Home / malware

PDF

MonitoringTool:MSIL/TBKeylogger

First posted on 15 July 2019.
Source: Microsoft

Aliases :

There are no other names known for MonitoringTool:MSIL/TBKeylogger.

Explanation :

The tool creates a registry entry in so that it runs each time you start your PC:

In subkey: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
Sets value: The Best Keylogger
With data:

It can install the following files into the folder %ProgramData%SysApp:

Janus.Data.v3.dll Janus.Windows.ButtonBar.v3.dll Janus.Windows.Common.v3.dll Janus.Windows.GridEX.v3.dll NDde.dll SysAppInstaller.exe SysAppInstaller.exe.config SysDir.exe SysDir.exe.config SysDir.InstallState TheBestLicence.rtf

The tool can run in a hidden mode - this means you won't see that it's running.

It can capture what you are doing on your PC. In particular, it can:

Take screenshots when you click the mouse Log and record what you print Intercept and keep a record of communications in chat rooms and instant messengers Log and record what you type on your keyboard, such as usernames and passwords Make automatic backups of files that you create, rename, or delete

It can send this information to an email address or over an FTP connection that is specified when the tool is installed.

Analysis by Mihai Calota

Last update 15 July 2019

 

TOP