user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/FlyAgent!pz
Trojan:Win32/FlyAgent!pz - Windows Defender threat signature analysis

Trojan:Win32/FlyAgent!pz - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/FlyAgent!pz
Classification:
Type:Trojan
Platform:Win32
Family:FlyAgent
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!pz
Packed or compressed to evade detection
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family FlyAgent

VDM Static Detection:
Relevant strings associated with this threat:
 - SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp (PEHSTR_EXT)
 - SOFTWARE\Policies\Microsoft\Windows\Installer\EnableAdminTSRemote (PEHSTR_EXT)
 - net view \\ (PEHSTR_EXT)
 - Local Settings\History\History.IE5\ (PEHSTR_EXT)
 - HARDWARE\DESCRIPTION\System\CentralProcessor\0\ (PEHSTR_EXT)
 -  mci command handling window (PEHSTR_EXT)
 - image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword (PEHSTR_EXT)
 - \a3.ini (PEHSTR_EXT)
 - _And xMe.bat (PEHSTR_EXT)
 - Sky\E\Install\Path (PEHSTR_EXT)
 - on.exe (PEHSTR_EXT)
 - _And DeleteMe.bat (PEHSTR_EXT)
 - Software\FlySky\E\Install\Path (PEHSTR_EXT)
 - \msyianjiup. (PEHSTR_EXT)
 - Microsoft\VBS3.vbs (PEHSTR_EXT)
 - Microsoft\svchcst.exe (PEHSTR_EXT)
 - Microsoft\Config.ini (PEHSTR_EXT)
 - cmd.exe /c del svchcst.exe (PEHSTR_EXT)
 - Start Menu\Programs\Startup\wins.lnk (PEHSTR_EXT)
 - CurrentVersion\Run\360safo (PEHSTR_EXT)
 - \Windows\CurrentVersion\Run\360sofe (PEHSTR_EXT)
 - @Microsoft\Config.ini (PEHSTR_EXT)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForSoftwarePacking.C!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: 8654411303cde9d3.exe
8654411303cde9d37997f9a7d3e334b2f9640021a2099bc97a75badb92fad9a4
22/03/2026
VirusTotalDownload Sample
Filename: 760c768636b63ffd.exe
760c768636b63ffd7c8b053298de81f19a8583626e72a3c2eb88b1ae33a9bf0a
22/03/2026
VirusTotalDownload Sample
Filename: c97dd7d1c7415789383ebc30741cc860eefeb03a1363637a29999c5ec5a1e876
c97dd7d1c7415789383ebc30741cc860eefeb03a1363637a29999c5ec5a1e876
22/03/2026
VirusTotalDownload Sample
Filename: dd379852336bbf2b1b53c2b0c6f10f3f085b93fb2f75859f59179cfbd4544801
dd379852336bbf2b1b53c2b0c6f10f3f085b93fb2f75859f59179cfbd4544801
22/03/2026
VirusTotalDownload Sample
Filename: 2ef4ba00db739a54.exe
2ef4ba00db739a5408fd430b433298efee75db257eb0889a6a90fade159aa90b
22/03/2026
VirusTotalDownload Sample
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 22/03/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$