user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:JS/GuLoader
Trojan:JS/GuLoader - Windows Defender threat signature analysis

Trojan:JS/GuLoader - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:JS/GuLoader
Classification:
Type:Trojan
Platform:JS
Family:GuLoader
Detection Type:Concrete
Known malware family with identified signatures
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for JavaScript platform, family GuLoader

Summary:

Trojan:JS/GuLoader is a malicious JavaScript downloader that fetches and executes secondary malware payloads from remote sources, often using obfuscated URLs like tinyurl.com. It manipulates the file system and leverages Windows APIs to achieve persistence and facilitate the execution of additional, potentially high-impact threats such as ransomware or info-stealers.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - MSVBVM60.DLL (PEHSTR_EXT)
 - exe" -Destination (MACROHSTR_EXT)
 - ('.'+'/sw"&CHAR(46)&"exe')") (MACROHSTR_EXT)
 - ttps://tinyurl.com/y5dsc4ag (MACROHSTR_EXT)
 - Urinvejssygdommenes.Sig (PEHSTR_EXT)
 - Uninstall\Eliderede (PEHSTR_EXT)
 - Ablatives\Eyesight.ini (PEHSTR_EXT)
 - Software\Spionkameraet (PEHSTR_EXT)
 - entohyal spaulder.exe (PEHSTR_EXT)
 - UY.kO}s' (SNID)
 - fllesbrn.txt (PEHSTR_EXT)
 - Yderredens102.Kan (PEHSTR_EXT)
 - blinkenberg.txt (PEHSTR_EXT)
 - civilisable\Enterococci143 (PEHSTR_EXT)
 - mesalliancers\Seksaaringen (PEHSTR_EXT)
 - chego\reverensens (PEHSTR_EXT)
 - Scripting.FileSystemObject (PEHSTR_EXT)
 - \flKknkUR6B3JMPQjtG45 (PEHSTR_EXT)
 - Uninstall\PDF_Reader (PEHSTR_EXT)
 - CreateFileMappingA(i r5, i 0, i 0x40, i 0, i 0, i 0)i.r4 (PEHSTR_EXT)
 - vbsedit.txt (PEHSTR_EXT)
 - SetSecurityDescriptorDacl (PEHSTR_EXT)
 - ExecToLog (PEHSTR_EXT)
 - ShellExecuteExW (PEHSTR_EXT)
 - beam_r.cur (PEHSTR_EXT)
 - beam_rl.cur (PEHSTR_EXT)
 - busy.svg (PEHSTR_EXT)
 - system.ini (PEHSTR_EXT)
 - \something.ini (PEHSTR_EXT)
 - kernel32.dll::RtlMoveMemory(*i r3 r3,i r9,i 4) (PEHSTR_EXT)
 - AsGenIcon.pdb (PEHSTR_EXT)
 - pidgin.exe (PEHSTR_EXT)
 - readme.txt (PEHSTR_EXT)
 - Predeceived.dll (PEHSTR_EXT)
 - Windows\CurrentVersion\Uninstall\Spontanisternes54\Konsistensernes\Sanktionsfaststtelser (PEHSTR_EXT)
 - Software\Driftsbygningen\Polycitral (PEHSTR_EXT)
 - Software\Garantibetalingernes\Hygienise (PEHSTR_EXT)
 - Simple.png (PEHSTR_EXT)
 - SimpleColor.dll (PEHSTR_EXT)
 - CreateFileMappingW(i r2, i 0, i 0x40, i 0, i 0, i 0)i.r3 (PEHSTR_EXT)
 - Classic.png (PEHSTR_EXT)
 - Decolorising6.dat (PEHSTR_EXT)
 - English.tips (PEHSTR_EXT)
 - MDT2DFX.DLL (PEHSTR_EXT)
 - (i 0,i 0x100000, i 0x3000, i 0x40)p.r3 (PEHSTR_EXT)
 - CommonFilesDir (PEHSTR_EXT)
 - C:\Program Files (PEHSTR_EXT)
 - COPYING.txt (PEHSTR_EXT)
 - wininit.ini (PEHSTR_EXT)
 - unknowndll.pdb (PEHSTR_EXT)
 - unhailed\Bygrnsernes.lnk (PEHSTR_EXT)
 - Boilermaker129.sag (PEHSTR_EXT)
 - brdfrugttrers\reggio.ini (PEHSTR_EXT)
 - blommestenenes\upflows.ini (PEHSTR_EXT)
 - nulpunktsgennemgange\claywares\Pagedom (PEHSTR_EXT)
 - blamability.dat (PEHSTR_EXT)
 - kernel32::SetComputerNameA(t 'artisternes') (PEHSTR_EXT)
 - Software\aflbsbrndenes\Orexis (PEHSTR_EXT)
 - DllUnregisterServer (PEHSTR_EXT)
 - Pruritus\Unhuskable\Opgrelser.Sty (PEHSTR_EXT)
 - Sangeres\Tredveaarsdages\Automatteorien.ini (PEHSTR_EXT)
 - Besvrliggrelserne\Pixiness.Inv (PEHSTR_EXT)
 - Alumin\Studieglds\Statsamternes\Nonegregiousness.ini (PEHSTR_EXT)
 - Nringsmaterialernes229.ini (PEHSTR_EXT)
 - Skibsvrftets\Featherfoil.ini (PEHSTR_EXT)
 - Harmoniserings\Compassment3.lnk (PEHSTR_EXT)
 - Panthea\Binoculars\afslutningens\Handelshindringerne.Unf141 (PEHSTR_EXT)
 - Unmullioned\Uanmeldte\Nordamerikansk\Knogleledets.ini (PEHSTR_EXT)
 - rkkehusets\Nyttet\Galoping.Kno (PEHSTR_EXT)
 - Blreroden\Kernereaktorens.dll (PEHSTR_EXT)
 - Pureen\Netti\Pyloralgia.dll (PEHSTR_EXT)
 - isbjergets\brandinspektrerne\regnens (PEHSTR_EXT)
 - Laurbrkransene.pri (PEHSTR_EXT)
 - Svelningers.ini (PEHSTR_EXT)
 - opfrelses\tippelad\generalinders (PEHSTR_EXT)
 - germayne.txt (PEHSTR_EXT)
 - \Knoxvillite\Loosened\Afgaaet\Trkkerens (PEHSTR_EXT)
 - \Recostumed\Nikkelheftedes (PEHSTR_EXT)
 - Slippes2.lnk (PEHSTR_EXT)
 - Lnkontos.Dew (PEHSTR_EXT)
 - thirdness\Transphysical\burhne.dll (PEHSTR_EXT)
 - Uninstall\Cerviciplex (PEHSTR_EXT)
 - Weathergleam\Tidsskriftsbiblioteket.STY (PEHSTR_EXT)
 - Agedly\BALISTRARIA\Nudelsuppe.ini (PEHSTR_EXT)
 - Detektivarbejders\Preaggravate\Feoffee.und (PEHSTR_EXT)
 - Exship59\optrnende.dll (PEHSTR_EXT)
 - Baandskifternes\protohistorian\Knuses187 (PEHSTR_EXT)
 - socialbegivenheden\hallucinationers.dll (PEHSTR_EXT)
 - physophore\straedet.ini (PEHSTR_EXT)
 - Gulvhjderne149\helsilkes.ini (PEHSTR_EXT)
 - Finanslovforslagets\Erholdelige (PEHSTR_EXT)
 - Skibsprovianteringshandlerens\Klapstol\Svenskekonger\Aasmund.ini (PEHSTR_EXT)
 - Plovers\Berigninger.Iar (PEHSTR_EXT)
 - Diskjockey\Clavariaceae\Spruciest\Investeringspolitikken.Eat (PEHSTR_EXT)
 - Flugtsikreste\Skabiosernes\knystet\Sfrers.Har (PEHSTR_EXT)
 - Stater Bros. Holdings Inc. (PEHSTR_EXT)
 - Viacom Inc (PEHSTR_EXT)
 - kundebrevet.exe (PEHSTR_EXT)
 - Dreyer's Grand Ice Cream, Inc. (PEHSTR_EXT)
 - Lennox International Inc. (PEHSTR_EXT)
 - Kellogg Company (PEHSTR_EXT)
 - Barnes & Noble, Inc. (PEHSTR_EXT)
 - invigilate havearkitekter.exe (PEHSTR_EXT)
 - Montricerne.Ben (PEHSTR_EXT)
 - Software\Procentuelles232\Frafaldsprocents\Forarbejdendes\Inceration (PEHSTR_EXT)
 - Kommunikationsfirmaet\Gldstningers.ini (PEHSTR_EXT)
 - Intercalm\Kommunikationsteknisk\Shauling\Stddmpers.Non (PEHSTR_EXT)
 - Vederheftigheden\Medeas\Malignment\Cullionry (PEHSTR_EXT)
 - ejdendes\Inceration (PEHSTR_EXT)
 - \unproselyte\besparelses (PEHSTR_EXT)
 - 6\Prefigure.emu (PEHSTR_EXT)
 - \stemmespildskampagnes.una (PEHSTR_EXT)
 - mellemteksten.exe (PEHSTR_EXT)
 - FileOperator.exe (PEHSTR_EXT)
 - ODControl.dll (PEHSTR_EXT)
 - OpenSSL-License.txt (PEHSTR_EXT)
 - SetupAURACreator.exe (PEHSTR_EXT)
 - ationalitetsmrket\isonomic\Subtersuperlative\Vehftets\skybanken.emp (PEHSTR_EXT)
 - skybanken.emp (PEHSTR_EXT)
 - screamed rumbaing sootish (PEHSTR_EXT)
 - klassifikationen.Sur (PEHSTR_EXT)
 - mediative\prioriteterne\smuglings (PEHSTR_EXT)
 - beklages.lnk (PEHSTR_EXT)
 - Besaetter\Propagandism.Ens (PEHSTR_EXT)
 - bassetternes.for (PEHSTR_EXT)
 - upstay.fac (PEHSTR_EXT)
 - septenarii\pelsbereder\sammenfatningen (PEHSTR_EXT)
 - suderne.fas (PEHSTR_EXT)
 - stratificerendes.hen (PEHSTR_EXT)
 - Partaker195.est (PEHSTR_EXT)
 - merinould.mon (PEHSTR_EXT)
 - fraadserierne.rip (PEHSTR_EXT)
 - skatkammer.opt (PEHSTR_EXT)
 - underskriftindsmlinger.man (PEHSTR_EXT)
 - Nonsuccour.whi (PEHSTR_EXT)
 - Elokvent.hal (PEHSTR_EXT)
 - Forgring.sam (PEHSTR_EXT)
 - krebanens\Antianaphylactogen18 (PEHSTR_EXT)
 - -\almacen\forskansning\attributvrditildelings (PEHSTR_EXT)
 - %fringer%\metoderne\symphonist (PEHSTR_EXT)
 - 99\galtrap\fraskrevne.ini (PEHSTR_EXT)
 - noncertainty\sandarter (PEHSTR_EXT)
 - Minigrants152.txt (PEHSTR_EXT)
 - subconsulship begramsedes.exe (PEHSTR_EXT)
 - amygdale\Uinitialiseret\restriktivitetens (PEHSTR_EXT)
 - #\Selvhjtidelig\calodemonial.ini (PEHSTR_EXT)
 - \megaara.Cer (PEHSTR_EXT)
 - Software\Shrilling221\melanemia (PEHSTR_EXT)
 - 99\Dkvingernes88\malaga (PEHSTR_EXT)
 - #\afsindigstes\physitheism\altingsmedlemmet (PEHSTR_EXT)
 - indefensibly\antiatomkampagnen (PEHSTR_EXT)
 - Levnedsmiddelet.hyd (PEHSTR_EXT)
 - vejningers.jpg (PEHSTR_EXT)
 - Software\replaster\uninterpleaded (PEHSTR_EXT)
 - Recants\kirsebrsten\rhesuspositiv (PEHSTR_EXT)
 - 99\multiplicere\mortify.Pun (PEHSTR_EXT)
 - $$\Grecianize\turritellidae.ini (PEHSTR_EXT)
 - %Undergrundsbane%\Akkusativobjekterne.Tan (PEHSTR_EXT)
 - mechanicalizations.bla (PEHSTR_EXT)
 - regalers.jpg (PEHSTR_EXT)
 - \Lividities\indlaegger\noncapillaries (PEHSTR_EXT)
 - 88\Disrespective\mouseweb.sup (PEHSTR_EXT)
 - 7\caryophyllene.bac (PEHSTR_EXT)
 - %Farcicality115%\venus (PEHSTR_EXT)
 - \bearnaisens\lejen.mac (PEHSTR_EXT)
 - kolonialt billedtppet.exe (PEHSTR_EXT)
 - 5\bedvelsens\Reaccelerates.ske (PEHSTR_EXT)
 - loddebolt\Newsdealers (PEHSTR_EXT)
 - %biosynthesize%\multipartite\sigvard (PEHSTR_EXT)
 - \retskrivningsreglens\domestikvrelses.ini (PEHSTR_EXT)
 - vulgarizer.exe (PEHSTR_EXT)
 - \ashipboard\kellen\knos (PEHSTR_EXT)
 - \Ordbogs\adjudantsnorenes.Ext241 (PEHSTR_EXT)
 - \Mellemmndenes224.ini (PEHSTR_EXT)
 - %vejlednings%\artillerymen\woodhung.pra (PEHSTR_EXT)
 - \gennemtrawles\gastroskopierne.dll (PEHSTR_EXT)
 - \hydranths\Dynamistic.pre (PEHSTR_EXT)
 - \fejltastning\femdobler\quasiparticle (PEHSTR_EXT)
 - 99\inhabilitetssprgsmaalet.tic (PEHSTR_EXT)
 - rekompenseres.jpg (PEHSTR_EXT)
 - unconformity nonimputatively.exe (PEHSTR_EXT)
 - toggler triumvirates.exe (PEHSTR_EXT)
 - charpiet\Summertide245\Anskueligt (PEHSTR_EXT)
 - motatory\Gudmdrene\krematorier (PEHSTR_EXT)
 - %Ineffektiviteterne40%\bejape\Lullet210 (PEHSTR_EXT)
 - %Trabucos%\protestations\unfiendlike (PEHSTR_EXT)
 - \funke\Befolkningsttheders75.kal (PEHSTR_EXT)
 - \Sugeskive140.smu (PEHSTR_EXT)
 - genfremstilles dmringer.exe (PEHSTR_EXT)
 - unstraightened\unpredicable\konstance (PEHSTR_EXT)
 - \dynelfterne\fremmedpolitis.Afk (PEHSTR_EXT)
 - %kajpladserne%\cordies\participerendes.Ann (PEHSTR_EXT)
 - 5\Snespurve.Mys (PEHSTR_EXT)
 - \breathalyze\adults.loc (PEHSTR_EXT)
 - #\Disallowance232\*.vej (PEHSTR_EXT)
 - busseronne.ini (PEHSTR_EXT)
 - vakuumers\sundhedsplejerskers\Skyggerne (PEHSTR_EXT)
 - Ansttelsesplaners\Metalloid205\Septics (PEHSTR_EXT)
 - %unreckingness%\Squelchy\kngtet (PEHSTR_EXT)
 - squilgees.exe (PEHSTR_EXT)
 - \conclusiveness\aflirende\kavaic (PEHSTR_EXT)
 - \didactive\eneprokura.ini (PEHSTR_EXT)
 - kompaktheden\Indfoerelsen126 (PEHSTR_EXT)
 - \majolicas\protonemata\operationsvrelser (PEHSTR_EXT)
 - televaerket\sladdertasker.sti (PEHSTR_EXT)
 - ilfre\indskuds\ (PEHSTR_EXT)
 - antibiotikaforbruget.exe (PEHSTR_EXT)
 - \Faginspektrerne\affugt\dunter (PEHSTR_EXT)
 - \constancy.ans (PEHSTR_EXT)
 - Lbrikkernes46.ini (PEHSTR_EXT)
 - kammerjunkerne.exe (PEHSTR_EXT)
 - flighting redescribes nasioinial (PEHSTR_EXT)
 - dovetailwise.exe (PEHSTR_EXT)
 - \Skolings\Logikkerne101\chirologies (PEHSTR_EXT)
 - synaxar\nonvirtuousness\resaca (PEHSTR_EXT)
 - 5\tilbagedateringernes\Forrevnes229.aff (PEHSTR_EXT)
 - \undertide\bessermachen.ini (PEHSTR_EXT)
 - Flagellants.txt (PEHSTR_EXT)
 - filsti laggards.exe (PEHSTR_EXT)
 - \startparametrets\Anablepses124\Spisebler (PEHSTR_EXT)
 - 99\perturbingly\metaplasis.for (PEHSTR_EXT)
 - \typhemia.atm (PEHSTR_EXT)
 - tvangsfuldbyrder.exe (PEHSTR_EXT)
 - #\Kalkvrksarbejderen84\chego\reverensens (PEHSTR_EXT)
 - supernovas\mesalliancers\Seksaaringen (PEHSTR_EXT)
 - \betrngtes\hockshin.Toe (PEHSTR_EXT)
 - nadvergst.exe (PEHSTR_EXT)
 - infeasibilities aquaduct.exe (PEHSTR_EXT)
 - surmlk screams cisset (PEHSTR_EXT)
 - \Unbeing55\kroer\tingid (PEHSTR_EXT)
 - Bosteder5.soc (PEHSTR_EXT)
 - Filstruktur.txt (PEHSTR_EXT)
 - copaline.unc (PEHSTR_EXT)
 - destemper.txt (PEHSTR_EXT)
 - ferske.kap (PEHSTR_EXT)
 - undergivelsens.ini (PEHSTR_EXT)
 - \proctoclysis\rosetan.fis (PEHSTR_EXT)
 - highcourt.exe (PEHSTR_EXT)
 - sandfanget\ophavsretsindehavers\marmorflisens (PEHSTR_EXT)
 - \supervacaneous\forestillingsverdner.col (PEHSTR_EXT)
 - 5\episodernes\Multiscreen.fra (PEHSTR_EXT)
 - %unoratorial%\universitetsforlag (PEHSTR_EXT)
 - #\imprgneringer\Botilla\hjlpefilens (PEHSTR_EXT)
 - grundlovstalens redhandedness.exe (PEHSTR_EXT)
 - Milieubeskyttelsessektorer\Acetylene (PEHSTR_EXT)
 - ts\ekstrafortjenestes.Rke (PEHSTR_EXT)
 - %sitre%\sidsers.Adr (PEHSTR_EXT)
 - vocoded differentieringer.exe (PEHSTR_EXT)
 - \bibliografers.tol (PEHSTR_EXT)
 - \Flimp137 (PEHSTR_EXT)
 - levnets\semireflexively (PEHSTR_EXT)
 - \Desertioner\uskikken.gif (PEHSTR_EXT)
 - \aandsevner\natricinae.ini (PEHSTR_EXT)
 - macrosymbiont.exe (PEHSTR_EXT)
 - byretsdommeres.exe (PEHSTR_EXT)
 - kirkegange\baltheus\digression (PEHSTR_EXT)
 - Precosmically\multihead (PEHSTR_EXT)
 - %seacross%\solcreme (PEHSTR_EXT)
 - \nooky\Concolour.ini (PEHSTR_EXT)
 - \spermatia (PEHSTR_EXT)
 - yor sebum discreet (PEHSTR_EXT)
 - usikkerhedsmomentets dekodningers.exe (PEHSTR_EXT)
 - \Sybaritism\Underprikkede (PEHSTR_EXT)
 - Skemalisterne.ini (PEHSTR_EXT)
 - \kontortelefon\octaval.jpg (PEHSTR_EXT)
 - Forceps\restigmatises\Torrence (PEHSTR_EXT)
 - \Delegerets144\dampningerne.kil (PEHSTR_EXT)
 - \enterorrhea\outtake.upf (PEHSTR_EXT)
 - %typebetegnelsers%\chlorinator\fogedretterne (PEHSTR_EXT)
 - kunstgdningers orkestergraven.exe (PEHSTR_EXT)
 - Atrierne\Uninstall\Cashewnddernes29\unsummarisable (PEHSTR_EXT)
 - \amphithalamus\indkaldelsesdagene.dll (PEHSTR_EXT)
 - \calendarial\wabblingly.Uno (PEHSTR_EXT)
 - %transportmidlets%\beskuelses.mar (PEHSTR_EXT)
 - licans voldelighederne.exe (PEHSTR_EXT)
 - Knight-Ridder Inc. (PEHSTR_EXT)
 - Medtronic Inc. (PEHSTR_EXT)
 - Comfort Systems USA Inc. (PEHSTR_EXT)
 - unreworded demimondn.exe (PEHSTR_EXT)
 - yarmelke gaunt.exe (PEHSTR_EXT)
 - \exulding\genrebestemmelses (PEHSTR_EXT)
 - Bifloderne90.ini (PEHSTR_EXT)
 - thelmas.exe (PEHSTR_EXT)
 - Burlington Resources Inc. (PEHSTR_EXT)
 - Landstar System Inc. (PEHSTR_EXT)
 - fiendliness horrorful.exe (PEHSTR_EXT)
 - \repetrpr\tabloidavis\portsmouth (PEHSTR_EXT)
 - -\betagelsers\stifinderens.jpg (PEHSTR_EXT)
 - %blgede%\hummeres\unsad (PEHSTR_EXT)
 - 7\fylke\scaphocerite.txt (PEHSTR_EXT)
 - fum espavel.exe (PEHSTR_EXT)
 - \Activate\Cannibalization\Distractible (PEHSTR_EXT)
 - konebytningens\purismen\pygmaean (PEHSTR_EXT)
 - %Azoturia%\lumina (PEHSTR_EXT)
 - animhdr vicevrtens.exe (PEHSTR_EXT)
 - Siliciumets\trykketeknikkerne\livsforsikringens (PEHSTR_EXT)
 - %Pseudoanatomic%\Krocket22 (PEHSTR_EXT)
 - 5\Snorkel.Eve (PEHSTR_EXT)
 - semicollegiate.exe (PEHSTR_EXT)
 - dolcan.exe (PEHSTR_EXT)
 - Regions Financial Corp. (PEHSTR_EXT)
 - amalgameret.exe (PEHSTR_EXT)
 - guiltiest.exe (PEHSTR_EXT)
 - tvangsrutens inversions.exe (PEHSTR_EXT)
 - \planular\undervisningsomraadets (PEHSTR_EXT)
 - \Fermenteret156\occlusocervical (PEHSTR_EXT)
 - honoreredes.aut (PEHSTR_EXT)
 - \Cathy\*.bin (PEHSTR_EXT)
 - %muggery%\Oxygens\Fletfilen (PEHSTR_EXT)
 - \enevrelser.ini (PEHSTR_EXT)
 - Allied Waste Industries, Inc. (PEHSTR_EXT)
 - formblingen statuses.exe (PEHSTR_EXT)
 - #\briskly\townhouses\Informationsbehandling80 (PEHSTR_EXT)
 - $$\unfrigidness\prsentation.une (PEHSTR_EXT)
 - 88\Bluejelly78\infinituple.tet (PEHSTR_EXT)
 - sovseskeernes\uncompliability\kriteriernes (PEHSTR_EXT)
 - %Unprisonable%\Onomastical\Diskurser.unt (PEHSTR_EXT)
 - Coca-Cola Enterprises Inc. (PEHSTR_EXT)
 - Outback Steakhouse Inc. (PEHSTR_EXT)
 - Maxim Integrated Products Inc. (PEHSTR_EXT)
 - diminishment.exe (PEHSTR_EXT)
 - angionoma.exe (PEHSTR_EXT)
 - Parker Hannifin Corp. (PEHSTR_EXT)
 - BMC Software Inc. (PEHSTR_EXT)
 - Federal Mogul Corp. (PEHSTR_EXT)
 - La-Z-Boy Inc. (PEHSTR_EXT)
 - markren gedekiddene.exe (PEHSTR_EXT)
 - stiltifying registertekstens.exe (PEHSTR_EXT)
 - \Raspberry33\Programudviklings (PEHSTR_EXT)
 - %bibeholdtes%\beluredes (PEHSTR_EXT)
 - konometriske\Stilsikre221\tudkoppernes (PEHSTR_EXT)
 - \aadselgravernes\forlberens.jpg (PEHSTR_EXT)
 - Unvenerated.obo (PEHSTR_EXT)
 - gymnotoka.rea (PEHSTR_EXT)
 - Polyphyletic\Wages93 (PEHSTR_EXT)
 - knsrolledebatterne jockeyism (PEHSTR_EXT)
 - malmsey minimumskravet.exe (PEHSTR_EXT)
 - \forsmmelses\galehus (PEHSTR_EXT)
 - \westling\skindhuerne.ini (PEHSTR_EXT)
 - \trykkogeres.gif (PEHSTR_EXT)
 - \Endestationers\Selvbefrugtningernes.ini (PEHSTR_EXT)
 - \Kraftudfoldelser\Corrigibleness.lnk (PEHSTR_EXT)
 - Creephole\Fodpleje\cheminova (PEHSTR_EXT)
 - blindet\Admiralers175 (PEHSTR_EXT)
 - \Magteslsest\outgate.txt (PEHSTR_EXT)
 - %%\nonforfeiture\unslacking.ini (PEHSTR_EXT)
 - %elevskolerne%\unlocalizables\yvette (PEHSTR_EXT)
 - -\groteskes\Pletten113\fldeskummen (PEHSTR_EXT)
 - %shufflingly%\reporterede\Nonnatives (PEHSTR_EXT)
 - \mayorships\Epidemiologiens.ini (PEHSTR_EXT)
 - kulbrinterne aabnemuskels.exe (PEHSTR_EXT)
 - gadekasernens\nonnegligent\supergallantness (PEHSTR_EXT)
 - %stickiest%\christener\udsteningen (PEHSTR_EXT)
 - \sparable.bin (PEHSTR_EXT)
 - hyperbatbata twelvemo (PEHSTR_EXT)
 - hypotheses carbodynamite.exe (PEHSTR_EXT)
 - %reunionism%\billarderne\transpositively (PEHSTR_EXT)
 - converging antenneforeningerne.exe (PEHSTR_EXT)
 - furcula.exe (PEHSTR_EXT)
 - Software\jezail\spurveungernes (PEHSTR_EXT)
 - \plankevrket\petunia (PEHSTR_EXT)
 - anvendelsesformaalenes closeout.exe (PEHSTR_EXT)
 - ferierejsende scruple (PEHSTR_EXT)
 - proffesionelle.exe (PEHSTR_EXT)
 - \Witnessers153\raabte\amuletters (PEHSTR_EXT)
 - commingler dialyses (PEHSTR_EXT)
 - apprizal.exe (PEHSTR_EXT)
 - \arizonians\tollo (PEHSTR_EXT)
 - \pladsholderes\cithrens\monometalism (PEHSTR_EXT)
 - %Testkrslernes%\tehtten (PEHSTR_EXT)
 - menualternativernes.exe (PEHSTR_EXT)
 - \antoni\Kiaugh90\spiralfjedrene (PEHSTR_EXT)
 - sobe aarsbudgettet.exe (PEHSTR_EXT)
 - Servietter\forfends\ecclesiae (PEHSTR_EXT)
 - Tatariskes\gerningers\ (PEHSTR_EXT)
 - Kondicyklens.ini (PEHSTR_EXT)
 - %afviklingstids%\fjerde\driftsomkostnings (PEHSTR_EXT)
 - \rasher\tilfredsstillelsen.jpg (PEHSTR_EXT)
 - %tilst%\skolingsgrupper (PEHSTR_EXT)
 - suppressants\Pythonical\skattepolitiks (PEHSTR_EXT)
 - #\strafudmaalingen\reverent (PEHSTR_EXT)
 - %%\vildttllinger.ini (PEHSTR_EXT)
 - vederheftighederne.exe (PEHSTR_EXT)
 - %isometri%\styrtdykkeren (PEHSTR_EXT)
 - 5\haandarbejdernes\epoxyed.htm (PEHSTR_EXT)
 - infold daekker.exe (PEHSTR_EXT)
 - \fejelistens\ingrossing (PEHSTR_EXT)
 - %manyatta%\displeasurement\Underclutch193 (PEHSTR_EXT)
 - \sandwichmnd\jennets.ini (PEHSTR_EXT)
 - broderparrene.exe (PEHSTR_EXT)
 - \Kobberstikket169\helicograph (PEHSTR_EXT)
 - %mulishness%\Nonleaking.bin (PEHSTR_EXT)
 - dedicerendes sintoism.exe (PEHSTR_EXT)
 - posologic rit.exe (PEHSTR_EXT)
 - \countercriticisms\erector\heltedigtene (PEHSTR_EXT)
 - kommunikationslinier.spr (PEHSTR_EXT)
 - gruffish.exe (PEHSTR_EXT)
 - rhinskes\Terrorregimenternes (PEHSTR_EXT)
 - boretaarnets\myosers (PEHSTR_EXT)
 - %mareridt%\atestine.bin (PEHSTR_EXT)
 - unhospital hydrologisk.exe (PEHSTR_EXT)
 - \sovjetten\privateness (PEHSTR_EXT)
 - %afbildninger%\hovedtj\salably.jpg (PEHSTR_EXT)
 - rhymemaking piltastens.exe (PEHSTR_EXT)
 - floristic opver.exe (PEHSTR_EXT)
 - \unniggard\aggraveringens\abettor (PEHSTR_EXT)
 - magikernes.exe (PEHSTR_EXT)
 - \Landeplager52.Tek (PEHSTR_EXT)
 - Trones.jpg (PEHSTR_EXT)
 - extenso.ini (PEHSTR_EXT)
 - priacanthidae.jpg (PEHSTR_EXT)
 - \Vandlidende.Rug (PEHSTR_EXT)
 - amfibietankenes.exe (PEHSTR_EXT)
 - %antimonopoly%\muscavado\Bustrafik (PEHSTR_EXT)
 - misadjust konfigurationsprogram.exe (PEHSTR_EXT)
 - presubmitting klaustrofobi.exe (PEHSTR_EXT)
 - prcedensens\Barselsorlovernes\retshjlpens (PEHSTR_EXT)
 - %Pointers%\Prevalidly246\Sammenklumpet (PEHSTR_EXT)
 - masturbation lserinderne (PEHSTR_EXT)
 - thakurate.exe (PEHSTR_EXT)
 - disaugment thrummed.exe (PEHSTR_EXT)
 - \contaminations\drillesygeste (PEHSTR_EXT)
 - %rennases%\indocibleness\finansministrenes (PEHSTR_EXT)
 - %sidy%\mygges\Vidneafhringers (PEHSTR_EXT)
 - asellate\Mummery119.exe (PEHSTR_EXT)
 - \bolsjers\Indlsendes.ini (PEHSTR_EXT)
 - \narrene\Karteuser125.dll (PEHSTR_EXT)
 - \udryddet\Bengnaverne53\udturenes (PEHSTR_EXT)
 - skovkanter\bryan\variocuopler (PEHSTR_EXT)
 - %Beadings%\Abdomen\Smirching (PEHSTR_EXT)
 - \interrupter\fotogrammetri.jpg (PEHSTR_EXT)
 - \gorvarehandelen\kendemrkers.htm (PEHSTR_EXT)
 - lighedspunkterne.exe (PEHSTR_EXT)
 - \kringlernes\lumberjacks (PEHSTR_EXT)
 - ismejeri\cordylanthus\suppose (PEHSTR_EXT)
 - %tabers%\afmonterer\dillerdaller (PEHSTR_EXT)
 - \Sprogbrugerne\enerne.txt (PEHSTR_EXT)
 - demokratiernes\horograph\stuporific (PEHSTR_EXT)
 - %thurst%\indsmrer\waldgravine (PEHSTR_EXT)
 - alchemister.exe (PEHSTR_EXT)
 - liggeplads valentino.exe (PEHSTR_EXT)
 - tilstandsform.wal (PEHSTR_EXT)
 - sekularismens.tre (PEHSTR_EXT)
 - immigrationen.jol (PEHSTR_EXT)
 - cindersbanernes.fic (PEHSTR_EXT)
 - outtricking\Detentions\liniefring (PEHSTR_EXT)
 - ekskluderet emendations.exe (PEHSTR_EXT)
 - Sagndannelses.jay (PEHSTR_EXT)
 - Centripetalkraftens151.mul (PEHSTR_EXT)
 - Pulverizes.Kom57 (PEHSTR_EXT)
 - Chunari.Car (PEHSTR_EXT)
 - chiropraxis.kil (PEHSTR_EXT)
 - Itsy.kat (PEHSTR_EXT)
 - \Lasten162\Pulverizes.Kom57 (PEHSTR_EXT)
 - Carnify.jpg (PEHSTR_EXT)
 - Dumpingpriss227.ret (PEHSTR_EXT)
 - chadors.fis (PEHSTR_EXT)
 - ordknappeste.dom (PEHSTR_EXT)
 - recipiomotor.ini (PEHSTR_EXT)
 - \Dims49\kreplan.jpg (PEHSTR_EXT)
 - ryddeligeres.gid (PEHSTR_EXT)
 - \sceptry\decibels\prisklasser (PEHSTR_EXT)
 - \reserveofficerers.jpg (PEHSTR_EXT)
 - \kunstfrdigt.lnk (PEHSTR_EXT)
 - \Cotylophorous\Calvinisten.zip (PEHSTR_EXT)
 - \affutager\bougainvillaeas.ini (PEHSTR_EXT)
 - Prohumanistic1.sil (PEHSTR_EXT)
 - caravanist.mem (PEHSTR_EXT)
 - redaktren.fri (PEHSTR_EXT)
 - \Saddeltags183 (PEHSTR_EXT)
 - \Soveposer\brysthule.txt (PEHSTR_EXT)
 - \Grusgrave191\afgiftsordningernes.zip (PEHSTR_EXT)
 - Pyramidella.enj (PEHSTR_EXT)
 - Sentinelling.occ (PEHSTR_EXT)
 - betingede.pea (PEHSTR_EXT)
 - \Turbojetternes129\saneringsplaner.zip (PEHSTR_EXT)
 - \bemused\halicot (PEHSTR_EXT)
 - \zarinas\aareforfedtningens (PEHSTR_EXT)
 - \Chapelry76.bmp (PEHSTR_EXT)
 - Deklamatorens.tro (PEHSTR_EXT)
 - Suttekludene.rel (PEHSTR_EXT)
 - dumrians.taf (PEHSTR_EXT)
 - prepend.kon (PEHSTR_EXT)
 - \equiomnipotent\vangers.txt (PEHSTR_EXT)
 - ridiculise\tossehovedernes\ (PEHSTR_EXT)
 - \Balloteret.gif (PEHSTR_EXT)
 - \acquent.ini (PEHSTR_EXT)
 - \strandbredders.htm (PEHSTR_EXT)
 - \Visioner\postically.zip (PEHSTR_EXT)
 - \pretrernes\museums.jpg (PEHSTR_EXT)
 - ethylenically\temblors.txt (PEHSTR_EXT)
 - \Mea175.exe (PEHSTR_EXT)
 - \dialogbokse\nedslagtede.txt (PEHSTR_EXT)
 - \uarbejdsdygtiges\godsterminalernes.ini (PEHSTR_EXT)
 - Phenomenalize46.ini (PEHSTR_EXT)
 - \parodi\nonexceptionally.lnk (PEHSTR_EXT)
 - \Venskabsbyernes234\breaths.jpg (PEHSTR_EXT)
 - Godet65.gyt (PEHSTR_EXT)
 - gengldelsers.unf (PEHSTR_EXT)
 - overforsikre.med (PEHSTR_EXT)
 - summeriest.app (PEHSTR_EXT)
 - \surcharges.ini (PEHSTR_EXT)
 - \Snailery\Administrant.ini (PEHSTR_EXT)
 - \knledene.ini (PEHSTR_EXT)
 - \abolitionised\antiendowment.ini (PEHSTR_EXT)
 - \lumberman.ini (PEHSTR_EXT)
 - patchworky\Unbeveled (PEHSTR_EXT)
 - chingma\Uninstall\prerevised\Kadaver67 (PEHSTR_EXT)
 - \art\Pharynges.lnk (PEHSTR_EXT)
 - \plotting\glosserede.dll (PEHSTR_EXT)
 - givingly\Husstv\centrifugalsprederen (PEHSTR_EXT)
 - Beehive\flleshuses\Photopic (PEHSTR_EXT)
 - \inappetence\biplanerne\Kamuflerendes.gif (PEHSTR_EXT)
 - \Nedslaaedes174\statsgarantiens.ini (PEHSTR_EXT)
 - \usselheden\tagpappens.ini (PEHSTR_EXT)
 - \Reinjures\medsendtes (PEHSTR_EXT)
 - \tolvaarsfdselsdagen\festugen (PEHSTR_EXT)
 - \stemmejerns\katodestraalernes.htm (PEHSTR_EXT)
 - \Galactocele.ini (PEHSTR_EXT)
 - Remrkedes.sis (PEHSTR_EXT)
 - Brudfladen.Dra (PEHSTR_EXT)
 - Maleriudstillingerne98.jpg (PEHSTR_EXT)
 - \Ottavas\Kronerne (PEHSTR_EXT)
 - startbogstaver.bin (PEHSTR_EXT)
 - \Brugsklart\dataskrme.lnk (PEHSTR_EXT)
 - \almenhedens (PEHSTR_EXT)
 - \Flokatis58.ini (PEHSTR_EXT)
 - \Divertila (PEHSTR_EXT)
 - \bearer.ini (PEHSTR_EXT)
 - bonkammeraters.fli (PEHSTR_EXT)
 - overordentliges.gul (PEHSTR_EXT)
 - overprsidiets.tin (PEHSTR_EXT)
 - sirki.kue (PEHSTR_EXT)
 - \bagflikninger\mozarab.ini (PEHSTR_EXT)
 - Amalgamernes.txt (PEHSTR_EXT)
 - Endothermous.txt (PEHSTR_EXT)
 - Resultatfelternes.ini (PEHSTR_EXT)
 - Udenrigsredaktrerne.txt (PEHSTR_EXT)
 - femtoneskalaer.nat (PEHSTR_EXT)
 - gargol.jpg (PEHSTR_EXT)
 - incapacitation.man (PEHSTR_EXT)
 - tekrusenes.pro (PEHSTR_EXT)
 - venire.jpg (PEHSTR_EXT)
 - amariterkursus\decaesarize\Eksekverbar (PEHSTR_EXT)
 - Electropotential\Brombrrenes82\Proteles (PEHSTR_EXT)
 - .\Enakteres101.ini (PEHSTR_EXT)
 - #\dommervagts\hypogonadism.jpg (PEHSTR_EXT)
 - %unlavished%\vindue (PEHSTR_EXT)
 - \aigialosauridae\ded.bin (PEHSTR_EXT)
 - \Threskiornithidae\Upaaviseligheden.htm (PEHSTR_EXT)
 - 99\udbredte.gif (PEHSTR_EXT)
 - \Undertrykkelses\bacalao\Bipeltate183 (PEHSTR_EXT)
 - eeyuch\Lithotresis215\tankangrebets (PEHSTR_EXT)
 - 99\onlookers\qoheleth.ini (PEHSTR_EXT)
 - %relabeler%\Pibloktos\uldtrjer (PEHSTR_EXT)
 - -\Opfindsomste.exe (PEHSTR_EXT)
 - \Megapterine109.ini (PEHSTR_EXT)
 - \produktivitet\Galvanopsychic (PEHSTR_EXT)
 - \dowl.txt (PEHSTR_EXT)
 - Opacite.Hom (PEHSTR_EXT)
 - Ddt17.hom (PEHSTR_EXT)
 - arbejdsfunktion.ich (PEHSTR_EXT)
 - kaskades.gle (PEHSTR_EXT)
 - rewrite.whi (PEHSTR_EXT)
 - ubehagelighedernes\Levitate\stoppende (PEHSTR_EXT)
 - %bider%\schnauzers\udviklingshastighedens (PEHSTR_EXT)
 - %monoprogrammings%\erma\undogmatical (PEHSTR_EXT)
 - \Maaneformrkelse.ini (PEHSTR_EXT)
 - \spinderokkes\Gennempletterede.bin (PEHSTR_EXT)
 - \mineralizables\niggerfish\Erhvervslederne (PEHSTR_EXT)
 - \Synaloepha.jpg (PEHSTR_EXT)
 - \halma.ini (PEHSTR_EXT)
 - \bippene\spydspidsens.ini (PEHSTR_EXT)
 - sikkerhedskopierings.jpg (PEHSTR_EXT)
 - \hstmaskine\artificialness.ini (PEHSTR_EXT)
 - molekylrt\skospndets\troposfrens (PEHSTR_EXT)
 - \Frerskab\stningsstrukturens.dll (PEHSTR_EXT)
 - myrialitre\forsvenskendes\falsities (PEHSTR_EXT)
 - %komtessernes%\Overfaintly\mouthpiece (PEHSTR_EXT)
 - bigamists logomancy.exe (PEHSTR_EXT)
 - \gniderierne (PEHSTR_EXT)
 - \medicophysical.txt (PEHSTR_EXT)
 - \rotteflde\anlgsjemedene.exe (PEHSTR_EXT)
 - \philomathy.gif (PEHSTR_EXT)
 - \astmalgernes\jagtbdes.bin (PEHSTR_EXT)
 - \nordeuropiske.exe (PEHSTR_EXT)
 - \elitekorps.dll (PEHSTR_EXT)
 - \kaladana\stablendes.bin (PEHSTR_EXT)
 - Navigabel.jpg (PEHSTR_EXT)
 - bariatrics.ini (PEHSTR_EXT)
 - saloons.exe (PEHSTR_EXT)
 - \Somniloquy158\Dromedarerne39\skidesurt (PEHSTR_EXT)
 - %Tegnomraadet%\overtalelsesevne\uncourtesy (PEHSTR_EXT)
 - caliber.exe (PEHSTR_EXT)
 - Fringing\hovedkortene (PEHSTR_EXT)
 - %asian%\aularian (PEHSTR_EXT)
 - efterbrndere antifoniers.exe (PEHSTR_EXT)
 - elevcentreredes\ramified (PEHSTR_EXT)
 - %onagers%\opholdsstuers\ddslejernes (PEHSTR_EXT)
 - \kemikalies\jamnia.lnk (PEHSTR_EXT)
 - \tjrnekrattet\deheathenize.ini (PEHSTR_EXT)
 - Nonplatitudinously.ene (PEHSTR_EXT)
 - \Roesukkerets23\raught (PEHSTR_EXT)
 - Acetoxyphthalide124.txt (PEHSTR_EXT)
 - Artet45.cat (PEHSTR_EXT)
 - Forskningsprojekters102.jpg (PEHSTR_EXT)
 - Insuppressibility.ini (PEHSTR_EXT)
 - efterbehandlende.jpg (PEHSTR_EXT)
 - veltilfredheden.avl (PEHSTR_EXT)
 - \befallen\Prislags.ini (PEHSTR_EXT)
 - \vandforsyningernes\overobediently\cauboge (PEHSTR_EXT)
 - \nednormeringens\hayburner.ini (PEHSTR_EXT)
 - \bralrende\audings.htm (PEHSTR_EXT)
 - \fewness\hypotesens.dll (PEHSTR_EXT)
 - \Forbigangen162\grundvandsbeskyttelsens.jpg (PEHSTR_EXT)
 - \tndingsnglerne (PEHSTR_EXT)
 - \contignate.lnk (PEHSTR_EXT)
 - Preutilizing49.txt (PEHSTR_EXT)
 - \quippy.txt (PEHSTR_EXT)
 - \vestvggens.htm (PEHSTR_EXT)
 - \style.Nig (PEHSTR_EXT)
 - \threshel\trimellitic.ini (PEHSTR_EXT)
 - Valmuefrs.Ove (PEHSTR_EXT)
 - Afprik.txt (PEHSTR_EXT)
 - Centraliseret.jpg (PEHSTR_EXT)
 - Decarbonylating.ini (PEHSTR_EXT)
 - Tedesca.jpg (PEHSTR_EXT)
 - opbevaringskapaciteternes.txt (PEHSTR_EXT)
 - -\anderledestnkende\convival (PEHSTR_EXT)
 - honeyhearted\Earthslide78\susser (PEHSTR_EXT)
 - 88\Larrup\Accursedly.zip (PEHSTR_EXT)
 - DST Systems, Inc. (PEHSTR_EXT)
 - E.W. Scripps Company (PEHSTR_EXT)
 - rouleauers.exe (PEHSTR_EXT)
 - gradiometer\juloid\sodalithite (PEHSTR_EXT)
 - %harvendes%\lykkeflelsen (PEHSTR_EXT)
 - Bristol-Myers Squibb Company (PEHSTR_EXT)
 - urpremieres.exe (PEHSTR_EXT)
 - \protesen\kendingssignaler (PEHSTR_EXT)
 - \scientolism\oplsningernes.bin (PEHSTR_EXT)
 - %Ordvekslingens%\inadvertant\billardkuglerne (PEHSTR_EXT)
 - Fremtidsforskeren35.ini (PEHSTR_EXT)
 - Quanta Services Inc. (PEHSTR_EXT)
 - pachyglossous.exe (PEHSTR_EXT)
 - registreringsafgiftens xylidine.exe (PEHSTR_EXT)
 - \gehejmeraadernes\Inconscience62 (PEHSTR_EXT)
 - %Club%\Racisten239\ltningens (PEHSTR_EXT)
 - erotic annizettes.exe (PEHSTR_EXT)
 - arealberegningerne knleddet.exe (PEHSTR_EXT)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: RFQ 6572.js
c704b08514affc5f1279452cab3907875c3d3fde90dd302c60bfd2db219a56d9
17/12/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the infected system immediately. Perform a comprehensive antivirus scan to remove all detected threats and check for persistence mechanisms. Block the identified malicious URL (tinyurl.com/y5dsc4ag) at the network perimeter. Due to the nature of loader malware, consider re-imaging the system or restoring from a known clean backup to ensure complete eradication.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 17/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$