Trojan:Win32/CryptInject!MSR

user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/CryptInject!MSR
Trojan:Win32/CryptInject!MSR - Windows Defender threat signature analysis
$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/CryptInject!MSR
Classification:
Type:Trojan
Platform:Win32
Family:CryptInject
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!MSR
High-priority threat flagged by Microsoft Security Response
Confidence:Very High
False-Positive Risk:Low
Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family CryptInject
VDM Static Detection:
Relevant strings associated with this threat:
 - GetExecutingAssembly (PEHSTR_EXT)
 - .fuck.exe (PEHSTR)
 - e\@ee [ (PEHSTR_EXT)
 - U/1%+ (PEHSTR_EXT)
 -  |f3/%+ (PEHSTR_EXT)
 -  W/kuZ  (PEHSTR_EXT)
 - WizzByPass.pdb (PEHSTR)
 - WizzByPass.exe (PEHSTR)
 - CiderMeddeb.Tekri.C4 (PEHSTR)
 - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTDLL.DLL (PEHSTR_EXT)
 - 6JKLDFHSDGHJKFSDJHGFSDGHJFSDGHJFGHJSDHJGSDF#GlobalAlloc (PEHSTR)
 - pdf_reader.crt (PEHSTR_EXT)
 - sqllite.dll (PEHSTR_EXT)
 - \m.dll (PEHSTR_EXT)
 - \aap.ppk (PEHSTR_EXT)
 - \pdf.exe (PEHSTR_EXT)
 - .VmDetector.Win32 (PEHSTR_EXT)
 - \Gleaned\purecall\win32p6.pdb (PEHSTR_EXT)
 - failed.fKelectedpJulyandhas (PEHSTR_EXT)
 - releases\o56GtreadDesktopv83045p6.pdb (PEHSTR_EXT)
 - A:\Code\Macro (PEHSTR_EXT)
 - NB2\Request\PostData (PEHSTR_EXT)
 - .exe (PEHSTR_EXT)
 - -u https://cortanasyn.com/kirr (PEHSTR_EXT)
 - .png -t 200000 (PEHSTR_EXT)
 - -u https://syn.servebbs.com/kuss (PEHSTR_EXT)
 - .gif -t 200000 (PEHSTR_EXT)
 - \Macro (PEHSTR_EXT)
 - new\Request\PostData (PEHSTR_EXT)
 - -u https://office.allsafebrowsing.com/fdsw (PEHSTR_EXT)
 - .png -t 240000 (PEHSTR_EXT)
 - \Programme\Autostart\ (PEHSTR)
 - \exc.exe (PEHSTR)
 - Win32.crAcker.A (PEHSTR)
 - youporn.com (PEHSTR)
 - ShellExecuteA (PEHSTR)
 -  %s\box (PEHSTR_EXT)
 - Software\Microsoft\Windows NT\CurrentVersion\Windows (PEHSTR_EXT)
 - PAppInit_DLLs (PEHSTR_EXT)
 -  %s\box.lnk (PEHSTR_EXT)
 -  DLL (PEHSTR_EXT)
 - FgBJFXTh.exe (PEHSTR_EXT)
 - ?hackeRLO_project\Projet_2\project\hackerlo\Release\hackerlo.pdb (PEHSTR)
 - svchost.exe (PEHSTR)
 - v2.0.50727 (PEHSTR)
 - @WXYZabcBACDLMNOPQEFGHIJKRSTUVfghidepqrstjklmnouvwxyz4567890123+/ (PEHSTR)
 - WGIlQWWMWWWWaWWWW//2WWLiWWWWWWWWWQWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWiWWWWW8 (PEHSTR)
 - NoLove.exe (PEHSTR)
 - winspool.drv (PEHSTR)
 - http://goo.gl/YroZm (PEHSTR)
 - \projecto jogo\System32\System32\ (PEHSTR_EXT)
 -  \System32.pdb (PEHSTR_EXT)
 - SmartAssembly.HouseOfCards (PEHSTR)
 - 192.3.157.104 (PEHSTR)
 - 185.161.209.183 (PEHSTR)
 - 185.161.210.111 (PEHSTR)
 - 185.157.79.115 (PEHSTR)
 - 176.107.177.54 (PEHSTR)
 - 193.111.155.137 (PEHSTR)
 - 'Start Menu\Programs\Startup\Windows.LNK (PEHSTR)
 - Test_Folder\Resources (PEHSTR)
 - Temp_Test.tester (PEHSTR)
 - 1C:\Users\lenovo\source\repos\Junk_Code_Lost_Files (PEHSTR)
 - file_exe (PEHSTR)
 - *\ClientPlugin\obj\Release\ClientPlugin.pdb (PEHSTR)
 - ClientPlugin.dll (PEHSTR)
 - runDllFromMemory (PEHSTR_EXT)
 - MSVBVM60.DLL (PEHSTR_EXT)
 - tupeu.dll (PEHSTR_EXT)
 - 5.21.1.32 (PEHSTR_EXT)
 - eyybc.com/forumdisplay.php?fid=17/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php (PEHSTR_EXT)
 - \shell\open\command (PEHSTR_EXT)
 - :\xampp\htdocs\Aspire\files\ (PEHSTR_EXT)
 - @.pdb (PEHSTR_EXT)
 - c:\temp\AutoWallpaper.bmp (PEHSTR_EXT)
 - Assembly for DotNetToJScript (PEHSTR)
 - 0pC05/wD3_=gxhB@X2Mf7@.pdb (PEHSTR)
 - /sochvst.bat (PEHSTR_EXT)
 - HEBECA@CHINA.COM (PEHSTR_EXT)
 - D:\Documents\Visual Studio 2015\Projects\BaseLoader\Release\BaseLoader.pdb (PEHSTR_EXT)
 - http://tf2hack.com/dashboard (PEHSTR_EXT)
 - \.\pipe\ (PEHSTR_EXT)
 - StealDB.exe (PEHSTR)
 - StealDB.My (PEHSTR)
 - _newversion\database\x64\Release\Winhttp_64.pdb (PEHSTR_EXT)
 - \Downloads\svhost.exe (PEHSTR_EXT)
 - \support_cript\ (PEHSTR_EXT)
 - Ransomware.exe (PEHSTR_EXT)
 - Debug\Ransomware.pdb (PEHSTR_EXT)
 - Spotify Checker.exe (PEHSTR)
 - cover\thousand\Mean\Death\Build\Reach\Believe\coastdraw.pdb (PEHSTR_EXT)
 - Administrator\Documents\Visual Studio 2005\Projects\Bomber2\release\Bomber2.pdb (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com (PEHSTR_EXT)
 - Hot\work\throw\hot\Log\Oftenrepresent.pdb (PEHSTR_EXT)
 - orderme/%s (PEHSTR_EXT)
 - Documents and Settings\Administrator\Adobe\Driver\dwg\pid.txt (PEHSTR_EXT)
 - QmServer.pdb (PEHSTR_EXT)
 - C:\TEMP\ (PEHSTR_EXT)
 - http://union.juzizm.com/api/live/server (PEHSTR_EXT)
 - union.xz345.cn (PEHSTR_EXT)
 - dh875.cn (PEHSTR_EXT)
 - http://down. (PEHSTR_EXT)
 - 0:8888/ok.txt (PEHSTR_EXT)
 - 8rise\Window\position\Character\opposite\Miss\lawCome.pdb (PEHSTR)
 - get_Computer (PEHSTR_EXT)
 - C:\Users\Yeti\AppData\Local\Temp\ (PEHSTR_EXT)
 -  .exe (PEHSTR)
 - FurkOS.Properties.Resources (PEHSTR)
 - 8D:\YT stuff\Sources\FurkOS\FurkOS\obj\Release\FurkOS.pdb (PEHSTR)
 - 0D:\YT stuff\FurkOS\FurkOS\obj\Release\FurkOS.pdb (PEHSTR)
 - FurkOS.Form1.resources (PEHSTR)
 - %FurkOS.Properties.Resources.resources (PEHSTR)
 - FurkOS.ks.resources (PEHSTR)
 - J\documents\visual studio 2010\Projects\DEltaFork\x64\Release\DEltaFork.pdb (PEHSTR)
 - dan\wsdl\paypal (PEHSTR_EXT)
 - SwatVelamen.dll (PEHSTR_EXT)
 - %%\rundll32.exe SwatVelamen,Pretor (PEHSTR_EXT)
 - handler-execution.exe (PEHSTR)
 - HandlerExecution.Properties (PEHSTR)
 - handler-execution.g.resources (PEHSTR)
 - %gJmuCVbFHLiKjGaGL1.tH7mVLwa4RepgWgcXe (PEHSTR)
 - 3aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources (PEHSTR)
 - /HandlerExecution.Properties.Resources.resources (PEHSTR)
 - handler-execution.pdb (PEHSTR)
 - DD:\workspace\workspace_c\FpHGg8Jo3h46_12\Release\FpHGg8Jo3h46_12.pdb (PEHSTR)
 - gfehi7.2ihsfa (PEHSTR)
 - +EdgeCookiesView\Release\EdgeCookiesView.pdb (PEHSTR)
 - reports.adexpertsmedia (PEHSTR)
 - jfiag_gg.exe (PEHSTR)
 - fjgha23_fa.txt (PEHSTR)
 - .dll (PEHSTR_EXT)
 - sadwqe54qwe5wq7e.Resources.resources (PEHSTR_EXT)
 - 1231.12312.1.1 (PEHSTR_EXT)
 - Cadbury Gifts Direct. (PEHSTR_EXT)
 - dbo.Doctors (PEHSTR_EXT)
 - dbo.Patients (PEHSTR_EXT)
 - dbo.Patient_Admissions (PEHSTR_EXT)
 - %%\rundll32.exe  (PEHSTR_EXT)
 - Execute: (PEHSTR_EXT)
 - $$\wininit.in (PEHSTR_EXT)
 - mstsc.exe (PEHSTR_EXT)
 - GGetExecutingAssembly (PEHSTR)
 - CompressionMode (PEHSTR)
 - DotNetPolyForms.frmSimpleGui.resources (PEHSTR_EXT)
 - DotNetPoly.safasdFSAF.resources (PEHSTR_EXT)
 - MonoGame.Form1.resources (PEHSTR_EXT)
 - Gs8LHszJHs.BHs>BHs[BHsmBHs (PEHSTR_EXT)
 - tavernHotelDirectorySystem.Mail46UC (PEHSTR_EXT)
 - VHs"VHs6VHsHVHs\VHsnVHs (PEHSTR_EXT)
 - PlaneGame.MDIParent1.resources (PEHSTR_EXT)
 - Dama.My (PEHSTR_EXT)
 - Dama.My.Resources (PEHSTR_EXT)
 - Dama.MDIParent1.resources (PEHSTR_EXT)
 - CashMeOut.Texas.resources (PEHSTR_EXT)
 - CashMeOut.BlackJackInstructions.resources (PEHSTR_EXT)
 - CashMeOut.SlotsGame.resources (PEHSTR_EXT)
 - CashMeOut.FiveCardDrawHome.resources (PEHSTR_EXT)
 - aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources (PEHSTR_EXT)
 - .g.resources (PEHSTR_EXT)
 - ssssssssssdssssssss.My (PEHSTR_EXT)
 - dffffffffffffffffffff.dll (PEHSTR_EXT)
 - ddddd.dll (PEHSTR_EXT)
 - ffffffff.dll (PEHSTR_EXT)
 - dfdddddddff.dll (PEHSTR_EXT)
 - ssssssssssdssssssss.Resources.resources (PEHSTR_EXT)
 - 95c69371b9246fe37c3898b7dd200bc1.95c69371b9246fe37c3898b7dd200bc1.Resources.resources (PEHSTR_EXT)
 - HahaProduction.Properties.Resources (PEHSTR_EXT)
 - WorMS.frmSupMan.resources (PEHSTR_EXT)
 - WorMS.Resources_icon.png (PEHSTR_EXT)
 - Resource_Stock.dat (PEHSTR_EXT)
 - Resource_Stock_temp.dat (PEHSTR_EXT)
 - butChangeFileDir.Image (PEHSTR_EXT)
 - WorMS.dlgHomeScreen_ChangeFileDir.resources (PEHSTR_EXT)
 - https://api.coinmarketcap.com/v1/ticker/ (PEHSTR_EXT)
 - SimpleTickerWindowsForms.SimpleTickerView.resources (PEHSTR_EXT)
 - lblTickerFormatInstructions.Text (PEHSTR_EXT)
 - https://github.com/JulianG97/TextEditor (PEHSTR_EXT)
 - Monopoly.Properties.Resources (PEHSTR_EXT)
 - Clinic_Management_System.frm_Patient.resources (PEHSTR_EXT)
 - Clinic_Management_System.MoafaMessageBox.resources (PEHSTR_EXT)
 - Clinic_Management_System.frm_Add_Patient.resources (PEHSTR_EXT)
 - Roblox.Properties.Resources (PEHSTR_EXT)
 - Cycle_Jump_Game.Form1.resources (PEHSTR_EXT)
 - Carte chance : La Banque vous doit 5 000 euros. (PEHSTR_EXT)
 - X3_Profile_Manager.RockPaperScissorsForm.resources (PEHSTR_EXT)
 - X3_Profile_Manager.CoinForm.resources (PEHSTR_EXT)
 - Aku.Properties.Resources (PEHSTR_EXT)
 - Vendetta Inc. (PEHSTR_EXT)
 - \Inofensivo\expansion\ (PEHSTR_EXT)
 -  \Debug\wmv.pdb (PEHSTR_EXT)
 - OF:\01_FG\02_selfproject\01_runtask\01_miansha\MyJiake2-dest\Release\MyJiake.pdb (PEHSTR)
 - gift.zip (PEHSTR_EXT)
 - VCDDaemon.exe (PEHSTR_EXT)
 - E:\work\productSvc\OutPutFile\Release\SevenDayBJSvc.pdb (PEHSTR_EXT)
 - SevenDayBJ.exe (PEHSTR_EXT)
 - Discord: trx-roblox.com/discord (PEHSTR_EXT)
 - https://pastebin.com/raw/7rXZ9VNc (PEHSTR_EXT)
 - OxygenBytecode.dll (PEHSTR_EXT)
 - PuppyMilkV3.exe (PEHSTR_EXT)
 - AnemoDLL.dll (PEHSTR_EXT)
 - https://discord.gg/trxroblox (PEHSTR_EXT)
 - 2345SafeTray.exe (PEHSTR_EXT)
 - C:\TEMP\bf.dat (PEHSTR_EXT)
 - Injecting.. (PEHSTR_EXT)
 - DownloadDLL (PEHSTR_EXT)
 - FBIMAGE.DLL (PEHSTR_EXT)
 - c:\windows\temp (PEHSTR_EXT)
 - chings@163.net (PEHSTR_EXT)
 - ontdll.dll (PEHSTR_EXT)
 - equickseeinst.exe (PEHSTR_EXT)
 - quickseeinst.dll (PEHSTR_EXT)
 - ShellExecute (PEHSTR_EXT)
 - IsCrypted (PEHSTR_EXT)
 - Decompress (PEHSTR_EXT)
 - msocxusys.dll (PEHSTR_EXT)
 - snxapi.exe (PEHSTR_EXT)
 - sgvrfy32.exe (PEHSTR_EXT)
 - GetComputerNameA (PEHSTR_EXT)
 - situro701zh.dll (PEHSTR_EXT)
 - qobxbguj7qe.dll (PEHSTR_EXT)
 - ltjtt40.dll (PEHSTR_EXT)
 - Fluxus V7.exe (PEHSTR_EXT)
 - Fluxus_IDE.Properties.Resources.resources (PEHSTR_EXT)
 - \RobloxPlayerBeta.exe (PEHSTR_EXT)
 - /C Inject.bat (PEHSTR_EXT)
 - \bin\Discord.Fluxus (PEHSTR_EXT)
 - DACInject.exe (PEHSTR_EXT)
 - rbxscripts.xyz (PEHSTR_EXT)
 - /FluxusTeamAPI.dll (PEHSTR_EXT)
 - ShortPdddddsdddddddsfsdddddddddrocess Completed (PEHSTR_EXT)
 - ShortPddsaddddddddddddddddddrocess Compfsfleted (PEHSTR_EXT)
 - ShortPfafddddddddddddddddfdddrocess Completed (PEHSTR_EXT)
 - ShortPddddddfddddddddddfdddrocess Completed (PEHSTR_EXT)
 - Dsl32.txt (PEHSTR_EXT)
 - k-storage.com/bootstrapper/files/krnl.dll (PEHSTR_EXT)
 - ryos.best/api/update.jit (PEHSTR_EXT)
 - GetScriptData (PEHSTR_EXT)
 - krnlss.krnl_monaco.resources (PEHSTR_EXT)
 - injector.dll (PEHSTR_EXT)
 - krnlss.Games.resource (PEHSTR_EXT)
 - images/theme/log.php (PEHSTR_EXT)
 - 103.213.247.48 (PEHSTR_EXT)
 - Download.dll (PEHSTR_EXT)
 - WinHttpConnect (PEHSTR_EXT)
 - System.Reflection.Emit (PEHSTR_EXT)
 - DynamicDllInvokeType (PEHSTR_EXT)
 - fEXcXV.dll (PEHSTR_EXT)
 - ywuMLjBv.dll (PEHSTR_EXT)
 - BIitdAdBkB.dll (PEHSTR_EXT)
 - mXxRIqNQzj.dll (PEHSTR_EXT)
 - mUEkdPJY.dll (PEHSTR_EXT)
 - 6Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag (PEHSTR)
 - =Congratulations you have successfully manually injected a DLL (PEHSTR)
 - eastmedia3347.co.cc/d/dnl.php (PEHSTR_EXT)
 - httpb.exe (PEHSTR_EXT)
 - httpb run key (PEHSTR_EXT)
 - sremoveMe%i%i%i%i.bat (PEHSTR_EXT)
 - down.21195.com/jmx.txt (PEHSTR_EXT)
 - NtTerminate.exe (PEHSTR_EXT)
 - I.LOVE.YOU.txt.vbs (PEHSTR_EXT)
 - arrayService.txt (PEHSTR_EXT)
 - aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resource (PEHSTR_EXT)
 - Plates.dll (PEHSTR_EXT)
 - start AdminDenied.vbs (PEHSTR_EXT)
 - hqdefault.jpg (PEHSTR_EXT)
 - obj.DeleteFile("*.vbs") (PEHSTR_EXT)
 - DEL /f AutoRun.bat (PEHSTR_EXT)
 - del "%userprofile%\AppData\Roaming\Microsoft\Windows\start Menu\Programs\Startup\logoff.exe (PEHSTR_EXT)
 - programdata\ssh\loop1.bat (PEHSTR_EXT)
 - DllRegister (PEHSTR_EXT)
 - WindowsFormsApp3.exe (PEHSTR_EXT)
 - sll707xi3.exe (PEHSTR_EXT)
 - libwinpthread-1.dll (PEHSTR_EXT)
 - powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath (PEHSTR_EXT)
 - uccfursygylsjm.E (PEHSTR_EXT)
 - Malaga_game.Properties.Resource (PEHSTR_EXT)
 - SetupLdr.exe (PEHSTR_EXT)
 - 26.0.36039.7899 (PEHSTR_EXT)
 - kWinapi.PsAPI (PEHSTR_EXT)
 - ://www.wjmshome.com/SecretChat.htm (PEHSTR_EXT)
 - \jiami.exe (PEHSTR_EXT)
 - WinSta0\Default (PEHSTR_EXT)
 - Applications\iexplore.exe\shell\open\command (PEHSTR_EXT)
 - HARDWARE\DESCRIPTION\System\CentralProcessor\0 (PEHSTR_EXT)
 - fuckoff.exe (PEHSTR_EXT)
 - \repos\FuckOFFRunPE\x64\Release\FuckOFFRunPE.pdb (PEHSTR_EXT)
 - \|y\t (SNID)
 - %t\8BWY (SNID)
 - HuanLoader.pdb (PEHSTR_EXT)
 - BitGuard.Compress.Properties.Resources.resource (PEHSTR_EXT)
 - Sling.dll (PEHSTR_EXT)
 - Sling.g.resources (PEHSTR_EXT)
 - c:\some\file.dot.txt (PEHSTR_EXT)
 - c:\msf\3\http.dll (PEHSTR_EXT)
 - HcH\H (PEHSTR_EXT)
 - Tewzrbvvlalrk.Properties.Resources.resources (PEHSTR_EXT)
 - ConsoleApp13.exe (PEHSTR_EXT)
 - FilelessPELoader.pdb (PEHSTR_EXT)
 - C:\WINDOWS\SYSTEM32\rundll32.exe %s, run (PEHSTR_EXT)
 - powrprof.pdb (PEHSTR_EXT)
 - SvchostInjector.x64.dll (PEHSTR_EXT)
 - MapDLL (PEHSTR_EXT)
 - ShellCodeInjection.pdb (PEHSTR_EXT)
 - /hookingresults (PEHSTR_EXT)
 - taskkill /f /im taskmgr.exe (PEHSTR_EXT)
 - REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f (PEHSTR_EXT)
 - maldev.pdb (PEHSTR_EXT)
 - deps\shellcode_runner.pdb (PEHSTR_EXT)
 - evil-mhyprot-cli\x64\Release\evil-mhyprot-cli64.pdb (PEHSTR_EXT)
 - D;@\v (PEHSTR_EXT)
 - clfs_eop.pdb (PEHSTR_EXT)
 - %s\WINDESTROYER.EXE (PEHSTR_EXT)
 - YOUR SYSTEM HAS BEEN DESTROYED BY WINDESTROYER.EXE (PEHSTR_EXT)
 - DisableCMD (PEHSTR_EXT)
 - Qtlnyyqhiol.Annotations (PEHSTR_EXT)
 - dhX2PxzHzqnt.tip (PEHSTR_EXT)
 - .data (PEHSTR_EXT)
 - .rsrc (PEHSTR_EXT)
 - X bz\ (SNID)
 - .reloc (PEHSTR_EXT)
 - ".text (PEHSTR_EXT)
 - Cant Bypass R.A.C Hook (PEHSTR_EXT)
 - .pdata (PEHSTR_EXT)
 - kernel32.dll (PEHSTR_EXT)
 - browser.toolbars (PEHSTR_EXT)
 - extensions.torlauncher (PEHSTR_EXT)
 - http:// (PEHSTR_EXT)
 - sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd.onion/ (PEHSTR_EXT)
 - v5.mrmpzjjhn3sgtq5w.pro (PEHSTR_EXT)
 - executing (PEHSTR_EXT)
 - bcrypt.dll (PEHSTR_EXT)
 - TRM.Properties.Resources.resources (PEHSTR_EXT)
 - XcLoader_x64.dll (PEHSTR_EXT)
 - DllRegisterServer (PEHSTR_EXT)
 - .msvc (PEHSTR_EXT)
 - wallet.keys (PEHSTR_EXT)
 - t.me/bu77un (PEHSTR_EXT)
 - powershell.exe (PEHSTR_EXT)
 - passwords.txt (PEHSTR_EXT)
 - 01.png (PEHSTR_EXT)
 - \obj\Debug\Loader.pdb (PEHSTR_EXT)
 - 198.15.82.162 (PEHSTR_EXT)
 - nfhgbdxsvaglaxdmhekecaxahdfxqqdvgkcwwpektnyovmnjokbxwxcpptxpqbcwbrochvvmqueflgoevvwsxscr (PEHSTR_EXT)
 - E:\Code\T2H\CustomBuilds\CreateCustomBuilds\Release\BootStrapper\x64\Release\BootStrapper.pdb (PEHSTR_EXT)
 - Harns.dll (PEHSTR_EXT)
 - matrix1.txt (PEHSTR_EXT)
 - result_matrix.txt (PEHSTR_EXT)
 - \BS.pdb (PEHSTR_EXT)
 - ClassicIEDLL_64.dll (PEHSTR_EXT)
 - SaaSAPI.json (PEHSTR_EXT)
 - A)J\H (PEHSTR_EXT)
 - AYAX_^ZY[X\E (PEHSTR_EXT)
 - cmdnetstat -ano | findstr : (PEHSTR_EXT)
 - //indiefire.io:3306/timetrack (PEHSTR_EXT)
 - \AppData\Roaming\Exodus\exodus.wallet\ (PEHSTR_EXT)
 - \AppData\Local\Google\Chrome\User Data (PEHSTR_EXT)
 - /media/itemmedia (PEHSTR_EXT)
 - injection.dll (PEHSTR_EXT)
 - [+] Injected the DLL into process %lu (PEHSTR_EXT)
 - /DARJ.mp3up% (PEHSTR_EXT)
 - /KARK NEW.mp3PK (PEHSTR_EXT)
 - /Gata_Qudri_02.mp3PK (PEHSTR_EXT)
 - Hallaj.Properties (PEHSTR_EXT)
 - lover.exe (PEHSTR_EXT)
 - Amecd.exe (PEHSTR_EXT)
 - SmartAssembly.HouseOfCards (PEHSTR_EXT)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: 美国精料十二月全新思路大全.exe
a3c25b59d03904e7b450763e5864d933339f2c37c3d52e43f36bc82b417ff9d0
16/12/2025
→VirusTotal ↓Download Sample
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 16/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$ ▊
Trojan:Win32/CryptInject!MSR - Windows Defender Threat Analysis
