Threat Database Keyloggers Keylogger.Ardamax

Keylogger.Ardamax

By CagedTech in Keyloggers

Threat Scorecard

Ranking: 9,830
Threat Level: 80 % (High)
Infected Computers: 10,293
First Seen: July 24, 2009
Last Seen: May 19, 2025
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet W32/Gbot.YRA!tr.bdr
AntiVir SPR/Tool.Ardamax.556
Kaspersky Backdoor.Win32.Gbot.yra
McAfee Artemis!647F311B4718
AVG Ardamax.BUD
BitDefender MemScan:Trojan.Generic.8306227
Avast Win32:Ardamax-PU [PUP]
McAfee Artemis!3DEBCBACE7A0
AVG Ardamax.BWQ
DrWeb Trojan.KeyLogger.18881
McAfee Artemis!D7BB86DA5866
DrWeb Trojan.KeyLogger.19070
DrWeb Trojan.KeyLogger.16596
Avast Win32:Ardamax-QG [PUP]
AntiVir SPR/Tool.Monitor.Gen

File System Details

Keylogger.Ardamax may create the following file(s):
# File Name MD5 Detections
1. CSJ.exe 29a6ac921bfd693769a7f7e255dc2e77 37
2. DFC.exe b37aad7a36fbbb2d2054e082d590a76c 11
3. AKV.exe b8fa30233794772b8b76b4b1d91c7321 8
4. LYA.exe 3cd29c0df98a7aeb69a9692843ca3edb 7
5. ETK.exe 56dce36cac37d632bf722e9804e4965e 4
6. BCR.exe b910f5d24e399a13f6aae20535ac05b4 4
7. setup_akl64 (password=ardamax).exe e3d267c02ec24bd475e394551cca6ad0 4
8. MAI.exe e40fa583acd317b71575596bd8bc10b8 3
9. MSQ.exe f22340c8c0caad1136de9bec84c82281 3
10. ELU.exe 785197d7f66a482b64c5ae297016d24e 3
11. POL.exe 8459b0ba642d016c60571a3ad31e6ec8 3
12. setup_akl (password=ardamax).exe 725f36560115d2a096df3e499d6ba449 3
13. cssrs.exe f1f1381529361201f120057295f3703d 2
14. TND.exe a6c12264242dba831b32523a07688d4a 2
15. QHI.exe d5918580ed2951ab6b1a5a94719757ff 2
16. FYB.exe 14f067c0291ce6a4a4c4735ba7f4712d 2
17. WDI.exe ed53cef3e425639f180392ccf031f9ce 2
18. NGK.exe 0aaffc12ef1b416b9276bdc3fdec9dff 2
19. HWF.exe 647f311b471810298c1d0b3b43966d8c 2
20. UIB.exe 47d45da7bc718cef809ecec470987248 1
21. YHF.exe ff5d248fc602b8d6fb11a7aa8cf27391 1
22. YEY.exe 53522c8c3b01191caae1e1e2692c42de 1
23. YHH.exe 7f9e58f1df8721ed17066d08a769c73a 1
24. JTF.exe ce6e2998fc31ef25e3771cd7be4f4e75 1
25. VXJQ.exe 346114aaad81ab66017869909fe59a6d 0
26. svchost.exe 9b1569de016fbd9ae313976cf81f6839 0
More files

Registry Details

Keylogger.Ardamax may create the following registry entry or registry entries:
File name without path
setup (password=ardamax).exe
Regexp file mask
%APPDATA%\support\svchost.exe

Directories

Keylogger.Ardamax may create the following directory or directories:

%ALLUSERSPROFILE%\auk
%ALLUSERSPROFILE%\cve
%WINDIR%\Syswow64\sys32
%WINDIR%\system32\sys32

Related Posts

Trending

Most Viewed

Loading...