Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Riskware-P2P.Astrisk-Key Analysis Report
Threat Submitted On: 12/7/2007 8:50:33 AM
Threat Analysed On: 12/7/2007 1:50:33 PM
Threat Updated On: 1/27/2011 7:39:17 PM
Type : Riskware
Symptoms of Astrisk-Key
  • Legitimate application that can be misused by hackers by opening up ports for remote administration and to start and stop critical system services to compromise system security.
  • This program may be used to infect other machines and steal or damage critical system data, besides other spiteful purposes
Alias : Riskware-P2P.Astrisk-Key
Md5 Hash : [becb55cc41f92c98b562e1cce343ca29]
File Size : (686545 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Delete the following Files to remove Infection
File: acckey.exe
Path : %programfiles%\passware\demos

Md5Hash :23f25228031ae180745e7a526bf6eb57 ( 331776 bytes)
File: pk.chm
Path : %programfiles%\passware\demos

Md5Hash :fe6d7c5ddfdc92b32462e9f3963c2188 ( 51220 bytes)
File: unwise.exe
Path : %programfiles%\passware\demos

Md5Hash :ac5ba5f707b865e36d9fb751b41dbc63 ( 76941 bytes)
File: access key demo.lnk
Path : %userprofile%\start menu\programs\passware

Md5Hash :ce8c79908498c4583eb890cf2614335a ( 795 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
These file(s) can be kept as they are also created by genuine Software.
File : sn_inst.dll
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : [randomname].exe
Path : %workingdir%

Md5Hash :becb55cc41f92c98b562e1cce343ca29 ( 686545 bytes)
Creates the following child process(s) on execution:



Creates the Following MUTEX(s) on user's System:-
msident logon
c:_documents and settings_spyeraser_local settings_application data_identities_{e9eb7274-d079-40ae-a5
Copies the Following Files to Given Location :-

Copies :%systemdrive%\temp\mps25.tmp

To : %userprofile%\application data\microsoft\address book\spyeraser.wab~

Moves the Following Files to Given Location :-
Moves :%systemdrive%\temp\~glh0000.tmp
To : %systemdrive%\temp\glfb.tmp
Moves :%systemdrive%\temp\~glh0001.tmp
To : %systemdrive%\temp\license.txt
Moves :%systemdrive%\temp\~glh0002.tmp
To : %systemdrive%\temp\sn_inst.dll
Moves :%programfiles%\passware\demos\~glh0003.tmp
To : %programfiles%\passware\demos\unwise.exe
Moves :%programfiles%\passware\demos\~glh0004.tmp
To : %programfiles%\passware\demos\acckey.exe
Moves :%programfiles%\passware\demos\~glh0005.tmp
To : %programfiles%\passware\demos\pk.chm


1. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
2. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
3. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
4. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.

Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.