Stealer Keylogger Malware Analysis
| Online Virus Checker | v.1.0.146.174 |
| DB Version: | 2023-11-04 04:00:48 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Spy.Win32.Keylogger.dd!n
Keylogger is designed to secretly record keystrokes on a computer or mobile device, capturing everything a user types, including sensitive information like passwords and credit card numbers. It can be used by cybercriminals to steal personal and confidential data without the user's knowledge or consent.
| File: | Client-built.exe |
| Checked: | 2023-11-04 02:19:42 |
| MD5: | ad1c7bec12cb9d214c1be9fee1afd7c2 |
| SHA1: | 00f8d95b7d81a5338e9c4f27232b554e37897312 |
| SHA256: | 1bef1f3c1a1b7dc4cfe79e467825ebc89ea687543613e05ac9e7d7b21fc68d7d |
| SHA512: | 63e407fc9ceee12d4ea24c861959a35d9ab18c3e6c31d185b70cf414ac1371be2b80f51f48aab9301082671400d657bed3a2fda7d0939a5f6a7740f937f06403 |
| Imphash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Size: | 3266048 bytes |
Spy.Win32.Keylogger.dd!n Removal
Gridinsoft has the capability to identify and eliminate Spy.Win32.Keylogger.dd!n without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| Translation | 0x0000 0x04b0 |
| Comments | |
| CompanyName | |
| FileDescription | Quasar Client |
| FileVersion | 1.4.1 |
| InternalName | Client.exe |
| LegalCopyright | Copyright © MaxXor 2023 |
| LegalTrademarks | |
| OriginalFilename | Client.exe |
| ProductName | Quasar |
| ProductVersion | 1.4.1 |
| Assembly Version | 1.4.1.0 |
Portable Executable Info
| Image Base: | 0x00400000 |
| Entry Point: | 0x0071e3fe |
| Compilation: | 2023-03-12 16:16:39 |
| Checksum: | 0x00000000 (Actual: 0x00329482) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 3 |
| Imports: | mscoree, |
| Exports: | 0 |
| Resources: | 2 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x0031c404 | 0x0031c600 | 5997c46e96975caf1fcf2285c8c7a461 | 6.08 |
| .rsrc | 0x00320000 | 0x00000a93 | 0x00000c00 | cdeae95ac72e9e58017d2bcc89d2fbea | 4.65 |
| .reloc | 0x00322000 | 0x0000000c | 0x00000200 | e7d4f7d5c6a56813a995215f35c1a9ce | 0.08 |
