user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win64/TigerCrypt.A!dha
Trojan:Win64/TigerCrypt.A!dha - Windows Defender threat signature analysis

Trojan:Win64/TigerCrypt.A!dha - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win64/TigerCrypt.A!dha
Classification:
Type:Trojan
Platform:Win64
Family:TigerCrypt
Detection Type:Concrete
Known malware family with identified signatures
Variant:A
Specific signature variant within the malware family
Suffix:!dha
Caught by dynamic heuristic behavioral analysis
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 64-bit Windows platform, family TigerCrypt

Summary:

Trojan:Win64/TigerCrypt.A!dha is a confirmed Trojan malware targeting 64-bit Windows systems, belonging to the TigerCrypt family. It employs encryption techniques like XOR and DES, strongly indicating its use for malicious purposes such as data obfuscation, exfiltration, or ransomware.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - CryptorInterface@@2 (PEHSTR_EXT)
YARA Rule:
rule Trojan_Win64_TigerCrypt_A_2147916846_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/TigerCrypt.A!dha"
        threat_id = "2147916846"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "TigerCrypt"
        severity = "Critical"
        info = "dha: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "200"
        strings_accuracy = "High"
    strings:
        $x_150_1 = "CryptorInterface@@" ascii //weight: 150
        $x_50_2 = "CryptorXor@@" ascii //weight: 50
        $x_50_3 = "CryptorDES@@" ascii //weight: 50
    condition:
        (filesize < 20MB) and
        (
            ((1 of ($x_150_*) and 1 of ($x_50_*))) or
            (all of ($x*))
        )
}
Known malware which is associated with this threat:
Filename: c296a7ba8645ef6c06162228ca58618dcdc6f1205aec5680a7f355a53d2a0148.bin
c296a7ba8645ef6c06162228ca58618dcdc6f1205aec5680a7f355a53d2a0148
22/01/2026
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected system immediately, perform a full antimalware scan to remove the threat, and verify system integrity for any persistence mechanisms or additional compromises.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 22/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$