Threat Database Trojans Trojan.FlyStudio.CA

Trojan.FlyStudio.CA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 5,127
Threat Level: 80 % (High)
Infected Computers: 16,823
First Seen: December 17, 2012
Last Seen: March 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.FlyStudio.CA
Signature status: No Signature

Known Samples

MD5: 400fb8b35365d7e45eaab87dee5999a5
SHA1: f8989a08ba5e7d005611867ebdd53fd305dc9d39
SHA256: B797863867A9A17432CD9E8EAE80AD346213C5231741304FB8F6226BBA12733E
File Size: 262.14 KB, 262144 bytes
MD5: d41712682394c7f20e030a4fed82b550
SHA1: d2ba65474c17045b40ad3904112b5b10dd9dbbf8
SHA256: 4C29AE768BAA83B876839704DE85B7295F2A2C2A36D33201C1026C269C667C8E
File Size: 4.27 MB, 4268406 bytes
MD5: c0cbc4af510a67e80faf6c515f1ea838
SHA1: 12667e9763f4432e36bbffed1bd87b61ca61bfeb
SHA256: 406005B78ACA73E3F719DF7747C9A1BB7D8888EC987498CB3C221671CA942F89
File Size: 761.86 KB, 761856 bytes
MD5: d2736599fe4310c08f6c5aa52e3ac2e3
SHA1: c050ee32d23d6f713ac0188015ae59aa1f8be2ce
SHA256: 7AA5045B2F5CDD227B73FBCD37A6C55B94580A2A30BE4E7C4448C3F17ADDE688
File Size: 4.55 MB, 4550656 bytes
MD5: 9de32c22665073500819587fa7e5f850
SHA1: 4f1b36c02026b13ca5da0578de75a7df13d03709
SHA256: 9FDD27F388521BF3F3670B636E9F4E699D42B5BAF2FBAF03F1DB5D0D6D78F0A2
File Size: 221.18 KB, 221184 bytes
Show More
MD5: 46589c5c492f0bd050a34f800a5704b4
SHA1: 08f0e909a8e5924037d3a9b91422b962fc02bab9
SHA256: 089352EECE1CB1CA4C8511C6611770D4B1C808680FA53FDDC3B683AE826905C3
File Size: 1.66 MB, 1658880 bytes
MD5: f275e33847cd325a4775edd19ed11881
SHA1: 35c05f593963ae60354f3469df1145c1a1713055
SHA256: EB7A38ED3CF137B4B15D5D8E714CDD3111069216E1783A6F19F6E4ABF0B5E0DC
File Size: 847.87 KB, 847872 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Microsoft Corporation
  • RuntimeBroker
Company Name
  • Microsoft Corporation
  • RuntimeBroker
File Description
  • HtmlView DLL
  • NewLib DLL
  • Windows host process (Rundll32)
  • 应用程序
File Version
  • 8.9.8.9
  • 1.0.19041.1648
  • 1, 0, 0, 1
Internal Name
  • HtmlView
  • NewLib
Legal Copyright
  • @ Microsoft Corporation. All rights reserved.
  • RuntimeBroker
  • 版权所有 (C) 2002
  • 版权所有 (C) 2004
Original Filename
  • HtmlView.DLL
  • NewLib.DLL
Product Name
  • HtmlView Dynamic Link Library
  • Microsoft@ Windows@ Operating System
  • NewLib Dynamic Link Library
  • RuntimeBroker
Product Version
  • 8.9.8.9
  • 1.0.19041.1648
  • 1, 0, 0, 1

File Traits

  • big overlay
  • dll
  • HighEntropy
  • MZ (In Overlay)
  • No Version Info
  • x86

Block Information

Total Blocks: 1,361
Potentially Malicious Blocks: 277
Whitelisted Blocks: 1,060
Unknown Blocks: 24

Visual Map

x 0 x x x x x ? 0 ? ? ? ? x ? ? x ? 0 0 x x x 0 ? 0 ? 0 x ? x ? x 0 ? ? ? ? ? ? x x x x x 0 x x 0 0 x x 0 x x x x x x x x x x x 0 0 x x 0 x x x x 0 0 x 0 x 0 x 0 x 0 0 x x x x x x x x x x x 0 x x x x x x x x 0 x x x x x 0 x x x x 0 x x x x 0 x x x x x x x x x x x x x 0 x x x x x 0 x x x x x 0 0 x 0 0 x 0 0 0 x x 0 0 x x x 0 0 0 0 x 0 0 x x x x x 0 0 x 0 0 x 0 x x x 0 x x x x x 0 x 0 x x x x x x x x x x x x 0 x x x x x x 0 0 x x 0 x x 0 0 0 x x x x 0 0 0 x 0 x x x x x x x x x x x x x x x x x x x 0 0 x 0 0 x x 0 x 0 x 0 0 0 x x x x x x 0 0 x x x x x x 0 0 0 x 0 0 x x x x x x x 0 x x 0 x x x x 0 x x 0 x x x x 0 x x 0 x 0 x 0 0 0 x 0 x x x 0 0 0 x x x x x x x x x x x x x x x x 0 0 0 x x 0 x x 0 x x 0 0 x x 0 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 x x 0 0 0 x x 0 x 0 0 x x x 0 x 0 0 x x 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 x 0 x x x 0 0 0 0 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Bitcoinminer.FD
  • FlyStudio.CA
  • KeyLogger.B
  • Kryptik.DGW
  • Kryptik.NRR
Show More
  • Lotok.T
  • Ramnit.AP
  • Trojan.Agent.Gen.AAC
  • Trojan.Downloader.Gen.CG
  • Trojan.Downloader.Gen.DO
  • Trojan.Downloader.Gen.EY
  • Trojan.Downloader.Gen.HL
  • Trojan.Downloader.Gen.HQ

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWriteFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f8989a08ba5e7d005611867ebdd53fd305dc9d39_0000262144.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4f1b36c02026b13ca5da0578de75a7df13d03709_0000221184.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\08f0e909a8e5924037d3a9b91422b962fc02bab9_0001658880.,LiQMAxHB

Trending

Most Viewed

Loading...