Home / malware

PDF

MonitoringTool:Win32/RevealerKeylogger

First posted on 15 February 2019.
Source: Microsoft

Aliases :

MonitoringTool:Win32/RevealerKeylogger is also known as Spyware.RevealerKeylog, MonitoringTool.Win32.RevealerKeylogger.B, Trojan.Keylogger.CON.

Explanation :

Installation

The tool is usually installed in %ProgramFiles%
vlkl with the file name rvlkl.exe.

It changes the following registry entry so that it runs each time you start your PC:

In subkey: HKCUSoftwareMicrosoftWindowsCurrentVersionRun
Sets value: "Revealer Keylogger Pro edition"
With data: "", for example "%ProgramFiles%
vlkl
vlkl.exe"

Payload

Monitors your actions

This tool can:

Keep a record of keystrokes you make (including when you type your user names and passwords). Intercept communication in chat rooms and instant messengers. Take screenshots when you type certain text or use the mouse.

The tool can send this recorded data by email, FTP, or LAN to another person.

It can run in a hidden mode so you cannot see it running in the Task Manager, Windows Explorer, or in the Windows Startup System Configuration Utility.

It can also be protected with a password, so you cannot change the tool's settings or see the information it has collected without knowing the password.

Analysis by Mihai Calota

Last update 15 February 2019

 

TOP