user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/FlyAgent!pz
Trojan:Win32/FlyAgent!pz - Windows Defender threat signature analysis

Trojan:Win32/FlyAgent!pz - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/FlyAgent!pz
Classification:
Type:Trojan
Platform:Win32
Family:FlyAgent
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!pz
Packed or compressed to evade detection
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family FlyAgent

VDM Static Detection:
Relevant strings associated with this threat:
 - SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp (PEHSTR_EXT)
 - SOFTWARE\Policies\Microsoft\Windows\Installer\EnableAdminTSRemote (PEHSTR_EXT)
 - net view \\ (PEHSTR_EXT)
 - Local Settings\History\History.IE5\ (PEHSTR_EXT)
 - HARDWARE\DESCRIPTION\System\CentralProcessor\0\ (PEHSTR_EXT)
 -  mci command handling window (PEHSTR_EXT)
 - image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword (PEHSTR_EXT)
 - \a3.ini (PEHSTR_EXT)
 - _And xMe.bat (PEHSTR_EXT)
 - Sky\E\Install\Path (PEHSTR_EXT)
 - on.exe (PEHSTR_EXT)
 - _And DeleteMe.bat (PEHSTR_EXT)
 - Software\FlySky\E\Install\Path (PEHSTR_EXT)
 - \msyianjiup. (PEHSTR_EXT)
 - Microsoft\VBS3.vbs (PEHSTR_EXT)
 - Microsoft\svchcst.exe (PEHSTR_EXT)
 - Microsoft\Config.ini (PEHSTR_EXT)
 - cmd.exe /c del svchcst.exe (PEHSTR_EXT)
 - Start Menu\Programs\Startup\wins.lnk (PEHSTR_EXT)
 - CurrentVersion\Run\360safo (PEHSTR_EXT)
 - \Windows\CurrentVersion\Run\360sofe (PEHSTR_EXT)
 - @Microsoft\Config.ini (PEHSTR_EXT)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForSoftwarePacking.C!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: 473630e03727fb5dfe8b0f0e79ae0622c73a8d9eb03c2b3dff8502fdcb927c28.exe.bin
473630e03727fb5dfe8b0f0e79ae0622c73a8d9eb03c2b3dff8502fdcb927c28
23/03/2026
VirusTotalDownload Sample
Filename: e76255644ad405934bc076a0051059420918102e69a62b32ba1d5afaa5d693fd.exe
e76255644ad405934bc076a0051059420918102e69a62b32ba1d5afaa5d693fd
23/03/2026
VirusTotalDownload Sample
Filename: a64e8c4a7e2ca3bd.exe
a64e8c4a7e2ca3bdf071fdb645bfd239955a7b9a973d557db2153405f21ede2f
23/03/2026
VirusTotalDownload Sample
Filename: 8654411303cde9d3.exe
8654411303cde9d37997f9a7d3e334b2f9640021a2099bc97a75badb92fad9a4
23/03/2026
VirusTotalDownload Sample
Filename: 760c768636b63ffd.exe
760c768636b63ffd7c8b053298de81f19a8583626e72a3c2eb88b1ae33a9bf0a
23/03/2026
VirusTotalDownload Sample
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 22/03/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$