PowerShell/Spy.Keylogger [Threat Name] go to Threat

PowerShell/Spy.Keylogger.A [Threat Variant Name]

Category trojan
Size 14375 B
Detection created Nov 22, 2016
Signature database version 14487
Aliases Backdoor:PowerShell/Shaningning.C (Microsoft)
Short description

PowerShell/Spy.Keylogger.A is a trojan that steals sensitive information.


It is written in PowerShell .

Installation

When executed, the trojan may create the following files:

  • %temp%\­%malwarefilename% (PowerShell/Spy.Keylogger.A trojan)
  • %temp%\­persist.vbs

The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Update" = "%temp%\­persist.vbs"

This causes the trojan to be executed on every system start.

Information stealing

The trojan is able to log keystrokes.


The collected information is stored in the following file:

  • %temp%\­key.log

The trojan attempts to send gathered information to a remote machine.


The HTTP, SMTP, DNS protocol is used.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The malware configuration is passed as command line parameters when the malware executable is launched.


It can execute the following operations:

  • stop itself for a certain time period
  • send gathered information

Please enable Javascript to ensure correct displaying of this content and refresh this page.