Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.FlyStudio.D

Trojan.FlyStudio.D

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,868
Threat Level: 40 % (Medium)
Infected Computers: 827
First Seen: July 24, 2009
Last Seen: March 22, 2026
OS(es) Affected: Windows

Aliases

8 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Sophos Troj/Zlobla-Gen
McAfee Puper.dll
Ikarus not-virus:Hoax.Win32.Renos.ei
Fortinet Misc/Zlobla
eWido Not-A-Virus.Hoax.Win32.Renos.ei
ClamAV Trojan.Downloader.Zlob-1358
AVG Generic2.BXK
Avast Win32:Zlob-NO

SpyHunter Detects & Remove Trojan.FlyStudio.D

File System Details

Trojan.FlyStudio.D may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. isaddon.dll 71b49ab8f9cbb76406b273df6a83ec6e 0

Analysis Report

General information

Family Name: Trojan.FlyStudio.D
Signature status: No Signature

Known Samples

MD5: 97383ed27b706163fe9b5c8655dfcc2e
SHA1: d7656908f33fa086c2770c7d48239e970fa59280
SHA256: F86CD519CDD69C941FB8F8ED44EC02F9981561CB4F5E7041B452B8ABB5F1F030
File Size: 7.10 MB, 7104000 bytes
MD5: f1b8c0549ea7e582a425b2517ab5b2e8
SHA1: 31795175a97e27cc8e7f49a04e80abc30010240e
SHA256: 1F4B57E854AA3D627976C2DE96B1CE250D98E66D5E0EB6126FBB18738CE245BB
File Size: 1.06 MB, 1064960 bytes
MD5: 2f591530a1abce964f8004ffab53b1bf
SHA1: a2a83b9ce537f1a2590885a34ef7719b53ddc63b
SHA256: E30DFF233AFECA4A87D4FB6D4EC0D9683C4D63EEF3409D3C10C5E325EC7AE7B8
File Size: 8.41 MB, 8409088 bytes
MD5: a2088c55cf23996ac01f4c58bfe6e2b4
SHA1: 130f159c516ac32ea0b12f7921796b214b34491c
SHA256: 633EFF3B26F0C5C29F7A474E07AC58AC143D6E1E43777C0BD99187A0F2432583
File Size: 410.11 KB, 410112 bytes
MD5: 704c54b0631110514a93044d8332e23e
SHA1: ec552a4dd47ce6ace3bf81e14b2fa61573f62b30
SHA256: 1A5E4FCE6203630307ACF2BD5E8AA0D26F06C8E8D730E284B4ECFEC9D145F243
File Size: 1.18 MB, 1179648 bytes
Show More
MD5: 6f280d30ef1c0c4aa9ac3aeacca954a6
SHA1: a042f85814c77917379ad06f435b2ca9e0fe19d0
SHA256: 192A7879624985CA2E16FB5251A98EF71A942A14F0BD3DA0902C154E26ACFB80
File Size: 1.66 MB, 1658880 bytes
MD5: 8a5c195cade8b26310502360e3d84f59
SHA1: 99f6582918aab0617fa2c8ee499ebf2b010f89dc
SHA256: 943621E02133C940D7DE4385822A07B83140B755AB37D4B2C9E5566F8C74B4D6
File Size: 475.65 KB, 475648 bytes
MD5: 9fe0080cf3dd65cf5213bb20b25940bd
SHA1: 42bc7874275850ead93f629be25ff7e3322847cc
SHA256: 98B630DC4FAADACF7E68F619312E8DEBC10697101034B62493CF3E2EB4901400
File Size: 1.29 MB, 1286144 bytes
MD5: 0840dfb5be39914ce9c41a34a6671caa
SHA1: b1dc346c7beb9dfea7deb8d349c14c7c3b001293
SHA256: 82DE9D83594CDDB1A589328814DE43C8A46ECD3E39CDE1820D0EE30401BA763A
File Size: 5.01 MB, 5009408 bytes
MD5: d0b7b2c6e626dadc39754e16e6973946
SHA1: 129bae6db241529829f24bbb324f87c479dc75b0
SHA256: B150604C05A8C429E2147607C81C1EFF7A6C7270BA9C59E08223B7A0DCF3FFA1
File Size: 1.41 MB, 1413632 bytes
MD5: 0deb8467d4d02e62d8c5febf2f25736c
SHA1: b4586e52822953e076ce6ed42be734d950266f39
SHA256: CAB37F44B1F6B808D98103CD9611BEAEE252B9B420730C2C237BCCAC0B22FBD6
File Size: 1.70 MB, 1703936 bytes
MD5: d404e4438f0aa41e1972459c0d9fca30
SHA1: e4f0e57dd68762ee84d9088b4c07aeada8392330
SHA256: 7B4EA1382DFF6D6A29C8EDE6F038EDC672242FD9015DBACFE5FCB7F204034DB6
File Size: 1.13 MB, 1130496 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • r+软件组 www.Q1QQ2.com
  • Windows 高级电源辅助管理工具 by 有限的未知
  • 修真大陆
  • 本程序使用易语言编写(http://www.eyuyan.com)
  • 植物大战僵尸(非年度版)修改器
  • 疯猫数据库
Company Name
  • mtohoem
  • r+软件组 www.Q1QQ2.com
  • Synaptics
  • 北冥
  • 有限的未知
  • 疯猫
File Description
  • Synaptics Pointing Device Driver
  • trafficxia_jicheng
  • Windows 高级电源辅助管理工具 by 有限的未知
  • 修真大陆
  • 复制粘贴
  • 朗读女主程序
  • 植物大战僵尸修改器
  • 疯猫数据库V9.2
  • 系统资源程序
File Version
  • 9.2.0.0
  • 5.3.0.0
  • 2.5.1.4
  • 1.1.1.11
  • 1.0.0.4
  • 1.0.0.0
Legal Copyright
  • 1、版权归本程序作者及协助者所有; 2、只能用于个人学习交流(非商业用途); 3、未经允许严禁四处传播;
  • DXVM 非原创By:Gao Meinan
  • 作者版权所有 请尊重并使用正版
  • 北冥
  • 有限的未知 版权所有
  • 朗读女 版权所有(C) 阿嘉 免责条款: 本软件版权人申明不对本软件产品的安装、使用提供任何明示的和隐含的保证。不对软件使用中所遇到的任何理论上的或实际上的损失承担责任。 更多信息请访问:http://www.q1qq2.com 联系作者: cctvw0m1@126.com QQ: 1006018660
  • 疯猫版权所有
Product Name
  • Synaptics Pointing Device Driver
  • trafficxia
  • Windows 高级电源辅助管理工具 by 有限的未知
  • 修真大陆
  • 复制粘贴
  • 易语言程序
  • 朗读女
  • 疯猫数据库
  • 系统资源程序
Product Version
  • 9.2.0.0
  • 5.3.0.0
  • 2.5.1.4
  • 1.1.1.1
  • 1.0.0.0

File Traits

  • .UPX
  • 2+ executable sections
  • dll
  • HighEntropy
  • No Version Info
  • packed
  • PEC2
  • PECompact v2.20
  • UPX!
  • VirtualQueryEx
Show More
  • x86

Block Information

Total Blocks: 1,777
Potentially Malicious Blocks: 352
Whitelisted Blocks: 1,065
Unknown Blocks: 360

Visual Map

? 0 x x x ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x ? x x ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x x x x x x x x x x x x x x x x x x x ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x ? ? ? ? ? x x ? ? x ? ? x ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? 0 ? ? ? ? ? x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? x x x x ? ? ? ? ? ? x ? ? ? ? ? x ? ? ? x ? ? ? ? x 0 x ? ? ? 0 ? x ? x ? x ? 0 ? ? x x 0 0 0 0 0 x x 0 x x x x x x x x x x x 0 0 x x 0 x x x x x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 x 0 0 x 0 x 0 0 0 x 0 0 x 0 x 0 0 0 0 x x x x x x x x x x x 0 x x x x x x x x 0 x 0 x x x 0 x x x x 0 x x x x 0 x x x x x x x x x x x x x 0 x x x x x 0 x x x x x 0 0 x 0 0 x 0 x x x x x 0 0 0 0 x 0 0 x x x x x x 0 0 x 0 0 x 0 x x x x 0 x x x x x 0 x 0 x x x x x x x x x x x x x 0 x x x x x x 0 0 x 0 x 0 x x 0 x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x 0 0 x 0 0 x x 0 x 0 x 0 0 0 x x x x x x 0 0 x x x x x x 0 0 0 x 0 0 x x x x x x x 0 x x 0 x x x x 0 x x 0 x x x x 0 x x 0 x 0 x 0 0 0 x 0 x x x 0 0 0 x x x x x x x x x x x x x x x x x x 0 x x 0 x x x x 0 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 x x 0 0 0 x x 0 x 0 0 x x 0 x 0 x 0 0 x x 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 x 0 x x x 0 0 0 0 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Bitcoinminer.FD
  • Trojan.Downloader.Gen.CG
  • Trojan.Downloader.Gen.DO
  • Trojan.Downloader.Gen.EY
  • Trojan.Downloader.Gen.HL
Show More
  • Trojan.Downloader.Gen.HQ

Files Modified

File Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxab00.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\pfxczvo.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l2\4\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_42bc7874275850ead93f629be25ff7e3322847cc_0001286144 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_42bc7874275850ead93f629be25ff7e3322847cc_0001286144 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

runas c:\users\user\downloads\._cache_42bc7874275850ead93f629be25ff7e3322847cc_0001286144
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...