PC Tattletale
It is a keylogger that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications
often run in stealth mode and are invisible to the user that is being monitored. It monitors persons without their knowledge.0
General information:
| Malware Name: |
PC Tattletale |
| Malware Type: |
Key Logger |
| Company Name: |
Cyber Samurai Marketing |
| Company URL: |
http://www.cybersamurai.com/
|
| Threat Level: |
Elevated Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation |
Company Description:
Its one-stop solution for both business & consumer software titles. It offer award-winning software products that range from ecommerce automation and business software, and Internet safety products that help parents keep their children safe on
the Internet. Its software is some of the most advanced, easy to use Consumer / Home and Internet marketing software tools available on the net today.
Spyware Description:
It is a keylogger that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications
often run in stealth mode and are invisible to the user that is being monitored. It monitors persons without their knowledge.0
Characteristics/Symptoms:
-> Monitor and capture data from computers -> Run in stealth mode -> Intercepts keystrokes from the keyboard and records them in a log -> Starts with the operating system0
Additional information might be found here:
Processes Running:
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\WINDOWS\system32\explorer32\WinLoad.exe |
65536 |
Application |
| C:\WINDOWS\system32\explorer32\closewindow.wav |
6356 |
Wave Sound |
| C:\WINDOWS\system32\explorer32\explorer.chm |
21537 |
Compiled HTML Help file |
Folder information Created after Installation:
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_CLASSES_ROOT |
\CLSID\{0669D4C1-87BD-4895-B3F7-4560A478DF60}\InprocServer32 |
InprocServer32 |
| HKEY_LOCAL_MACHINE |
\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107D7AD5-A620-4044-840A-7E97370F6DB3}\InprocServer32 |
ThreadingModel |
| HKEY_LOCAL_MACHINE |
\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231B4983-BB2D-11D4-9ED5-958F88DA5D51}\InprocServer32 |
InprocServer32 |
