Multi-License Discount Quote

Change Region

English
Threat Database Keyloggers Invisible Keylogger 97

Invisible Keylogger 97

By CagedTech in Keyloggers

Threat Scorecard

Popularity Rank: 19,378
Threat Level: 80 % (High)
Infected Computers: 14
First Seen: July 24, 2009
Last Seen: December 23, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Invisible Keylogger 97
Packers: $Id: UPX
Signature status: No Signature

Known Samples

MD5: ae93ac3f728c9714e62e179f984eaaf9
SHA1: 1ec99c0f6fbff954280d1c01a0c35cddbbda128a
SHA256: 6333880985A3175DD3376072FDF32BC72CB0CAFFF0269409F193264AE59E39A5
File Size: 92.46 KB, 92464 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • $Id: UPX
  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • packed
  • upx
  • x86

Block Information

Total Blocks: 158
Potentially Malicious Blocks: 0
Whitelisted Blocks: 151
Unknown Blocks: 7

Visual Map

0 0 0 ? ? ? ? ? ? 0 ? 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\downloads\user\delete_backup.bat Generic Write,Read Attributes
c:\windows\ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\tapi32::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetAsyncKeyState
Process Shell Execute
  • ShellExecute

Shell Command Execution

open c:\users\user\downloads\help\index.htm

Trending

Most Viewed

Loading...