HKTL_QEDS

 Analysis by: Nice Yutuc

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This hacking tool arrives as a component bundled with malware/grayware packages.

  TECHNICAL DETAILS

File Size:

24,576 bytes

File Type:

DLL

Memory Resident:

Yes

Initial Samples Received Date:

02 Feb 2012

Arrival Details

This hacking tool arrives as a component bundled with malware/grayware packages.

NOTES:

This is a Dynamic Link Library (DLL) component file,that may arrive on a system as a component of downloaded programs from the Internet or is bundled in other spyware installer packages which can be used by other malware to log and scan for passwords in the system. It uses certain Windows API functions to steal passwords.

HKTL_QEDS registers a CLSID by creating the following entry in the registry:

HKEY_LOCAL_MACHINE\Software\Classes\
CLSID\{34F673E0-878F-11D5-B98A-00B0D07B8C7C}