Spy

What is “Win32/Spy.KeyLogger.PKN”?

Malware Removal

The Win32/Spy.KeyLogger.PKN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.KeyLogger.PKN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Sniffs keystrokes

How to determine Win32/Spy.KeyLogger.PKN?


File Info:

name: DE7F4C1AAB52F111B1AE.mlw
path: /opt/CAPEv2/storage/binaries/7eb2e63f59186c91bfe5589a2bcfafdbb0fbe417117f03d723aa22485b8d5f54
crc32: 40389357
md5: de7f4c1aab52f111b1aec65dd0a8ffd7
sha1: eca01e8598c67b8838baa62e1e020071cd9465dd
sha256: 7eb2e63f59186c91bfe5589a2bcfafdbb0fbe417117f03d723aa22485b8d5f54
sha512: a3edf22d5c52062f62bad6e30a90a5d94324fc59a81ced0fde77e563b7956c6f7c638881ba5ac094ca704234100b7b500dbe618fa5c1d1deb19830eee1ca1dfd
ssdeep: 24576:WRaZROMOm8FN7TjsPnzt2heeRhQbJEOeamrK:ckxOm+7TjsPnztyDMmaE
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1E1256C4933A441A9FEB7E177CA52C607C6B1788A42778B2F01E04AB67F737715A1E321
sha3_384: 4870e7ae71cc9d4d4690478261cce056fced37ea2a1b62960e80878c273396781e2d15b7c61f27b99117fb6aa3f04181
ep_bytes: 4883ec28e8bfb300004883c428e936fe
timestamp: 2021-12-03 22:17:59

Version Info:

Translation: 0x0809 0x04b0

Win32/Spy.KeyLogger.PKN also known as:

LionicTrojan.Win32.AutoIt.l!c
MicroWorld-eScanTrojan.GenericKD.38229908
FireEyeTrojan.GenericKD.38229908
McAfeeArtemis!DE7F4C1AAB52
K7AntiVirusSpyware ( 004fcc191 )
K7GWSpyware ( 004fcc191 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Spy.KeyLogger.PKN
TrendMicro-HouseCallTROJ_GEN.R067H0CL521
AvastAutoIt:KeyLogger-L [Trj]
ClamAVWin.Spyware.Keylog-1
KasperskyTrojan-Spy.Win32.AutoIt.ah
BitDefenderTrojan.GenericKD.38229908
TencentWin32.Trojan-spy.Autoit.Wuhj
Ad-AwareTrojan.GenericKD.38229908
EmsisoftTrojan.GenericKD.38229908 (B)
McAfee-GW-EditionBehavesLike.Win64.Injector.dh
SophosMal/Generic-S
Paloaltogeneric.ml
GDataTrojan.GenericKD.38229908
AviraTR/Spy.KeyLogger.wzhrf
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacTrojan.GenericKD.38229908
MAXmalware (ai score=83)
CylanceUnsafe
FortinetW32/KeyLogger.PKN!tr.spy
AVGAutoIt:KeyLogger-L [Trj]
PandaTrj/CI.A

How to remove Win32/Spy.KeyLogger.PKN?

Win32/Spy.KeyLogger.PKN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment