Analysis Date2014-11-05 05:21:20
MD508c5794b140dcc83f677718cfa68c939
SHA1f581a36985f3ce732c2e3b06cd6cf0e248504e6b

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: bcedce80ce3f0d2361e581a7b5c1a765 sha1: 1876278352eb524866a8c05bd2211282317771ce size: 69120
Section.rdata md5: 39380780acbc83a8828e276ff51051cc sha1: 912f91a3beb3fbc9a4c2cc17d88bb1597881f8df size: 20480
Section.data md5: bc85164ef133dab147402462c1750269 sha1: 8f77f28023402245e2cbed64a7215b948d925211 size: 5120
Section.rsrc md5: ccf61fcf2b0df8551385fdd3feadd98f sha1: 325d1b35539582a98405b45f8fbe113f6da7a3ca size: 512
Section.reloc md5: 21e4a26c8d2f38f4adf82ebb39ac92a0 sha1: ccb46a7852985db8d39a4b90fa2de487bf8d03ad size: 5120
Timestamp2014-06-24 06:50:57
Pdb pathE:\Hack\keylogger\Pro-Keylogger - Copy\Release\Pro-Keylogger.pdb
PackerMicrosoft Visual C++ ?.?
PEhashc83e00bb3320b362401975935b634a60bb180c7d
IMPhash3d1206c6807178a29beb92c7729f753d
AV360 SafeGen:Variant.Graftor.145812
AVAd-AwareGen:Variant.Graftor.145812
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Graftor.145812.18
AVBullGuardGen:Variant.Graftor.145812
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Generic.r5
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.145812
AVEset (nod32)Win32/Spy.KeyLogger.ONG
AVFortinetW32/KeyLogger.ONE!tr.spy
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.145812
AVGrisoft (avg)Win32/DH{gRIDYgkPfC17ICIj}
AVIkarusWin32.SuspectCrc
AVK7Spyware ( 0049c83f1 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeRDN/Generic.dx!ddh
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Graftor.145812
AVNormanGen:Variant.Graftor.145812
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)BScope.Trojan.Agent

Runtime Details:

Network Details:


Raw Pcap

Strings
-
//
   :: 
::
.
00-+ 
\
  
.
-
-1
+-0-E-
-0
0
0- 
000u
                                 
- abort() has been called
af-za
af-ZA
Aja-JP
Ajjjh
April
AR6002
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
el-gr
el-GR
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
mscoree.dll
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nCONOUT$
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
 0$0(0,0004080<0@0D0H0L0P0T0X0\0
0&0+01090>0C0L0Q0W0_0d0j0r0w0}0
0$0,040<0D0L0T0\0d0l0t0|0
0<0P0s0|0
#0)0R0m0
0.1^1{1
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
040>0I0S0`0z0
< <$<(<,<0<4<8<<<@<D<
; ;$;(;,;0;4;8;<;@;D;H;L;
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
= =$=(=,=0=4=8=<=d=t=
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
<0=<=a=f=l=x=
1"1(10151;1C1H1N1V1[1a1i1n1s1|1
1 1(1.1H1O1v1
1"1,121Y1c1i1
1$1,141<1D1L1T1\1d1l1t1|1
123321
1	2E2M2R2`2u2z2
:!:':+:1:5:;:?:D:J:N:T:X:^:b:h:l:
178.33.171.1
?*?1?n?w?
1#QNAN
1#SNAN
2"2-2]20393T3e3q3
2$2,242<2D2L2T2\2d2l2t2|2
2%2-262=2E2N2`2x2~2
2?3X3c3i3{3
242A2F2T2p3w3
:":-:2:=:B:M:R:]:b:j:o:w:|:
2I2X2w2
303P3p3
3!3,313<3A3L3Q3\3a3l3q3|3
3$3,343<3D3L3T3\3d3l3t3|3
3'4m4x4}4
354O4X4
=!='=3=8===B=K=
:(:3:e:
3f3 4S4
=3=f=l=t=
404P4\4x4
4$4+414
4$4,444<4D4L4T4\4d4
4$4,444<4D4L4T4\4d4l4t4|4
4 4$4(4Q4w4
4%4*454:4B4G4O4T4\4a4i4n4v4{4
4-454>4G4i4
4B5H5T5
?&?/?4?:?B?G?M?U?Z?`?h?m?s?{?
4C4L4j4
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
51686<6@6D6H6L6P6T6
5$5*50565=5D5K5R5Y5`5g5o5w5
5 5(50585@5H5P5X5`5h5p5x5
5$5)54595D5I5T5Y5d5i5t5y5
5 5@5\5`5
;.;5;;;I;O;d;u;
5S6^6s6
5X6^6j6
616C6U6g6y6
6 6(60686@6H6P6X6`6h6p6x6
6$6)64696D6I6T6Y6d6i6t6y6
6%6+6<6[6q6{6
6 6$6(6Q6w6
6(6H6d6h6
6(6R6Y6`6g6
6%70767
6'7.7A7V7`7f7l7r7
698?8L8c8
6R7Y7{7
71888<8@8D8H8L8P8T8
7$707=7E7M7U7]7f7o7w7
7 7(70787@7H7P7X7`7h7p7x7
7"7-727=7B7M7R7]7b7m7r7}7
7(7:7L7^7
7(7;7O7
:*:7:=:y:
=-=7=y=$>+>Q>X>
8 8(80888@8H8P8X8`8h8p8x8
8%8*82878T8[8a8f8q8v8
8>8X8e8t8~8
8D9J9Q9W9o9
:":+:8:@:M:n:x:
939A9J9u9
979A9N9X9
9(939U9
9 9(90989@9H9P9X9`9h9p9x9
9!9&91969A9F9Q9V9^9c9k9p9x9}9
9F9S9\9
9%:?:G:R:i:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
AreFileApisANSI
</assembly>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
\atapi.sys
<at-<rt"<wt
August
[Backspace]
bWWWWj
CallNextHookEx
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CompareStringEx
CompareStringW
ConsoleWindowClass
CopyFileA
CopyFile() error: %u
CorExitProcess
Could not retrieve the computer name.
=;=C=P=U=p=u=
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
[Ctrl]
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
[Delete]
DeleteCriticalSection
DispatchMessageA
>&>,><>D>J>Y>c>i>x>
[Down Arrow]
E:\Hack\keylogger\Pro-Keylogger - Copy\Release\Pro-Keylogger.pdb
EncodePointer
EnterCriticalSection
EnumSystemLocalesEx
ExitProcess
expIorer.exe
February
FindWindowA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
FtpPutFileA
<!<'<;<G<
GetACP
GetActiveWindow
GetAsyncKeyState
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDateFormatEx
GetEnvironmentStringsW
GetFileAttributesA
GetFileInformationByHandleExW
GetFileType
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLocalTime
GetLogicalProcessorInformation
GetMessageA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
`h````
:@;H;];
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InternetCloseHandle
InternetConnectA
InternetOpenA
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
j@j _W
} kE$<
KERNEL32.dll
:!;/;>;L;
LCMapStringEx
LCMapStringW
LeaveCriticalSection
[Left Arrow]
LoadLibraryExW
MessageBoxW
MM/dd/yy
Monday
MultiByteToWideChar
November
(null)
October
OutputDebugStringW
:@:P:{:
~pjCXf
PP9E u
PSSSSV
PWWWWV
QueryPerformanceCounter
`.rdata
ReadConsoleW
ReadFile
RegCloseKey
RegOpenKeyExA
RegSetValueExA
@.reloc
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
      <requestedPrivileges>
[Right Arrow]
RtlUnwind
Saturday
    </security>
    <security>
September
SetDefaultDllDirectories
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributes() expIorer.exe error: %u
SetFileInformationByHandleW
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowsHookExA
ShowWindow
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SSPQSW
Sunday
SunMonTueWedThuFriSat
,SVWj0X
T1X1\1`1
~';_t|%3
< t8<	t4
TerminateProcess
tf=`~A
+t"HHt
tHHt*Ht#
!This program cannot be run in DOS mode.
Thursday
 Time :
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TranslateMessage
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Tuesday
;t$,v-
?:uBGW
uChm}@
UnhandledExceptionFilter
UnhookWindowsHookEx
UNICODE
[Up Arrow]
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
;%<V<n<
v	N+D$
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
Windows Atapi x86 Driver
WININET.dll
Wj0XPV
WriteConsoleW
WriteFile
> >$>(>X>`>d>h>l>p>t>x>|>
=X=k=@>
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
xppwpp
xpxxxx
Y;=<}A