user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/FraudLoad!pz
Trojan:Win32/FraudLoad!pz - Windows Defender threat signature analysis

Trojan:Win32/FraudLoad!pz - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/FraudLoad!pz
Classification:
Type:Trojan
Platform:Win32
Family:FraudLoad
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!pz
Packed or compressed to evade detection
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family FraudLoad

Summary:

This threat is a Trojan from the FraudLoad family, designed to download and install other malicious software, often scareware or rogue security programs. It uses built-in Windows tools (PowerShell, BITS, Rundll32) for execution, establishes persistence via methods like scheduled tasks, and employs API hooking to evade detection.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: x1cc412d5bbe1723ca2332e90eb6f557c4b5a68716cfc.exe
1cc412d5bbe1723ca2332e90eb6f557c4b5a68716cfc10114147dc4a7c847e0b
12/01/2026
VirusTotalDownload Sample
Filename: b8b2c70cc07953bb074c435e454943e8c9a0c61cdcba59a1d666d0fdf4fce824
b8b2c70cc07953bb074c435e454943e8c9a0c61cdcba59a1d666d0fdf4fce824
25/12/2025
VirusTotalDownload Sample
Filename: 0ba338462106d5b37ab31cfd1a988017.exe
31cb03542a162f39f7bf1854bd38089cc7cab44f6114b472eeaa9b424bc99c34
19/12/2025
VirusTotalDownload Sample
Filename: 32f92e03997d4aae7109dcf0473079a07531087f3d7be.exe
32f92e03997d4aae7109dcf0473079a07531087f3d7be62dc9e283e7da3089a6
11/12/2025
VirusTotalDownload Sample
Filename: 5897231203e84a7a0a2dd11c8f40e3a1b81e4bd609367.exe
5897231203e84a7a0a2dd11c8f40e3a1b81e4bd6093675dbc7a129eadd58198d
24/11/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected machine from the network immediately. Run a full antivirus scan to remove all malicious components. Investigate and remove persistence mechanisms like scheduled tasks or startup entries, and change passwords for any accounts used on the device.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 24/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$