cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Souradip
Level 7
Report Inappropriate Content
Message 1 of 2
‎08-23-2019 09:19 PM

Keyloggers

What's the meaning of

" containing the directory "        

" Intended to contain directory  "

Terminology. 

I am giving link

https://norfolkinfosec.com/tag/hsmbalance-exe/

 

And how can it saves keylog and screenshot to

Appdata/local/temp folder ????

0 Kudos
Reply
1 Reply
dvarnell
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2
‎09-03-2019 02:13 PM

Re: Keyloggers

Hi Souradip,

 

It appears that the "C:\Windows\Temp\TMP0389A.tmp" file is a plain text file which contains the path to the following:

 

"%temp%\GoogleChrome"

 

As the article describes, the malware uses a combination of Windows APIs and code similar to what is found in some "open-source screengrabbing code," which appears to be primarily used for "benign screen-sharing package."

 

We have detection for these files as follows:

26466867557f84dd4784845280da1f27 -  PS/Agent.x

d45931632ed9e11476325189ccb6b530 -  RDN/Generic PWS.y

34404a3fb9804977c6ab86cb991fb130 - RDN/Generic.grp

 

I hope this helps!

 

0 Kudos
Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC