» ardamax keylogger.exe
Overview
Analysis
File Details

ardamax keylogger.exe

Asper

C Vital

The application ardamax keylogger.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

Publisher:

C Vital

Product:

Asper

Description:

LeaveLoadLoud

Version:

4, 10, 30, 0

MD5:

2397e411e35ef78c76d58910ec7d3499

SHA-1:

615c6baa8c394bda7d08e96e1ff4c50245f046e0

SHA-256:

42ed6197bc6fb86890ba383382f944c75e258ce4253b807d32b0605627f0e517

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 12:43:01 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.4Shared

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2015.02.19

Avira AntiVirus

APPL/Downloader.Gen4

7.11.202.28

avast!

Win32:PUP-gen [PUP]

2014.9-150401

AVG

Generic

2016.0.3153

Baidu Antivirus

Adware.Win32.4Shared

4.0.3.1541

Clam AntiVirus

Win.Adware.Purd

0.98/20118

Comodo Security

Application.Win32.4shared.GSP

20900

Dr.Web

Adware.Downware.1751

9.0.1.091

ESET NOD32

Win32/4Shared.AM potentially unwanted (variant)

9.11395

F-Prot

W32/S-367fc245

v6.4.7.1.166

IKARUS anti.virus

PUA.4Shared

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.202.15417

Kaspersky

not-a-virus:Downloader.Win32.4Shared

14.0.0.2260

McAfee

4shared

5600.6809

NANO AntiVirus

Trojan.Win32.4Shared.dmovte

0.30.0.64812

nProtect

Adware.PURD

15.02.27.01

Panda Antivirus

Trj/Genetic.gen

15.04.01.12

Qihoo 360 Security

Malware.QVM07.Gen

1.0.0.1015

Reason Heuristics

Adware.Maxiget.CVital.Meta

15.4.24.0

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4150696

36694

Zillya! Antivirus

Backdoor.CPEX.Win32.30311

2.0.0.2076

File size:

56 KB (57,344 bytes)

Product version:

4, 10, 30, 0

Conical (c)

Trademarks:

TM2-15

Original file name:

lltmoping.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ardamax keylogger.exe

File PE Metadata

Compilation timestamp:

3/24/2015 12:57:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:49ghqhEMssMe5vOpimKtDQx3PE6Z0PX6lAeaQG+VQjQ:kghqhf5IEONP+PAO+VQjQ

Entry address:

0x222F

Entry point:

E8, F8, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 4D, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 39, 22, 40, 00, FF, 15, AC, 80, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, B4, 80, 40, 00, FF, 75, 08, FF, 15, B0, 80, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Entropy:

5.5936

Code size:

27.5 KB (28,160 bytes)

Remove ardamax keylogger.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.