Keylogger.SpyAgent

By CagedTech in Keyloggers

Threat Scorecard

Popularity Rank:	22,916
Threat Level:	80 % (High)
Infected Computers:	1,030

First Seen:	July 24, 2009
Last Seen:	November 8, 2025
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
TrendMicro	PAK_Generic.001
Symantec	Downloader
Sophos	Mal/Generic-A
Panda	Application/SpyAgent.G
NOD32	Win32/TrojanDownloader.SpyAgent
McAfee-GW-Edition	Heuristic.LooksLike.Win32.Suspicious.B!90
McAfee	potentially unwanted program Spyware-Realtime-Spy
Ikarus	Trojan-Downloader.Win32.SpyAgent.q
Fortinet	Spy/Realtime
F-Secure	Trojan-Downloader.Win32.SpyAgent.r
eSafe	Win32.SpyAgent.r
Comodo	TrojWare.Win32.TrojanDownloader.SpyAgent
CAT-QuickHeal	TrojanDownloader.SpyAgent.r
BitDefender	Trojan.Agent.AJWE
AVG	Downloader.Generic7.GGC

File System Details

Keylogger.SpyAgent may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	kl.exe	5026d7c8688a0ca306b8cd33e23959b5	122
Name: kl.exe MD5: 5026d7c8688a0ca306b8cd33e23959b5 Size: 3.24 MB (3244032 bytes) Detections: 122 Type: Executable File Path: C:\WINDOWS\SysWOW64\abl\kuxxxmxd\zoxxxaxsx\olss\kl.exe Group: Malware file Last Updated: March 10, 2024
2.	sview.exe	5ac32f87077170a09cb9055e12e2136f	6
Name: sview.exe MD5: 5ac32f87077170a09cb9055e12e2136f Size: 30.92 KB (30928 bytes) Detections: 6 Type: Executable File Path: C:\Windows\sview.exe Group: Malware file Last Updated: July 15, 2022
3.	clfct.dll	eed0e7dd5e1d913b30c428952a2e9222	2
Name: clfct.dll MD5: eed0e7dd5e1d913b30c428952a2e9222 Size: 49.93 KB (49931 bytes) Detections: 2 Type: Dynamic link library Path: C:\Windows\clfct.dll Group: Malware file Last Updated: October 14, 2021
4.	spcviewer.exe	496ea9a1196833ea1cfa97a4bb7a4655	2
Name: spcviewer.exe MD5: 496ea9a1196833ea1cfa97a4bb7a4655 Size: 30.41 KB (30413 bytes) Detections: 2 Type: Executable File Path: C:\Windows\spcviewer.exe Group: Malware file Last Updated: July 6, 2023
5.	wak.exe	47ba67fff0910f3819d08731042df70b	2
Name: wak.exe MD5: 47ba67fff0910f3819d08731042df70b Size: 3.3 MB (3305472 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\SysWOW64\config\1\2\2\1\1\1\1\2\2\1\1\1\1\2\2\1\1\1\1\2\2\1\1\1\1\2\2\1\1\1\1\2\2\1\1\1\1\2\2\1\1\1\1\2\2\1\1\1\1\wak.exe Group: Malware file Last Updated: June 26, 2020
6.	spcchat.dll	823724bb72cc53b32ffbca88d7f886cd	1
Name: spcchat.dll MD5: 823724bb72cc53b32ffbca88d7f886cd Size: 49.82 KB (49821 bytes) Detections: 1 Type: Dynamic link library Group: Malware file Last Updated: December 16, 2019
7.	fdel.exe	0f086c76deedd31d015036782fde869b	1
Name: fdel.exe MD5: 0f086c76deedd31d015036782fde869b Size: 19.08 KB (19083 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: November 10, 2022
8.	sysdiag.exe	213e1fa664081f82dea1f553a90ba5ba	0
Name: sysdiag.exe MD5: 213e1fa664081f82dea1f553a90ba5ba Size: 1.32 MB (1329258 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
9.	NoStealth.exe	cef4b7f7c1da0664fc46a49300c706f5	0
Name: NoStealth.exe MD5: cef4b7f7c1da0664fc46a49300c706f5 Size: 52.58 KB (52582 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
10.	spcksys.dll	6f9fec0a1b15de73ee5964e224720090	0
Name: spcksys.dll MD5: 6f9fec0a1b15de73ee5964e224720090 Size: 20.31 KB (20312 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
11.	Deploy.exe	4055a65f07ef183f72b27ec91e5c21b8	0
Name: Deploy.exe MD5: 4055a65f07ef183f72b27ec91e5c21b8 Size: 39.51 KB (39518 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
12.	svchost.exe	23f81f43854869232908f87796421305	0
Name: svchost.exe MD5: 23f81f43854869232908f87796421305 Size: 46.57 KB (46578 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
13.	csrss.exe	fa126bb34fc78c4dd74cbf37f4c7cff4	0
Name: csrss.exe MD5: fa126bb34fc78c4dd74cbf37f4c7cff4 Size: 112.09 KB (112097 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 8, 2010

Registry Details

Keylogger.SpyAgent may create the following registry entry or registry entries:

File name without path

Purchase SpyAgent Online!!.lnk

Remove Spytech SpyAgent.lnk

SpyAgent Help Documentation.lnk

SpyAgent Help Documentation.url

SpyAgent PC Surveillance.lnk

SpyAgent's 10 Step Guide to Total Stealth.lnk

SpyAgent's 10 Step Guide to Total Stealth.url

Stop SpyAgent Stealth Mode.lnk

Regexp file mask

%PROGRAMFILES(x86)%\sysconfig\sysdiag.exe

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Spytech SpyAgent

Directories

Keylogger.SpyAgent may create the following directory or directories:

%PROGRAMFILES%\Award Keylogger

%PROGRAMFILES%\KAward

%PROGRAMFILES%\ProKAward

%PROGRAMFILES(x86)%\Award Keylogger

%PROGRAMFILES(x86)%\KAward

%PROGRAMFILES(x86)%\ProKAward

%ProgramFiles%\Spytech Software\Spytech SpyAgent

%WINDIR%\SysWOW64\KAward

%WINDIR%\system32\KAward

Analysis Report

General information

Family Name:	Trojan.Spy.Agent
Signature status:	No Signature

Known Samples

MD5: 2c3eb1a5a9784bd4ae1cca8562d12b63

SHA1: ee0338ba376c82caf621a7a69e6dc7175403f405

SHA256: 6C0CA3BDBE400F6AB8CB0F5729BB40D3207EEE97B6582215F88556E35E3B2857

File Size: 1.10 MB, 1101824 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Version	5.50
Internal Name	Setup
Original Filename	Setup.exe
Product Name	3
Product Version	5.50

File Traits

Installer Version
vb6
x86

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df014a0baf01e85b7a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\compatibility assistant\persisted::c:\users\user\downloads\ee0338ba376c82caf621a7a69e6dc7175403f405_0001101824.exe		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Other Suspicious	SetWindowsHookEx
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Keylogger.SpyAgent

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.RocketCAT

Trojan-dropper.win32.VB.agtq

Tratbc.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen