Malware

About “Application.KeyLogger.QSH” infection

Malware Removal

The Application.KeyLogger.QSH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Application.KeyLogger.QSH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Application.KeyLogger.QSH?


File Info:

name: 7B279F044899A70C8160.mlw
path: /opt/CAPEv2/storage/binaries/5a63a5ba7e5ff83bf9ce0ccadbde0a678805c3d4831b182e256e54b16e9898aa
crc32: 3A4DF344
md5: 7b279f044899a70c81606a4809b19034
sha1: 12fa972f6795704d07c16f46e639dd6a484c712f
sha256: 5a63a5ba7e5ff83bf9ce0ccadbde0a678805c3d4831b182e256e54b16e9898aa
sha512: 018bb80b6f3bec4ea8a10bd3d5e7e62d5de893f620f4148a4bd6e4830af2827f38411c176f9ba33aa98cd6e57c731ec7717655a74c00502aadeccb03635524da
ssdeep: 12288:L20i1QtLmN+CEMJB+fVG1qDpD+gAF7rmvgLsF11VsC/I:L20ECLlCadG1q9D+gY7rmvZf5/I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T180C42307E3E19878F1A29D70AE22D517963B3C3698302C6C749C1ECE9F7355B988A353
sha3_384: 851ed8852e6226c27cd248e6d386e7f0e3a58d9ca5fd33f771d929b7f6a843cdceac8ce517a91976a6aa6f22585d0ad1
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Keyboard Logger Setup
FileVersion:
LegalCopyright:
ProductName: Keyboard Logger
ProductVersion:
Translation: 0x0000 0x04b0

Application.KeyLogger.QSH also known as:

LionicRiskware.Win32.KeyLogger.1!c
DrWebTool.KeyHook
MicroWorld-eScanApplication.KeyLogger.QSH
FireEyeApplication.KeyLogger.QSH
ALYacApplication.KeyLogger.QSH
K7AntiVirusPassword-Stealer ( 004f41331 )
AlibabaRiskWare:Win32/KeyLogger.5fb76403
K7GWPassword-Stealer ( 004f41331 )
Cybereasonmalicious.44899a
VirITTrojan.Win32.Agent.TZZ
CyrenW32/Trojan.WOWY-4051
SymantecSpyware.Keylogger
ESET-NOD32Win32/KeyLogger.KeyboardLogger
TrendMicro-HouseCallSPYWARE_KEYL_FINGERPRINTS
Kasperskynot-a-virus:Monitor.Win32.KeyLogger.alu
BitDefenderApplication.KeyLogger.QSH
NANO-AntivirusRiskware.Win32.KeyHook.ddymei
AvastWin32:KeyLogger-AFG [PUP]
TencentWin32.Risk.Keylogger.Ahop
EmsisoftApplication.KeyLogger.QSH (B)
ComodoMalware@#343i2rxpbw5zg
ZillyaTool.KeyLogger.Win32.3010
TrendMicroSPYWARE_KEYL_FINGERPRINTS
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.hc
SophosGeneric Reputation PUA (PUA)
GDataApplication.KeyLogger.QSH
WebrootW32.Malware.Gen
MAXmalware (ai score=100)
KingsoftWin32.Troj.Agent.jf.(kcloud)
ZoneAlarmnot-a-virus:Monitor.Win32.KeyLogger.alu
MicrosoftTrojan:Win32/Occamy.C5A
McAfeeArtemis!7B279F044899
CylanceUnsafe
RisingTrojan.Spy.KeySpy.a (CLOUD)
YandexTrojanSpy.Agent!d3B2OJOeS/s
MaxSecureTrojan.Malware.2136500.susgen
FortinetRiskware/KeyLogger
AVGWin32:KeyLogger-AFG [PUP]
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Application.KeyLogger.QSH?

Application.KeyLogger.QSH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment