Trojan.Spy.KeyLogger.MA
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Spy.KeyLogger.MA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
27821359c2f4b867164d0dcba527cefa
SHA1:
fb8e7275e9c7ed84f345a2013960d20b917cc69e
File Size:
133.63 KB, 133632 bytes
|
|
MD5:
6b1ba2a022fe1a9f154eafc370384af1
SHA1:
04def9d2c2ced83695f95eb164f1c53c00e382f3
SHA256:
F287EC3C32443CEE0A1A034ADB893E37409747A93F0434CEEA38272859105039
File Size:
151.55 KB, 151552 bytes
|
|
MD5:
8e77dcafe957daf3fea0b4d5f348389a
SHA1:
ee45e80524dfe0ec8065d3aab92d8eb46b1d24b0
SHA256:
8E6D6B1072850733E19AAA9DABCD9E94913E8C2A27DB7C014FB82689240F944B
File Size:
126.98 KB, 126976 bytes
|
|
MD5:
67c381a5c07403c484636fba5706fa51
SHA1:
2ebc4e0d3f3569ab261662e81136558b125145a2
SHA256:
6433B3AD418270745194B66A1C172F78C90FE91691407D9F79BD0684A4A5301F
File Size:
140.80 KB, 140800 bytes
|
|
MD5:
e01b78780d7cf2a482b339f54bf0a4ec
SHA1:
65129ddd23ddf8c60f8694cb3a267f73c58b28a8
SHA256:
6B52C9786C706838960A22D0BF8CCB91659B0A531A426367FFAB76842798794A
File Size:
126.98 KB, 126976 bytes
|
Show More
|
MD5:
35585f9717d74179b6780ac113bc5d8d
SHA1:
867c4c0127104fa1abe2c5dab23816da478d9cbe
SHA256:
BE068EDB2964B8191EA20E69EF1AF94846DBA3C6A7E155C65FF73519C65F370E
File Size:
144.90 KB, 144896 bytes
|
|
MD5:
3bdd076e99b0b344eb09a040b09db094
SHA1:
1e150d881ef0975dc665cc0ec1a82ea25b247cc7
SHA256:
B0366936F9CD92DCB1874DF0C2FACE37A75B21FE8F6ACA022755F1D6822E5800
File Size:
138.75 KB, 138752 bytes
|
|
MD5:
0d2d6dc11d16a5f7bd9f2a40a24f3497
SHA1:
e351001545ba48b888441c4b9d950d22202fba44
SHA256:
04053BBD4A095F256306B78D8E426859B17C7233331246C3E2CB240AC8BD1B1C
File Size:
140.80 KB, 140800 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- 2+ executable sections
- JMC
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 343 |
|---|---|
| Potentially Malicious Blocks: | 2 |
| Whitelisted Blocks: | 330 |
| Unknown Blocks: | 11 |
Visual Map
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
0
?
0
0
?
0
0
0
0
0
0
0
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.FYH
- Agent.KFF
- Agent.LEC
- Bladabindi.J
- Bladabindi.JA
Show More
- Bladabindi.JBA
- Injector.GFDC
- PPLFault.A
- RobloxHack.HH
- ShellcodeRunner.LU
- ShellcodeRunner.XJ
- Spy.KeyLogger.AU
- Spy.KeyLogger.AUA
- Spy.KeyLogger.AUB
- Spy.KeyLogger.MC
- Trojan.Agent.Gen.HF
- Trojan.Agent.Gen.UH
