Spy

Win32/Spy.KeyLogger.NZL removal

Malware Removal

The Win32/Spy.KeyLogger.NZL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.KeyLogger.NZL virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Spy.KeyLogger.NZL?


File Info:

name: AE77FEA1860E49AF24AC.mlw
path: /opt/CAPEv2/storage/binaries/03b4893008941b6485d681da1fc60bc141dcc19fdfc1db3754520516446b70f0
crc32: 54E4ACDB
md5: ae77fea1860e49af24acdf7aef71260c
sha1: c1c2a473eeb6557929a9240885a90f39c2426848
sha256: 03b4893008941b6485d681da1fc60bc141dcc19fdfc1db3754520516446b70f0
sha512: cc08ffba84237440b8c384920c59b8c9d383faef3c8340d9ceaa3cdc08608ff90e3f5e8bf4191f5439d1ff36e77d5c850a12a97c1943f2a40955a3779266270c
ssdeep: 3072:V2KmfzdnB2oBzrT7+Rb5nBZNWMWWN57Xc:5Rb5nPNxD6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DDF33F3D697856E7D120C2B0EBE19427F0ABA9AE3631AC2370C75B451727D43799332E
sha3_384: e3ee8834412b61e5a12388a994cc8e12bc372419e734a0f021159e679dcaffbf6d9a083f08fd73ba7c6d7b5baf6751e4
ep_bytes: 68c01d4000e8f0ffffff000000000000
timestamp: 2012-03-01 13:24:00

Version Info:

Translation: 0x0409 0x04b0
ProductName: proTymTin
FileVersion: 1.00
ProductVersion: 1.00
InternalName: kl_worldc
OriginalFilename: kl_worldc.exe

Win32/Spy.KeyLogger.NZL also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.ae77fea1860e49af
McAfeeBackDoor-FHW
VIPREGen:Variant.Doina.15006
CrowdStrikewin/malicious_confidence_70% (D)
K7GWSpyware ( 0047dd301 )
K7AntiVirusSpyware ( 0047dd301 )
ESET-NOD32Win32/Spy.KeyLogger.NZL
APEXMalicious
ClamAVWin.Packed.Agen-7666161-0
KasperskyVHO:Worm.Win32.WBNA.gen
BitDefenderGen:Variant.Doina.15006
NANO-AntivirusTrojan.Win32.VBKrypt.fbgefz
MicroWorld-eScanGen:Variant.Doina.15006
AvastWin32:KeyloggerX-gen [Trj]
RisingMalware.Undefined!8.C (TFE:5:rhtIaUb50tJ)
Ad-AwareGen:Variant.Doina.15006
EmsisoftGen:Variant.Doina.15006 (B)
ZillyaTrojan.Keylogger.Win32.70192
McAfee-GW-EditionBackDoor-FHW
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
GDataGen:Variant.Doina.15006
JiangminTrojan/VBKrypt.hxed
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.39
ArcabitTrojan.Doina.D3A9E
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.KeyLogger.C245031
VBA32Trojan.VBKrypt
ALYacGen:Variant.Doina.15006
MAXmalware (ai score=82)
CylanceUnsafe
TencentMalware.Win32.Gencirc.114b40e7
YandexTrojan.GenAsa!gNoFo9M3O64
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaAI:Packer.DEAAF18C20
AVGWin32:KeyloggerX-gen [Trj]
Cybereasonmalicious.1860e4

How to remove Win32/Spy.KeyLogger.NZL?

Win32/Spy.KeyLogger.NZL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment