user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/NSISInject!MTB
Trojan:Win32/NSISInject!MTB - Windows Defender threat signature analysis

Trojan:Win32/NSISInject!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/NSISInject!MTB
Classification:
Type:Trojan
Platform:Win32
Family:NSISInject
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family NSISInject

VDM Static Detection:
Relevant strings associated with this threat:
 - C:\xampp\htdocs\Loct (PEHSTR_EXT)
 - LLD PDB. (PEHSTR_EXT)
 - xampp\htdocs\Loct\ (PEHSTR_EXT)
 -  \Loader\ (PEHSTR_EXT)
 - \Release\ (PEHSTR_EXT)
 - GetCommandLineW (PEHSTR_EXT)
 - \^_[] (PEHSTR_EXT)
 - build\release-x64\tools-for-windows\Win32\services\rvmSetup\rvmSetup.pdb (PEHSTR_EXT)
 - Ragsokker\Frimodighed.Rep (PEHSTR_EXT)
 - Storlinjedes\Countertug.lnk (PEHSTR_EXT)
 - Sleepmarken\Besmittendes.ini (PEHSTR_EXT)
 - Wallowers\Foranstillet155\Retteprogrammernes14\Pardhan (PEHSTR_EXT)
 - Stowey.Paa (PEHSTR_EXT)
 - Sapidity.chi (PEHSTR_EXT)
 - Subangled.ini (PEHSTR_EXT)
 - Greened150.ini (PEHSTR_EXT)
 - Billetkontors.Scy (PEHSTR_EXT)
 - Efterskriver.dll (PEHSTR_EXT)
 - Uninstall\Thrashers (PEHSTR_EXT)
 - Outblaze\misdistribute.ini (PEHSTR_EXT)
 - Solbrmarmelades.Kur (PEHSTR_EXT)
 - Strunke.ini (PEHSTR_EXT)
 - Software\Systemfunktionerne (PEHSTR_EXT)
 - Forbldningers\Ratted.ini (PEHSTR_EXT)
 - Demokratiseret.Viz (PEHSTR_EXT)
 - Software\Melilites\Tkket (PEHSTR_EXT)
 - Software\misfortolkningens (PEHSTR_EXT)
 - Expirer.ini (PEHSTR_EXT)
 - Livsfaren\Chrilless.ini (PEHSTR_EXT)
 - Countershading.ini (PEHSTR_EXT)
 - Software\Communisteries\Masseskrivelsers\Lejders\Indkomstbeskattede (PEHSTR_EXT)
 - Heterogonously.Afl (PEHSTR_EXT)
 - Samtalepartners.Svu (PEHSTR_EXT)
 - Software\Unbefringed (PEHSTR_EXT)
 - Primitivitet50.Kny255 (PEHSTR_EXT)
 - Statsrettens29.Dis (PEHSTR_EXT)
 - Fragmenterende.Gte (PEHSTR_EXT)
 - Software\Kirkegaardsjordene\Tru\Donkeymndenes\Paralyseringernes (PEHSTR_EXT)
 - Kayoing.dll (PEHSTR_EXT)
 - Trkkrogenes.Ass (PEHSTR_EXT)
 - udgivelsesdage.ini (PEHSTR_EXT)
 - Absorbancy.unp (PEHSTR_EXT)
 - Discoplacental.Uno (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Uninstall\Flsen\Kattelems\Myggens58 (PEHSTR_EXT)
 - Spontanspillene.Pre (PEHSTR_EXT)
 - Buol\arithmetic.ini (PEHSTR_EXT)
 - sideboard\genotoxicity.bin (PEHSTR_EXT)
 - markerboard\secretaire\acceptant.txt (PEHSTR_EXT)
 - faceless.docx (PEHSTR_EXT)
 - Macabreness.Unh (PEHSTR_EXT)
 - Aktieuroen\Sophisticalness\Forretningsordens.dll (PEHSTR_EXT)
 - Galactopyranoside.lnk (PEHSTR_EXT)
 - Hits47.Til (PEHSTR_EXT)
 - Talelidelsernes\Ciceronian\Standkister (PEHSTR_EXT)
 - Software\Nonobviousness\Transship\laurbrkransen (PEHSTR_EXT)
 - Rentebelbene.Hem (PEHSTR_EXT)
 - Derouters.lnk (PEHSTR_EXT)
 - Riksdaalder.Bol (PEHSTR_EXT)
 - Byfornyelsernes.For (PEHSTR_EXT)
 - Software\Nonoligarchical\raids\Trillingefdsel (PEHSTR_EXT)
 - Travetures.ini (PEHSTR_EXT)
 - Fluidums.ini (PEHSTR_EXT)
 - Spondylus.Rei (PEHSTR_EXT)
 - Holocentrid.Stu (PEHSTR_EXT)
 - Regelfaststtelsernes.dll (PEHSTR_EXT)
 - Hypnotherapist50.Non (PEHSTR_EXT)
 - Microgamy\Bekldt.Bus (PEHSTR_EXT)
 - Bludge\Nonspinose170\Nominatival80.ini (PEHSTR_EXT)
 - Boweryish221.lnk (PEHSTR_EXT)
 - Cadwal.Rei (PEHSTR_EXT)
 - Delighter.Ing45 (PEHSTR_EXT)
 - Software\Duelighedstegn\Andenprmies\Rabbinaternes (PEHSTR_EXT)
 - Gldesskrig174.Omk (PEHSTR_EXT)
 - Overpunched.Bar (PEHSTR_EXT)
 - Scatterable\Boogymen (PEHSTR_EXT)
 - Software\Environmentalist30\Saturating (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Uninstall\afmagringerne (PEHSTR_EXT)
 - Appelmuligheder.Ozo (PEHSTR_EXT)
 - Anlgsinvesteringer.Min (PEHSTR_EXT)
 - Abelsk.Hum (PEHSTR_EXT)
 - Software\Cholecystectasia89\Pepysian\Nonpestilently (PEHSTR_EXT)
 - Samleobjekts.ini (PEHSTR_EXT)
 - Indebt.Bes (PEHSTR_EXT)
 - Underforstaaet.ini (PEHSTR_EXT)
 - Tvrstillede.ini (PEHSTR_EXT)
 - majoriseringens.Nyn (PEHSTR_EXT)
 - Mettes.Sig (PEHSTR_EXT)
 - Tusindets.lnk (PEHSTR_EXT)
 - Ailuromania.Ner (PEHSTR_EXT)
 - Mikroskopere.lnk (PEHSTR_EXT)
 - Skumslukkeren.ini (PEHSTR_EXT)
 - Persisk.lnk (PEHSTR_EXT)
 - raffinaderiprodukts.ini (PEHSTR_EXT)
 - Columnizing.dll (PEHSTR_EXT)
 - solingklassernes.ini (PEHSTR_EXT)
 - \Forsvarschefs\Relikvieskrinets.ini (PEHSTR_EXT)
 - Software\Styraxes\Italicising (PEHSTR_EXT)
 - \klamreaben\trykkogerne\Ligningernes (PEHSTR_EXT)
 - Glacialize130.Uge (PEHSTR_EXT)
 - Software\Statsretten (PEHSTR_EXT)
 - Comparate.Chu153 (PEHSTR_EXT)
 - Software\wetness\Knuselskes (PEHSTR_EXT)
 - Software\Talblokken\prettiest (PEHSTR_EXT)
 - Software\Beslagsmedenes\Agpaitic\Luftfartjernes (PEHSTR_EXT)
 - Software\Stjkortlgningens (PEHSTR_EXT)
 - \Caleb62\Cancellous.Una (PEHSTR_EXT)
 - \bnskriftet\Tekstanmrkningers.Hem (PEHSTR_EXT)
 - \Fastrenes\facaders.Fil (PEHSTR_EXT)
 - Mynderne159\Atrichic.ini (PEHSTR_EXT)
 - Rhymes112.ini (PEHSTR_EXT)
 - Software\Creosols (PEHSTR_EXT)
 - Software\Klusilens (PEHSTR_EXT)
 - Brndingers.dll (PEHSTR_EXT)
 - Software\Trakeotomis (PEHSTR_EXT)
 - Veniremen.ini (PEHSTR_EXT)
 - Endosserings\Skrferes.ini (PEHSTR_EXT)
 - Caretta.Scr (PEHSTR_EXT)
 - Uninstall\Fallalishly (PEHSTR_EXT)
 - Untrading.ini (PEHSTR_EXT)
 - Writeoffs.Beq (PEHSTR_EXT)
 - Software\Humistratous (PEHSTR_EXT)
 - Analyseperioderne143.Eft (PEHSTR_EXT)
 - Helbroderen.lnk (PEHSTR_EXT)
 - Aristokratiske.Dde (PEHSTR_EXT)
 - Afskrivningsmulighederne.Bed (PEHSTR_EXT)
 - Software\Gyroidal\Telefonannoncen\Spiseolier (PEHSTR_EXT)
 - Rhett.ini (PEHSTR_EXT)
 - Skovvsner.dll (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Uninstall\Alleys\Diporpa (PEHSTR_EXT)
 - Ekstraafgift.lnk (PEHSTR_EXT)
 - Efterrationaliserings.Pre (PEHSTR_EXT)
 - Macroseismograph.Dds (PEHSTR_EXT)
 - Scrumption (PEHSTR_EXT)
 - Ellipsoiderne114.Byd (PEHSTR_EXT)
 - Enkeltheder.ini (PEHSTR_EXT)
 - Ugennemfrlighedens246.lnk (PEHSTR_EXT)
 - Noctambulistic.Pal (PEHSTR_EXT)
 - 20.254.53.47/brume.php (PEHSTR_EXT)
 - 20.234.231.114/mx/j57b5g9s8tr58cwm0ppp (PEHSTR_EXT)
 - pifeaizgjc.hda (PEHSTR_EXT)
 - Uderummenes.Ste (PEHSTR_EXT)
 - Komtok.Ope (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Uninstall\retirant\Adresselisten (PEHSTR_EXT)
 - Indtagningens.Une (PEHSTR_EXT)
 - Ggelederne.Avl240 (PEHSTR_EXT)
 - Software\Coercive\Lorarius\Hoisted (PEHSTR_EXT)
 - Bioteknikerernes.Jun (PEHSTR_EXT)
 - Software\Disorderer\Medlemslister\Peascod (PEHSTR_EXT)
 - Banjos.Bev (PEHSTR_EXT)
 - outspent.Rot (PEHSTR_EXT)
 - Poneridae\Suberin.ini (PEHSTR_EXT)
 - %WINDIR%\kommentarfacilitet\Rendzinas.Sup (PEHSTR_EXT)
 - Voltere\Geogonical.ini (PEHSTR_EXT)
 - implicativeness\Picklock\Udgiftsbehovets\Differentialligningssystemernes.Kul (PEHSTR_EXT)
 - cain\Ductileness.Pia (PEHSTR_EXT)
 - Guiltful\Frysebokse (PEHSTR_EXT)
 - Skarabens\Skibsdrengene92\Brighting\Swedger (PEHSTR_EXT)
 - Tjanting.Men (PEHSTR_EXT)
 - Coenoblastic.ini (PEHSTR_EXT)
 - Software\Titterers\Sanjakbeg\Olieforurenendes (PEHSTR_EXT)
 - Terminableness73.lnk (PEHSTR_EXT)
 - Fyldningernes.ini (PEHSTR_EXT)
 - Software\Bagsderyglnenes\Motionen\Floter116\Antologier (PEHSTR_EXT)
 - Bottomer.Cax228 (PEHSTR_EXT)
 - Dybfrossen.ini (PEHSTR_EXT)
 - beneficing\Galahads.Sun (PEHSTR_EXT)
 - Socialarbejde.ini (PEHSTR_EXT)
 - Unnotioned.bmp (PEHSTR_EXT)
 - Software\Bifurcation\Wended\Outcastes (PEHSTR_EXT)
 - Aggregatfunktionerne\Subtext.Int (PEHSTR_EXT)
 - Multilaminated\Warlockry.ini (PEHSTR_EXT)
 - Pitfalls\Nikkede.ini (PEHSTR_EXT)
 - Bevidstheders\Unred\Thielo.lnk (PEHSTR_EXT)
 - C:\xampp\htdocs\ (PEHSTR_EXT)
 - %\Loader\Release\Loader.pdb (PEHSTR_EXT)
 - unknowndll.pdb (PEHSTR_EXT)
 - dykkere\Uninstall\josiass (PEHSTR_EXT)
 - manifestationer\betvivle.ini (PEHSTR_EXT)
 - \Kulturforskelle\programmr.ini (PEHSTR_EXT)
 - Windows\Fotoernes\Uninstall\Inhalatoren224 (PEHSTR_EXT)
 - Farvebaandsomskifteren.txt (PEHSTR_EXT)
 - Application Data\camelhair.udg (PEHSTR_EXT)
 - Gardenmaking.lnk (PEHSTR_EXT)
 - Software\Ungdomssektioner (PEHSTR_EXT)
 - Takistoskops230.lnk (PEHSTR_EXT)
 - Chelations.ini (PEHSTR_EXT)
 - Uninstall\Overhangs (PEHSTR_EXT)
 - Appetitlsestes.dll (PEHSTR_EXT)
 - vareindkbenes.Til (PEHSTR_EXT)
 - sideordnet.sli (PEHSTR_EXT)
 - palliates\cooing (PEHSTR_EXT)
 - Parbate.Rea (PEHSTR_EXT)
 - Fiercening\Virtus (PEHSTR_EXT)
 - Angrebsmetoder165.Lkk (PEHSTR_EXT)
 - Uninstall\Litiopa (PEHSTR_EXT)
 - Software\Rooyebok (PEHSTR_EXT)
 - sphacelus\Snniker (PEHSTR_EXT)
 - Sprydstagernes.ini (PEHSTR_EXT)
 - pnheds.Eur (PEHSTR_EXT)
 - Inkorporeredes.lnk (PEHSTR_EXT)
 - Felines.dll (PEHSTR_EXT)
 - Uninstall\Prehensive\Indesprringernes (PEHSTR_EXT)
 - Vagerbje.ini (PEHSTR_EXT)
 - Funktionrlovenen.Blo (PEHSTR_EXT)
 - Aftersupper.ini (PEHSTR_EXT)
 - Midtsamling.For (PEHSTR_EXT)
 - Suspendyjr.ini (PEHSTR_EXT)
 - Software\Irrevocably (PEHSTR_EXT)
 - uncivilness.dll (PEHSTR_EXT)
 - Software\Fortyndede\Nonactives (PEHSTR_EXT)
 - Software\Uprofessionel\Teskefuld (PEHSTR_EXT)
 - Posits.lnk (PEHSTR_EXT)
 - Tsattine\Vies.ini (PEHSTR_EXT)
 - opgravedes.dll (PEHSTR_EXT)
 - Anlgsopgaver.ini (PEHSTR_EXT)
 - Sydlig.ini (PEHSTR_EXT)
 - Cavaliered\Portulakker.ini (PEHSTR_EXT)
 - Uninstall\Rhombovate\Cachuchas (PEHSTR_EXT)
 - Raffias\Actionfilmhelte\Elimar\Turnkmteatre.ini (PEHSTR_EXT)
 - Software\Magasin\Ostindien (PEHSTR_EXT)
 - Paristhmic\Speedometerets119.Fac (PEHSTR_EXT)
 - Sheltas\Afregningspriser.ini (PEHSTR_EXT)
 - Frankable\Ankergangs\Unhoroscopic\Crayonist.Pro (PEHSTR_EXT)
 - Stilleknaps133\Undervisningspligternes\Forstanderindernes\Carpi (PEHSTR_EXT)
 - Software\varefordelinger\Womanhood (PEHSTR_EXT)
 - Landeveje%\Circe.You (PEHSTR_EXT)
 - Tomers\Helgardere\Rebukers\Warreners.Sku (PEHSTR_EXT)
 - Paatalers\preengage\Forbrugsforeningerne\Oxybenzaldehyde.Vin (PEHSTR_EXT)
 - Software\Hotelvrterne\Colourfast\Churchier (PEHSTR_EXT)
 - Cornbell.Who (PEHSTR_EXT)
 - Squirmers\Biseksualiteten\Occidentalises\Filmapparater.Afn (PEHSTR_EXT)
 - Skattedepartementet\Anagogy.dll (PEHSTR_EXT)
 - \Daitya.ini (PEHSTR_EXT)
 - \Gldsfordring (PEHSTR_EXT)
 - AMD.Power.Processor.ppkg (PEHSTR_EXT)
 - \Virtuosa\Livor (PEHSTR_EXT)
 - PSReadline.psd1 (PEHSTR_EXT)
 - Halvtredsaarige\sunnittens\Rgtende (PEHSTR_EXT)
 - Slavens.sub (PEHSTR_EXT)
 - Marmorhvidt.Spr (PEHSTR_EXT)
 - Diphenoxylate.Nae (PEHSTR_EXT)
 - Software\Trochanteral\Elegises\Totalafholdende (PEHSTR_EXT)
 - Software\Ejvins\Videocast\overeksponeredes (PEHSTR_EXT)
 - Beskydningernes.Vis (PEHSTR_EXT)
 - Inductophone.ini (PEHSTR_EXT)
 - Software\utilbjeligheder (PEHSTR_EXT)
 - Software\Extratropical\Fremmedsprogsundervisningen (PEHSTR_EXT)
 - Undergraduatedom\personkreds.Dem (PEHSTR_EXT)
 - Software\Coseasonal\Aggrandizement\Mesosternal\Theorisers (PEHSTR_EXT)
 - Paravant\Stoppage\syllabogram\Citrullin.ini (PEHSTR_EXT)
 - Hulster\Agrarkonomer\Dispreader.dll (PEHSTR_EXT)
 - Sunsets\Hovedkorts\Dybfrostens\Plateresque.Sta (PEHSTR_EXT)
 - applikere\Spellword.sem (PEHSTR_EXT)
 - Software\Nonnatively\Turdine (PEHSTR_EXT)
 - softy\Stadionet\Slipperiest.Sel (PEHSTR_EXT)
 - Software\Listeafstemningerne\Greekling (PEHSTR_EXT)
 - Ecbolic\Arty\Gravsten233.lnk (PEHSTR_EXT)
 - Headlongwise\landsplanlgningerne\Egelvet\Informationsstrms.Fjl (PEHSTR_EXT)
 - Software\Ninetts\Predictiveness\Basnglens (PEHSTR_EXT)
 - Camittas\Aromastoffers\Mark\fyraab.Pla (PEHSTR_EXT)
 - Navarre\Receptors\Refamiliarize\spartacism\Mergh.You (PEHSTR_EXT)
 - Binominous\bortliciterer\Flugtbilen.Reg (PEHSTR_EXT)
 - Bedsteborgerliges\Ostraite.Lys (PEHSTR_EXT)
 - Software\Auktioners\Halvdels\Nedlggende\Belimousined (PEHSTR_EXT)
 - Leveringstidspunkt\Dbefonternes\Sexennial230\Macrophage.ini (PEHSTR_EXT)
 - Entrecotes\Neutraliseringsanlggets\Diswont.Sch (PEHSTR_EXT)
 - Bomstrkt\Vognbjrn.ini (PEHSTR_EXT)
 - Skydkkes\sekundavarerne\dissented (PEHSTR_EXT)
 - Software\spliff\Paasaetning\biotopes (PEHSTR_EXT)
 - Software\Sanatoriet\Stemningsblgers\Inanimatenesses (PEHSTR_EXT)
 - Sexbomberne\Interfirm\Exhibitionist.Uni (PEHSTR_EXT)
 - Hensygne\Adjunkturer66\Overcompensators\Soubrettes.Hel (PEHSTR_EXT)
 - Software\Escrows\Jongleret\Brevduer (PEHSTR_EXT)
 - Software\vannus\Agitates66\Gastrostaxis\grilladed (PEHSTR_EXT)
 - Titoisten\Toiletry160\Coffinmaker.lnk (PEHSTR_EXT)
 - Loader.dll (PEHSTR_EXT)
 - Lbetrning\Cigarrullerens153\Accomplement\Myndighedens.ini (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Uninstall\Vekselstrmmens\Berkeleian (PEHSTR_EXT)
 - CurrentVersion\Uninstall\Bedeafen\Tjenstledigt\Spildevandsudledning (PEHSTR_EXT)
 - Ascape\Rensningsformerne.ini (PEHSTR_EXT)
 - Minoriteternes\Humus\Chaetophora\jorams (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Uninstall\Fruity\bjergvrksdriften (PEHSTR_EXT)
 - Interlocating\Supereligibleness.Var (PEHSTR_EXT)
 - Software\Gnaske\Trisylabic\Oculocephalic\Preexaction (PEHSTR_EXT)
 - Bamboozled\Koppevaccination\Ldreliv.Gra (PEHSTR_EXT)
 - Uransagelighedens\Brneteater.dll (PEHSTR_EXT)
 - Afspndingsmidlernes\Stormasters206\Senilises\Journaliserende.ini (PEHSTR_EXT)
 - Exoticity67\tyranniseringens.dll (PEHSTR_EXT)
 - Software\rillerne\exaggerativeness\bemrkelsens (PEHSTR_EXT)
 - forbiers\saftningerne\unfailably.ini (PEHSTR_EXT)
 - showdown\culgee\Kompliment251\skubberens.dll (PEHSTR_EXT)
 - Refunderer.unc (PEHSTR_EXT)
 - janner.slv (PEHSTR_EXT)
 - klonede.tit (PEHSTR_EXT)
 - ciliolum.dll (PEHSTR_EXT)
 - laitances\legat.ini (PEHSTR_EXT)
 - scoliidae\Rosenrd.lnk (PEHSTR_EXT)
 - combiners\galanterier\ledelsesplaner\sord.Dra33 (PEHSTR_EXT)
 - numina\chloroplatinous\Rebenes\fremfrelse.eve (PEHSTR_EXT)
 - Bestyrelser\Untaughtness\Antirenter.ini (PEHSTR_EXT)
 - Tilstningsfri\Preconcessions\Pursuit\Causticises.ini (PEHSTR_EXT)
 - Software\Centraler\Afdramatiseringens41\Trykstbning (PEHSTR_EXT)
 - Software\Restaureringens (PEHSTR_EXT)
 - plebeianising\orographically.Sap (PEHSTR_EXT)
 - stersstrande\apoplektiker\humorlessnesses (PEHSTR_EXT)
 - nabobeboelsens\Huldah\tsade.ini (PEHSTR_EXT)
 - sammenstillingernes\krre.sko (PEHSTR_EXT)
 - flagsptternes\storborger\unstavable\steadiest.ini (PEHSTR_EXT)
 - Telefonstorme\statistikprogrammers\fuldblodshestes.for (PEHSTR_EXT)
 - Thorni38\Haulages.udt (PEHSTR_EXT)
 - Recumbency217.koa (PEHSTR_EXT)
 - Omadressering.sla (PEHSTR_EXT)
 - Sluknende.txt (PEHSTR_EXT)
 - bluffmagerne.fed (PEHSTR_EXT)
 - Software\tormentillerne (PEHSTR_EXT)
 - unmuted.mal (PEHSTR_EXT)
 - mavekatar.con (PEHSTR_EXT)
 - hemophiliacs.txt (PEHSTR_EXT)
 - morallren.ini (PEHSTR_EXT)
 - Tovbane.ind (PEHSTR_EXT)
 - hyetometer.Rub (PEHSTR_EXT)
 - Tandlgeklinikker212.mar (PEHSTR_EXT)
 - C:\TEMP\overmandede\Metran (PEHSTR_EXT)
 - SYSTEM32\energetiskes\Physicianer223.lnk (PEHSTR_EXT)
 - silkaline svrestes.exe (PEHSTR_EXT)
 - presbyteriansk.rdb (PEHSTR_EXT)
 - Venstrehaandsarbejderne.agb (PEHSTR_EXT)
 - Skaft.Gen (PEHSTR_EXT)
 - antivaccinator because.exe (PEHSTR_EXT)
 - fuldblodsopdrtteren screen (PEHSTR_EXT)
 - Delicately\oplgets.ini (PEHSTR_EXT)
 - skumringstimers\Uninstall\negress\Forladernes (PEHSTR_EXT)
 - hurriers\balletkorps (PEHSTR_EXT)
 - protomerite\blokeringerne\kirkeministeriets (PEHSTR_EXT)
 - Vanskeliggjordes88.bru (PEHSTR_EXT)
 - inanity.exe (PEHSTR_EXT)
 - overskuedes.cha (PEHSTR_EXT)
 - twit.jen (PEHSTR_EXT)
 - denotationen.unr (PEHSTR_EXT)
 - \rdbgens\halifax.dll (PEHSTR_EXT)
 - \fetaens\scaphiopus.Aan31 (PEHSTR_EXT)
 - epileptoid\Charmetrolden (PEHSTR_EXT)
 - bintjekartoffelen.avo (PEHSTR_EXT)
 - Lukketiders227\siouxens (PEHSTR_EXT)
 - Denotatum.ini (PEHSTR_EXT)
 - Glyptograph.txt (PEHSTR_EXT)
 - Subsistenslse.ini (PEHSTR_EXT)
 - Afdelingssygeplejerske.Hur197 (PEHSTR_EXT)
 - procatalectic.mis (PEHSTR_EXT)
 - Erythromania224\sammenhobningernes (PEHSTR_EXT)
 - Regeringerne205\prioritetsrkkeflgens (PEHSTR_EXT)
 - Arabesks\Uninstall\impeach\barselsorloverne (PEHSTR_EXT)
 - Halvfemser\luftspringenes (PEHSTR_EXT)
 - beniamino\Uninstall\accorded\junglier (PEHSTR_EXT)
 - Tilsynsfrendes.dho (PEHSTR_EXT)
 - coexert\kredse.met (PEHSTR_EXT)
 - Triveligste111.fag (PEHSTR_EXT)
 - quodlibetarian.ini (PEHSTR_EXT)
 - flammekasterens.ini (PEHSTR_EXT)
 - dislustered.sub (PEHSTR_EXT)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: 10122025_NAKLİYE ÖDEME TAL.10.12.2025_dekont.exe
c63500c846ed488ae3472ddd25cd66fb86de66d7320db4431fb8d1f8c7a1c1fb
11/12/2025
VirusTotalDownload Sample
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 11/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$