» h@tkeysh@@k.dll
Overview
Analysis
File Details

h@tkeysh@@k.dll

The module h@tkeysh@@k.dll has been detected as a potentially unwanted program by 24 anti-malware scanners.

File name:

h@tkeysh@@k.dll

MD5:

116ec20265b00cfe389518e2a0c7ed81

SHA-1:

d04c903ef681bb18dbf337ffa7ff2a9ccc8bedd6

SHA-256:

ef9d09e51c42bc04d48444b2517471ea07f2d8a6a6a2e67dd635b7bf95bf8b7a

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/25/2024 12:49:56 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

HackTool.HotKeysHook

7.1.1

AhnLab V3 Security

Adware/Win32.HotKeysHook

2014.01.12

avast!

Win32:HotKeysHook-I [PUP]

2014.9-131230

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.131230

Bkav FE

W32.KdbqwKADLL.Rootkit

1.3.0.4613

Clam AntiVirus

Trojan.W32.HotKeysHook.A-2

0.98/18155

Comodo Security

Win32.Keylogger.HotKeysHook.A

17593

Dr.Web

Tool.Hatkeys

9.0.1.0364

ESET NOD32

Win32/HackTool.HotKeysHook

7.9278

Fortinet FortiGate

W32/Hotkeys.B!tr

12/30/2013

F-Prot

W32/Keylogger.BQ

v6.4.7.1.166

F-Secure

Adware:W32/H@tKeysH@@k.A

11.2014-14-01_3

K7 AntiVirus

Trojan

13.175.10814

Malwarebytes

HackTool.HotKeyHook

v2013.12.30.08

MicroWorld eScan

Win32:HotKeysHook-I [PUP]

14.0.0.1092

NANO AntiVirus

Trojan.Win32.HotKeys.fzlj

0.28.0.57029

Norman

HotKeys.A

11.20131230

nProtect

Trojan-Spy/W32.Hooker.20480

14.01.10.01

Sophos

HotKeys Hook

4.96

Trend Micro House Call

Spyware_KEYL_HotKeys

7.2.364

Trend Micro

Spyware_KEYL_HotKeys

10.465.30

VIPRE Antivirus

Trojan.HotKeyHook

25320

ViRobot

Trojan.Win32.HotKeylogger.20480

2011.4.7.4223

XVirus List

Win.Detected

2.3.31

File size:

20 KB (20,480 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Windows\System32\h@tkeysh@@k.dll

File PE Metadata

Compilation timestamp:

5/30/1999 10:27:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

192:l2SALZC8eQ3ukfY53t19ThXOPByWRtMJ6mNjRusAfQZ+OhiJzodE:l2JCbkfIH9T0pMJ6mDuc+MiJzod

Entry address:

0x1230

Entry point:

53, 55, 56, 8B, 74, 24, 14, 85, F6, 57, B8, 01, 00, 00, 00, 75, 13, 8B, 0D, 5C, 62, 00, 10, 85, C9, 75, 09, 33, C0, 5F, 5E, 5D, 5B, C2, 0C, 00, 8B, 7C, 24, 1C, 8B, 5C, 24, 14, 83, FE, 01, 74, 05, 83, FE, 02, 75, 28, 8B, 0D, 54, 66, 00, 10, 85, C9, 74, 05, 57, 56, 53, FF, D1, 85, C0, 74, 0C, 57, 56, 53, E8, 6F, FE, FF, FF, 85, C0, 75, 09, 33, C0, 5F, 5E, 5D, 5B, C2, 0C, 00, 57, 56, 53, E8, 6A, FD, FF, FF, 83, FE, 01, 8B, E8, 75, 0C, 85, ED, 75, 08, 57, 50, 53, E8, 47, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03... 
[+]

Entropy:

3.8862

Developed / compiled with:

Microsoft Visual C++

Code size:

7 KB (7,168 bytes)

Remove h@tkeysh@@k.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.