Trojan:Win32/Znyonm!rfn - ThreatCheck.sh

user@threatcheck.sh ~ threat-analysis

bash

$ analyze-threat Trojan:Win32/Znyonm!rfn

Trojan:Win32/Znyonm!rfn - Windows Defender threat signature analysis

$ cat analysis.txt

=== THREAT ANALYSIS REPORT ===

Threat Name: Trojan:Win32/Znyonm!rfn

Classification:

Type:Trojan

Platform:Win32

Family:Znyonm

Detection Type:Concrete

Known malware family with identified signatures

Suffix:!rfn

Specific ransomware family name

Confidence:Very High

False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family Znyonm

VDM Static Detection:

Relevant strings associated with this threat:
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)

Known malware which is associated with this threat:

Filename: 49b7629b41572ef6c7f0f8666d45ded1e2d18609782c3592443786073559fd4f

49b7629b41572ef6c7f0f8666d45ded1e2d18609782c3592443786073559fd4f

08/12/2025

→VirusTotal ↓Download Sample

Filename: PBC_YD10_INV8035360426.zip

e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035

15/11/2025

→VirusTotal ↓Download Sample

Filename: PO# 45821 and 45822.zip

501cce9c9ff55227fcd29f875fedf894032a8cc2e90f1256ecd9ad9f74e8e5bc

15/11/2025