{ "id": "9947e53c-0423-4d72-85e8-8e5368d486e0", "created_at": "2026-04-06T00:10:27.488451Z", "updated_at": "2026-04-10T13:11:30.208967Z", "deleted_at": null, "sha1_hash": "f5efc2844ba4966c5ccf5891c965630c887a234d", "title": "CVE-2010-2568 keylogger Win32/Chymine.A", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 59011, "plain_text": "CVE-2010-2568 keylogger Win32/Chymine.A\r\nArchived: 2026-04-05 23:08:12 UTC\r\n CVE-2010-2568 - Win32/Chymine.A \r\nWindows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2,\r\nand Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF\r\nshortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild\r\nin July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA\r\nsystems\r\nDownload bin.exe as a password protected archive  (contact me if you need the password)\r\nESET New malicious LNKs: here we go…\r\n\"At the time of analysis, this threat downloads and install a key stroke logger which we detect as\r\nWin32/Spy.Agent.NSO trojan.  The server used to deliver the components used in this attack is\r\npresently located in the US, but the IP is assigned to a customer in China. \"\r\nF-Secure Win32/Chymine-A\r\nResult: 30/41 (73.18%)\r\nhttp://www.virustotal.com/analisis/96ec6dc227b3110807d1dd183e802aa4f1271f79cdeaa50e9172065fd5c311f2-\r\n1280489604\r\nAntivirus Version Last Update Result\r\nAhnLab-V3 2010.07.30.00 2010.07.29 Dropper/Win32.Chymine\r\nAntiVir 8.2.4.32 2010.07.30 TR/Dldr.Tiny.cmq\r\nAntiy-AVL 2.0.3.7 2010.07.30 Trojan/Win32.Tiny.gen\r\nAvast 4.8.1351.0 2010.07.30 Win32:Malware-gen\r\nAvast5 5.0.332.0 2010.07.30 Win32:Malware-gen\r\nAVG 9.0.0.851 2010.07.30 PSW.Generic8.GRF\r\nBitDefender 7.2 2010.07.30 Trojan.Autorun.ATB\r\nComodo 5586 2010.07.30 TrojWare.Win32.AntiAV.~G\r\nhttp://contagiodump.blogspot.com/2010/07/cve-2010-2568-keylogger-win32chyminea.html\r\nPage 1 of 2\n\nDrWeb 5.0.2.03300 2010.07.30 Trojan.KeyLogger.8141\r\nEmsisoft 5.0.0.34 2010.07.30 Trojan-Downloader.Win32.Tiny!IK\r\nF-Secure 9.0.15370.0 2010.07.30 Trojan-Spy:W32/Chymine.A\r\nFortinet 4.1.143.0 2010.07.30 W32/Tiny.CMQ!tr.dldr\r\nGData 21 2010.07.30 Trojan.Autorun.ATB\r\nIkarus T3.1.1.84.0 2010.07.30 Trojan-Downloader.Win32.Tiny\r\nJiangmin 13.0.900 2010.07.29 TrojanSpy.KeyLogger.cqyg\r\nKaspersky 7.0.0.125 2010.07.30 Trojan-Downloader.Win32.Tiny.cmq\r\nMcAfee 5.400.0.1158 2010.07.30 Generic Downloader.x!eas\r\nMcAfee-GW-Edition 2010.1 2010.07.30 Heuristic.BehavesLike.Win32.CodeInjection.H\r\nMicrosoft 1.6004 2010.07.30 Trojan:Win32/Chymine.A\r\nNOD32 5325 2010.07.30 Win32/Spy.Agent.NSO\r\nnProtect 2010-07-30.02 2010.07.30 Trojan.Autorun.ATB\r\nPanda 10.0.2.7 2010.07.29 Trj/ChymineLNK.A\r\nPCTools 7.0.3.5 2010.07.30 Net-Worm.SillyFDC\r\nRising 22.58.04.05 2010.07.30 Trojan.Win32.Generic.52214029\r\nSophos 4.56.0 2010.07.30 Mal/Chymin-A\r\nSunbelt 6663 2010.07.30 Trojan.Win32.Generic!BT\r\nSymantec 20101.1.1.7 2010.07.30 W32.SillyFDC\r\nVBA32 3.12.12.7 2010.07.30 Trojan-Downloader.Tiny.cmq\r\nViRobot 2010.7.30.3963 2010.07.30 Trojan.Win32.S.Downloader.131584\r\nVirusBuster 5.0.27.0 2010.07.29 Trojan.DL.Tiny.DPT\r\nAdditional information\r\nFile size: 131584 bytes\r\nMD5...: 3515b1f2ae991fcd64ff4e3b664625c0\r\nSource: http://contagiodump.blogspot.com/2010/07/cve-2010-2568-keylogger-win32chyminea.html\r\nhttp://contagiodump.blogspot.com/2010/07/cve-2010-2568-keylogger-win32chyminea.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "http://contagiodump.blogspot.com/2010/07/cve-2010-2568-keylogger-win32chyminea.html" ], "report_names": [ "cve-2010-2568-keylogger-win32chyminea.html" ], "threat_actors": [], "ts_created_at": 1775434227, "ts_updated_at": 1775826690, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f5efc2844ba4966c5ccf5891c965630c887a234d.pdf", "text": "https://archive.orkl.eu/f5efc2844ba4966c5ccf5891c965630c887a234d.txt", "img": "https://archive.orkl.eu/f5efc2844ba4966c5ccf5891c965630c887a234d.jpg" } }