PowerShell/Spy.Keylogger [Threat Name] go to Threat
PowerShell/Spy.Keylogger.A [Threat Variant Name]
|Detection created||Nov 22, 2016|
|Signature database version||14487|
PowerShell/Spy.Keylogger.A is a trojan that steals sensitive information.
It is written in PowerShell .
When executed, the trojan may create the following files:
- %temp%\%malwarefilename% (PowerShell/Spy.Keylogger.A trojan)
The trojan may set the following Registry entries:
- "Update" = "%temp%\persist.vbs"
This causes the trojan to be executed on every system start.
The trojan is able to log keystrokes.
The collected information is stored in the following file:
The trojan attempts to send gathered information to a remote machine.
The HTTP, SMTP, DNS protocol is used.
The trojan acquires data and commands from a remote computer or the Internet.
The malware configuration is passed as command line parameters when the malware executable is launched.
It can execute the following operations:
- stop itself for a certain time period
- send gathered information