» pkllagent.exe
Overview
Analysis
File Details
Behaviors (1)

pkllagent.exe

Phrozen Keylogger Lite

LESUEUR JEAN-PIERRE VINCENT

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Phrozen Mon_KP’.

File name:

pkllagent.exe

Publisher:

PhrozenSoft (signed by LESUEUR JEAN-PIERRE VINCENT)

Product:

Phrozen Keylogger Lite

Version:

1.0.0.0

MD5:

1110c0678d6f1ee89ae72cd7b6c66d03

SHA-1:

d9d1536355f67d2a2c15a6067e17fa37cb060740

SHA-256:

054648a4d0aa7d3300f5a9fce2f8f853ffda5fe2f18a6b6fc0343b0e7a6ac2ee

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/24/2024 8:55:25 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clodccc.Trojan

1.3.0.4613

Trend Micro House Call

PAK_Generic.009

7.2.11

Trend Micro

PAK_Generic.009

10.465.11

File size:

3.1 MB (3,282,952 bytes)

Product version:

1.0.0.0

2013

Trademarks:

PhrozenSoft

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\users\{user}\appdata\roaming\phrozensoft\pkll\pkllagent.exe

Digital Signature

Signed by:

LESUEUR JEAN-PIERRE VINCENT

Authority:

COMODO CA Limited

Valid from:

7/18/2013 12:00:00 AM

Valid to:

7/18/2014 11:59:59 PM

Subject:

CN=LESUEUR JEAN-PIERRE VINCENT, O=LESUEUR JEAN-PIERRE VINCENT, STREET=12 Bis rue de la muette, L=Maisons Laffitte, S=Yvelines, PostalCode=78600, C=FR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B1A4D9D55C68FA3452E8826B8894ABDC

File PE Metadata

Compilation timestamp:

9/14/2013 5:19:57 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:swBfVMc94TW/me70bdhM84fct9Rcd5G77777777777777777775:swBfVSTQme7Ge6xcbG7777777777777J

Entry address:

0x629E15

Entry point:

E8, B9, A8, FF, FF, 83, FB, 01, 55, E9, 8D, B1, 09, 00, 3E, 29, 61, 2E, 18, EF, 67, 09, 2B, 5D, F5, 52, 6B, FD, F6, 97, 90, 0E, 63, 45, 42, 58, 45, 9A, 24, 52, 2B, F0, 28, 75, 51, F3, 38, 5B, E3, 61, AA, F5, 2A, 24, 97, C2, BA, 19, 44, D9, E2, BE, 26, 5F, BA, CE, 54, A7, D2, 7C, 1C, 5F, 0A, B6, 29, A8, 9D, 29, E1, D3, 81, 3C, A3, 76, A7, 4F, 94, 2C, 99, B8, 79, E0, CC, BD, 2C, 13, E6, 98, 8E, 5B, C2, 4E, 2F, F5, 2C, A1, 16, 84, 3A, 3C, 73, B6, E3, 58, FC, 9E, 68, 04, 1B, 8F, 2B, 4F, 11, 60, 5B, 5B, D3, B7... 
[+]

Code size:

2 MB (2,083,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Phrozen Mon_KP

Command:

"C:\users\{user}\appdata\roaming\phrozensoft\pkll\pkllagent.exe" \h

Scan pkllagent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.