A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #4129  by EP_X0FF
 Fri Dec 24, 2010 3:22 pm
It's works like primitive keylogger. All keylogged strokes stored in syss.txt, it is able to determine if they were typed in WordPad or Notepad for example.
At least it is not really wanted software with silent auto-running through HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
It's build with help of some sort Multimedia runtime from http://www.clickteam.com/website/usa.

Constantly connects with 174.5.4.6:1152