Categories: PUA

ElReceptor Keyboard Hook (PUA) malicious file

The ElReceptor Keyboard Hook (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ElReceptor Keyboard Hook (PUA) virus can do?

Creates RWX memory
Drops a binary and executes it
Unconventionial language used in binary resources: Turkish
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics

Related domains:

www.cfxy.me

How to determine ElReceptor Keyboard Hook (PUA)?


File Info:
crc32: 179A6E34md5: 6a8d97225531e52f5d9c76c875f2cacfname: 1.exesha1: 536fbac82d3425f7a1df6bee3e39c95d7877d545sha256: af3676828f580fa92a62b9161db0d1183d7edb6c789d4d504db1c92f0f8a9357sha512: 9297ff9e2e21c9cc2fc82b914eee99c27b233cf291b8d034c4cf733c452f1eb8bf6438fac829b6db9445bcf2d2a6b4edf236cb87890bff9686f269f31a9fa12fssdeep: 24576:NnsJ39LyjbJkQFMhmC+6GD9jqCRLgN5H4zDtkHAGY6Hz/L:NnsHyjtk2MYC5GD9RLgzHc039type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: InternalName: FileVersion: 1.0.0.4CompanyName: SynapticsLegalTrademarks: Comments: ProductName: Synaptics Pointing Device DriverProductVersion: 1.0.0.0FileDescription: Synaptics Pointing Device DriverOriginalFilename: Translation: 0x041f 0x04e6

ElReceptor Keyboard Hook (PUA) also known as:

MicroWorld-eScan	Dropped:Trojan.GenericKD.32840913
FireEye	Generic.mg.6a8d97225531e52f
CAT-QuickHeal	Sus.Nocivo.E0011
McAfee	GenericRXCB-VC!6A8D97225531
Cylance	Unsafe
VIPRE	BehavesLike.Win32.Malware.eah (mx-v)
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Dropped:Trojan.GenericKD.32840913
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.25531e
TrendMicro	Virus.Win32.NAPWHICH.B
BitDefenderTheta	AI:Packer.F5AF03D517
F-Prot	W32/Zorex.A
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Zorex-E [Wrm]
ClamAV	Win.Malware.Delf-6899401-0
GData	Dropped:Trojan.GenericKD.32840913
Kaspersky	Backdoor.Win32.DarkKomet.hqxy
Alibaba	Backdoor:Win32/DarkKomet.ac422126
NANO-Antivirus	Trojan.Win32.DarkKomet.fazbwq
AegisLab	Trojan.Win32.DarkKomet.tp6k
Tencent	Virus.Win32.DarkKomet.a
Ad-Aware	Dropped:Trojan.GenericKD.32840913
Sophos	ElReceptor Keyboard Hook (PUA)
Comodo	Virus.Win32.Agent.DE@74b38h
F-Secure	Trojan:W97M/MaliciousMacro.GEN
Zillya	Trojan.Delf.Win32.76144
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
Trapmine	malicious.moderate.ml.score
Emsisoft	Dropped:Trojan.GenericKD.32840913 (B)
Cyren	W32/Backdoor.OAZM-5661
Jiangmin	Trojan.Generic.bhoqf
Avira	WORM/Dldr.Agent.gqrxn
Antiy-AVL	Trojan[Downloader]/Script.AGeneric
Endgame	malicious (high confidence)
Arcabit	HEUR.VBA.Trojan.d
ZoneAlarm	Backdoor.Win32.DarkKomet.hqxy
Microsoft	Worm:Win32/AutoRun.XXY!bit
AhnLab-V3	Win32/Zorex.X1799
Acronis	suspicious
ALYac	Dropped:Trojan.GenericKD.32840913
MAX	malware (ai score=100)
VBA32	TScope.Trojan.Delf
Malwarebytes	Trojan.Agent
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.88102
ESET-NOD32	Win32/Delf.NBX
TrendMicro-HouseCall	Virus.Win32.NAPWHICH.B
Rising	Backdoor.Agent!1.BF3D (CLASSIC)
Yandex	BackDoor.Optix!
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Delf.NBX!tr
AVG	Other:Malware-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)