Trojan.Spy.KeyLogger.U
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Spy.KeyLogger.U |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
462a9080f175d72b1849e960ec84b1cb
SHA1:
0b934722592fb13ccccc8de2fcf314dca60ddfaa
File Size:
45.21 KB, 45212 bytes
|
|
MD5:
c152b9faefff18dac41b5b527e10a604
SHA1:
aa2ef81ec253bd25c07dc27e1ec0d0fae5fcb284
File Size:
94.27 KB, 94272 bytes
|
|
MD5:
ef421f703fce7696d7e201ed8f129a4a
SHA1:
59b743d33cba002c0784bed314c952a4b47e0b71
File Size:
82.45 KB, 82452 bytes
|
|
MD5:
211343e79f5f9aa3720bd06b03ad7e1a
SHA1:
f90abb7b8492d497c00c4fc8d436f989456abf54
File Size:
63.89 KB, 63892 bytes
|
|
MD5:
2d37158282773ecceb60f03e2b8389da
SHA1:
847a77ef3f59d5d5c85b386d1d0ae75cdd9dbebd
File Size:
37.71 KB, 37712 bytes
|
Show More
|
MD5:
24663fad03447631814a05e28fdd2905
SHA1:
d8aa15d75b1cae44be3ed94ea9e14d583a16c2d6
File Size:
47.03 KB, 47032 bytes
|
|
MD5:
ed9b84a16b98d2e9332472d040a1bd6d
SHA1:
d738ab8a4de19a23b32c8c22b3c16ffce7cd19f7
SHA256:
AA4237A6A8D2EA20909022B28193626233156AC21F99417CD61DAD2BAC9C4D76
File Size:
37.69 KB, 37692 bytes
|
|
MD5:
8fd00548028a11adc9815d4800932c75
SHA1:
c9a20e6de5972938041115e021eb86918e159806
SHA256:
E9941635C1E9EB13D9B936C45488C37E5ADBE50998BE656D2A87551B20507C8B
File Size:
39.55 KB, 39552 bytes
|
|
MD5:
d10409e0789b95a651e4117aaf45b77d
SHA1:
6f21a1263c57720f149f79837cf85d87c9ed99e4
SHA256:
29B84AD07B520F0AFF3DAA4E54265EC2B51D6EF51366203AFD184047B13630C3
File Size:
43.11 KB, 43112 bytes
|
|
MD5:
e4805075063cb747132265a778323b20
SHA1:
202613e9e8177f4dd2b670f0b7ba7ce773fa9ca9
SHA256:
9A0F3444AF338B7B7294C771170CA09828043F4FEFA4C6CB8A51D1067379CDC0
File Size:
56.99 KB, 56992 bytes
|
|
MD5:
16eb3db7c26d3cd6473b9461b7d07bba
SHA1:
8060b0f1a08a709f42d5fd6218303f4166234a12
SHA256:
26582C7DF16BE7785CEA6F061218A3DDC6F438053C1F1A7E9BEFF5CF2F8C2330
File Size:
227.77 KB, 227772 bytes
|
|
MD5:
e7b8382774cc7ec3f15b28d9c8e9f01d
SHA1:
817b2dee4a15414ad52fc28d53ba7c670cc82bc9
SHA256:
EE035BE0CF4346862B9937218F97E9894021C506DE3B6F3DF92FE07B37180AA9
File Size:
53.33 KB, 53332 bytes
|
|
MD5:
7a9ed8572ee63ab41a599a2184e51f15
SHA1:
8fffb1c686912ff57d5d2b7c2aeaf23417b97de5
SHA256:
67F5F0DF4EB8752D127B935D83F77EEEB7BB0F7E1A95858159BA76D2557C2982
File Size:
44.05 KB, 44052 bytes
|
|
MD5:
888797e828e17dea6feccfc2c2f759ff
SHA1:
a1ec79cd6495c20919a549da1a55410c548e2868
SHA256:
8A5D1384BCF412071E520E5B8C86D34E2CEE2CFCBB03F294A646211332312903
File Size:
36.77 KB, 36772 bytes
|
|
MD5:
225aa5ca53aaee308d075c26da90c67c
SHA1:
e3ddf96fab6b0090d1855537f953536c71692569
SHA256:
578BF423894F5A07756342EC1F4ED35699EE081C7C0D6AFA69C88D498D4C1F02
File Size:
70.17 KB, 70172 bytes
|
|
MD5:
bef9b0b3580473fb71bbd9186772c0e8
SHA1:
e607f751605c583493ae565e2012e3750e20c07f
SHA256:
98F0B3FDD3835476C03CEAC0105D0124E818A258B74E3483FF6FDC3A08F1E806
File Size:
90.27 KB, 90272 bytes
|
|
MD5:
9382f0567221efd7a812b9dd86ae24ff
SHA1:
60e2b589c0f5f728f354f6bb5f1771f9fe3a6094
SHA256:
FAF9953F00C608E5831D2362732D6495D141664A97401CEFC7A27CBF5A238E74
File Size:
38.59 KB, 38592 bytes
|
|
MD5:
1dd8dc06907e0615e6a176763b18200c
SHA1:
0d4fc5cad37e43360e0023363d42f93d3064af7b
SHA256:
EF0D6004342B53A1D181542ABD4C27A5CCED20DC0819B8AB39F96D65671EE36D
File Size:
36.47 KB, 36472 bytes
|
|
MD5:
21fe640eef414419afe8d550e8a118f8
SHA1:
ae527665d1ddd8a76ccb797e8b79f062f2626842
SHA256:
463C91102748AE4A49E5ECBDAC416F085C4FB076251EAE8FC3D62998987DABE6
File Size:
36.49 KB, 36492 bytes
|
|
MD5:
262bdd9b94440da11a79988de3dd0f5a
SHA1:
413ca5bc81997872a70caa862cd479d0a1a70e05
SHA256:
354F049AA3B4B87FCDBEDA6D8C0ECBD776BD434801EB46616BB705F607ED8B8A
File Size:
41.35 KB, 41352 bytes
|
|
MD5:
32937aaacf8170e252d9b8595e79102b
SHA1:
0587f5c5e00fa69c164ac5d162c4b4fc5143a39c
SHA256:
E848D4DE42EF27A363CC3F4DB2C0CC57F899B1E4901A6DCF6E2E3E7D7887DF5A
File Size:
37.13 KB, 37132 bytes
|
|
MD5:
f81d294ceb9511ae6eacba9890747066
SHA1:
c6237ffb5e0d589d347159cfdaf0294413b69b3a
SHA256:
8FE8DBF6186DF6C848A9D015C7C08CE5A19FEFE33254F2E1AAB19ED2DC7C771A
File Size:
48.67 KB, 48672 bytes
|
|
MD5:
842b13686c64befe98d9531df7169dfd
SHA1:
0dd6e1f143b35864e5ec25df739d3a7409116c19
SHA256:
BB4A33535F2BDDD4C459845BFA8173003977F02B260D109AED98A43C4E7B1D59
File Size:
36.37 KB, 36372 bytes
|
|
MD5:
72484a4ab8dd83e3323ad0bda2b29950
SHA1:
281c97e77a935c2163e86a73cf11503c1a7038c1
SHA256:
CEDA7A21FCB2E141F6CA35F265E04B7974E3E2F8A920BC46005476A4EF860B7C
File Size:
39.79 KB, 39792 bytes
|
|
MD5:
50f1bd7dcdf250e55dfe07f7085ddb38
SHA1:
178399f684a5ae43625ebfdf7a9a0893623c3909
SHA256:
458C2CD324940960C252D3560796FC60C1343C5A47BE876AF0896169E7DF5CD0
File Size:
154.89 KB, 154892 bytes
|
|
MD5:
af74ede7c48dcd4d9fc4e5f1851e98e2
SHA1:
9fe754a7f5484a98b1b0108ca5e8a0804d44f621
SHA256:
FA90998BAEF59F38550B301290356DA0F128B63F3F1DB5F59083D2F61BA13B2E
File Size:
82.39 KB, 82392 bytes
|
|
MD5:
545e3a42c1bbbede184d12354eb98b5d
SHA1:
76fe512cca0c328c874eb04f5ec25ff0048d5313
SHA256:
D31495CA07BE80F10E0C731A337967690505A1C6F0B44591E8EDB4984AFF3D42
File Size:
75.93 KB, 75932 bytes
|
|
MD5:
3d9830517facd394fb98e84e74c45783
SHA1:
7f1ace2250204b077d1ea1c85216d5f560b368fc
SHA256:
98C94346E3A132242FF15EEF573743A9CA3A2BF73ADABC9A8E2F8B564081B08F
File Size:
36.49 KB, 36492 bytes
|
|
MD5:
46eb28aac2791a5ba679b11760f19305
SHA1:
bbf7468492691f46795ceb6cd524c558dfb74acf
SHA256:
D50969C0E268A868AA9E267A2D91113C7BD54DEDF2368BDB24F404D6526682F4
File Size:
231.73 KB, 231732 bytes
|
|
MD5:
e0d5ad844fddc21ce661f46dc363b36c
SHA1:
c58ded7f0704cc049c8265b82a318d581ae54ba3
SHA256:
70B60422D339927962A17085E23759FD9857B2374EC935517FB2AAC4D5DA2B9F
File Size:
45.51 KB, 45512 bytes
|
|
MD5:
b06585163815b7830b6c1aa1a75b5616
SHA1:
b54e931b970c3678cbab9ea08edd8dc909848353
SHA256:
DA1BD9C53B8D7DDC9A114DFFF2C096E711C6A2DC6B562344A903C1C9EE91AD45
File Size:
38.23 KB, 38232 bytes
|
|
MD5:
a6747803afd0143edc77e0165506c323
SHA1:
b9e07e6b1a9b26ed1b483d6ebf38ea31a87e7522
SHA256:
7BD35E6272DCBEF07B3FCE44AA172AE5F0A969CF87B3918505920C4D14F68477
File Size:
70.21 KB, 70212 bytes
|
|
MD5:
2902164f12b9a91bdbbba0f66d2f62d6
SHA1:
c4dfe73ff7a9656d571ac986ea36947f53265ee4
SHA256:
01D1F66EBA89F6EEEBE3B244BEDDAAD8A0D56F33FB7AD444F45BE21BBCDD090E
File Size:
36.87 KB, 36872 bytes
|
|
MD5:
eccb812c00a6848fdfb1749e0f3dc5b5
SHA1:
bbe26ed3f29daf0239a2a346ba6457fd977fb3e9
SHA256:
0180E0768E190AF38AE96B75584FA4B4D0B1447C8EDEBA962AD5AA5FE187B908
File Size:
614.40 KB, 614400 bytes
|
|
MD5:
54021ce50f95d117686b63da7302afda
SHA1:
c40c42664ca78fe4db44f05fcc8ed8d87890cda6
SHA256:
77680C976B6B933EF03AC555E6BD7BDD4FDE77FD61BEF54DC9A7D7DEEA7C0C5F
File Size:
54.31 KB, 54312 bytes
|
|
MD5:
45e90a5148ce00a616ede3a0babe49a9
SHA1:
c74a2e47b07ac26983d79ee1cef7a0df49b1d8d0
SHA256:
C5D04A057F31912C95C36973BD60835AE9CF47DE07A90A06A8CC2DC1049CCAF0
File Size:
37.01 KB, 37012 bytes
|
|
MD5:
5d9239397bbb2ab0e50a4d094a695b2a
SHA1:
16c3b3fa99ecbfb8f916d2afd47476518f7ae63b
SHA256:
F96F4ECED28AF5C9C281BA9683B68A5C18E15846DA61915A85255F9F6822E713
File Size:
64.57 KB, 64572 bytes
|
|
MD5:
bc91155edf7a43174008ed7f6d8b0b87
SHA1:
42f8a9fe005e121c3c75885e9dcfcccae871baee
SHA256:
CBC7D1FF509CFC5BA83C5117DB5AEB92AF9F4AF1FA8081294507945BC0EC4987
File Size:
36.71 KB, 36712 bytes
|
|
MD5:
f423aecbe3eca50665c00d5fe91eb26d
SHA1:
4e1d1b4031e5d00f0c4e32bd2c2d6175f9ece400
SHA256:
BD9C7E83E7D1717F4F3A0C47F8D08B6D3AEBB0FDD5C544FF2512405255276348
File Size:
614.40 KB, 614400 bytes
|
|
MD5:
06941c042f24ea1db24e4828e79b3cea
SHA1:
4b9af75529757ccc319144a6f19f71024a3ec224
SHA256:
38F606558D0A4C9E64D911C130BB2CCB546630426685831D2D09AF5BD64C190C
File Size:
62.07 KB, 62072 bytes
|
|
MD5:
cdbe6e4f6575e0af784639094c257ce9
SHA1:
58bfd97d7305e5aa67571b1c29bca1be7d365b47
SHA256:
BD74013E365009943A5C2D7275C8541FF745A99C6F2F6666F93EB9FB9878031E
File Size:
65.29 KB, 65292 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | www.tinytask.net |
| File Description | www.tinytask.net |
| File Version | 1, 77, 0, 0 |
| Legal Copyright |
|
| Original Filename | TinyTask.exe |
| Product Name | TinyTask |
| Product Version | 1, 77, 0, 0 |
File Traits
- 2+ executable sections
- big overlay
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 40 |
|---|---|
| Potentially Malicious Blocks: | 30 |
| Whitelisted Blocks: | 10 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
x
x
x
x
x
x
x
x
x
x
0
x
1
x
0
0
0
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Spy.KeyLogger.U
- Upatre.VKD
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Keyboard Access |
|
