Home / malware MonitoringTool:Win32/RevealerKeylogger
First posted on 15 February 2019.
Source: MicrosoftAliases :
MonitoringTool:Win32/RevealerKeylogger is also known as Spyware.RevealerKeylog, MonitoringTool.Win32.RevealerKeylogger.B, Trojan.Keylogger.CON.
Explanation :
Installation
The tool is usually installed in %ProgramFiles%
vlkl with the file name rvlkl.exe.
It changes the following registry entry so that it runs each time you start your PC:
In subkey: HKCUSoftwareMicrosoftWindowsCurrentVersionRun
Sets value: "Revealer Keylogger Pro edition"
With data: "", for example "%ProgramFiles%
vlkl
vlkl.exe"
Payload
Monitors your actions
This tool can:
Keep a record of keystrokes you make (including when you type your user names and passwords). Intercept communication in chat rooms and instant messengers. Take screenshots when you type certain text or use the mouse.
The tool can send this recorded data by email, FTP, or LAN to another person.
It can run in a hidden mode so you cannot see it running in the Task Manager, Windows Explorer, or in the Windows Startup System Configuration Utility.
It can also be protected with a password, so you cannot change the tool's settings or see the information it has collected without knowing the password.
Analysis by Mihai CalotaLast update 15 February 2019