to ensure that the Trojan is launched automatically each time Windows is restarted, the Trojan registers its executable file in the system registry:
The Trojan installs a hook which intercepts keyboard events. This enables the Trojan to track information entered via the keyboard in active windows. The Trojan saves harvested data to a log file. This file is located in the same folder as the Trojan. It will have the same name as the Trojan executable file, and a .DLL extension.
The log file contains the titles of the windows used, together with the sequence of symbols entered via the keyboard.
The log file will be periodically uploaded to an FTP server.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
|Find out the statistics of the threats spreading in your region|