Trojan.Spy.MSIL

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	1,094
Threat Level:	80 % (High)
Infected Computers:	16,570

First Seen:	December 11, 2012
Last Seen:	May 17, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Spy.MSIL
Signature status:	No Signature

Known Samples

MD5: b223191862e61ec109d862c3f2dd4c09

SHA1: ca53636f6d635d8e9b181425fbb075d9d9830f58

File Size: 139.26 KB, 139264 bytes

MD5: 17ea1f47a1412ffc31fb1f19eb5a4a03

SHA1: 63b69c1c162f870455e857b87ab63df29ea754fa

SHA256: 72C0643D46DC6C1D0121E41DE5EE5F1F8FE2274B90B3AC6B11AFEF08457755A1

File Size: 797.70 KB, 797696 bytes

MD5: 17b1414843133c2577a5ed270c8e3766

SHA1: 941dfb26f3c83a99cc8e22ab1d8b6846d8ab19d2

SHA256: D858364EDEA53D5FC76EAB2F493703DD1EA8B5F9E208442F8A866EB5A185D225

File Size: 4.98 MB, 4984288 bytes

MD5: ffd35f384cbf113e9c7ce552b63d2fba

SHA1: ac9e751656fd2b88481b012182ea453f515a4c6b

SHA256: 62FC8D9B0137FE02A139E14514C5C881C731AA1D24BFB2BEA6E6D376FDAE6F4D

File Size: 9.94 MB, 9935872 bytes

MD5: c984740cc2cbcb88210da1c68e2418a9

SHA1: 1976d3c4e97e564314290e94f0547fb30f99b4f2

SHA256: 898CC657B30682AB01D285E8A1F14DDDEC2C7D671D50E193F77EF75AB70B337B

File Size: 2.33 MB, 2326528 bytes

MD5: c8790b4086a9c4b94e60ecf035b7b28f

SHA1: 0bec1d89d67cb46a25eed11870472e15fa02795f

SHA256: 9AD7F82E405424C49394881A5436EB06184BB86C7033925607F8B134B6237D77

File Size: 920.58 KB, 920576 bytes

MD5: b5ebe504788b986e323d5934f485be4d

SHA1: a63de5de3e5bd6c473426d7a70a81f5eba527407

SHA256: 538C55817952125571271F85FB7A7F68B75DBC73FAEFE31FC722BCBA345682A1

File Size: 5.15 MB, 5146112 bytes

MD5: 9042a37eb495b7d30a92a84e3bdfed29

SHA1: 577906bd5c3d72f4a3f2bfbc46fce44ceb210848

SHA256: 0AB0FA8A2DD6CE31ADB737FF45CBE3227A5143931E2F3214D3A5C6CA5266D57C

File Size: 1.33 MB, 1331719 bytes

MD5: 4e4fa4dfdd28121da51c5e1f74da3d73

SHA1: 11518fa72a7f5b26bb763c25e2f982c48a0d3d53

SHA256: DF09060FCF23BEDDD340FEF9D9B4E9DE30E572D46A732A91A599613CEAC9F261

File Size: 9.76 MB, 9760256 bytes

MD5: be977bb54f509271c219728a8b460577

SHA1: 89d1e8be97bb08c845ffdebea2a68500cd2e8d5b

SHA256: C435C2A972E45865A869AC37C67A34C4962DF3337587958DC064162E11F2852B

File Size: 921.10 KB, 921103 bytes

MD5: d085f72bd343719fb148810d1c8f25fd

SHA1: 89cb89734ed1db270f8ca5753e61aeceda0dd92e

SHA256: 52ABED3BDA70229CFE631E8E31AF9D7A054B2556C349AA250D9C511DA22E97FA

File Size: 1.94 MB, 1943040 bytes

MD5: 174145d9041714cb22e7d7cb7ed8c943

SHA1: a194f6336fbfc23a4c45b8c7e27cd8c0454a087d

SHA256: 4F78CEBB1AC1482DFA9A10C2063FEB55FDC13E0BC4D5D5E265D1F54F1128C52C

File Size: 1.67 MB, 1667584 bytes

MD5: ea4a4549328762db59d63cd20f55879a

SHA1: fe22c52a65d68005ce153c23213cbc3a9c8ab26e

SHA256: 2E047742BAF2F4FAA4CF60E31EC726E564972AB766A0AF026611CDBD0CCE26C8

File Size: 1.59 MB, 1588224 bytes

MD5: 5d63d3ba95f751240b13561391c0ca00

SHA1: 68f1da64dd1878596ed25e10db1256647633b44d

SHA256: 055857C78692EE9427AD440AF0BD4FE157E7B3F63A2C936D2F40264E1B332714

File Size: 65.25 KB, 65248 bytes

MD5: 08240a6f78ec21015e813ee33036247f

SHA1: 320ee811b6b69a63acf86699b88396df7c1e4139

SHA256: F62878D468975F9C54456670319AB77C98297172A68A1A37E4E2B67B3936A1B8

File Size: 236.54 KB, 236544 bytes

MD5: cddc66a0f7e659e3425efa64571b6e40

SHA1: a82e85d82cb37b2ceda40f192fc88173c6867644

SHA256: 48E57A4BF258A8D3221B6827BA01F743A0BA0E5B9BF1FC7F12F1790A1C1667F4

File Size: 8.02 MB, 8017408 bytes

MD5: 3e20bb7202faf6a201d4b0ca4d64b3ab

SHA1: 1cdf5c850fc6b4aa53cbc4f195e46bfe8bf7cb63

SHA256: 2D86E5457DC68EF8B8D5A028EBF2F44795379B50AC99FBFA838B1E1CDDE1BB45

File Size: 2.00 MB, 1999872 bytes

MD5: c502311bcbc5cd985e25903b05267e6f

SHA1: a0afc13de03b3697b13ee18bac406d81d627088c

SHA256: 3BF13E44AFC013ED0F69D50AAC22D876B9872B4C14BC8AAED9716111DBC13993

File Size: 8.06 MB, 8060928 bytes

MD5: 8dd0a2442dc1d5acd7599be87b1dc48c

SHA1: c8c8ce9b0a301f6dbfc718cf372160966f46e884

SHA256: 15D85BD1E7238742510BEB5092CC921E4DA5C4D1A1410E6E49A51C7B2B9F29E8

File Size: 7.65 MB, 7647232 bytes

MD5: e169668bfaa5dedafe0a72dbd7a327ca

SHA1: f09f0ab6b694daf74e473e4cd58fbd7e3bfc07e1

SHA256: FD4D63CCEA6F3946DB58B4AF8DE7D3E5BF0F6A7B3DC5667A460DBCE92FCE58E2

File Size: 1.10 MB, 1099776 bytes

MD5: 360e827bb745021eef5bf06e217c7463

SHA1: 6a27e9a0779ce6c5f376660bef4fa279fffd0a43

SHA256: C54049EE4F57EE18D71CF1F199F9E0115A42C5EA726DBBE5DD448496088357DD

File Size: 922.62 KB, 922624 bytes

MD5: 35ef60c2f80fa97b766caeaee994813c

SHA1: 5781232f3bed78aa4ee82edfba88f688b234fa61

SHA256: 7AB3AD59AFBF730A79EA35AB075D7263E972623248F7AE84FBC16D42F1F28A2E

File Size: 220.67 KB, 220672 bytes

MD5: 8724a4b27d7aa55a0508dc915dae0fb0

SHA1: 568b239ebac8b3c1bf6fcc536b90c2720bdd1ad9

SHA256: 37FA5DFDEE5990865FF5C31C781CB822DF7400C52FAF2E67090D6C1478A07652

File Size: 2.32 MB, 2323723 bytes

MD5: 70dfcadb35f287f6dfb4b1468f1200df

SHA1: 3adff7ac7a5f1dac7ab4ca35757ce5845078fe7a

SHA256: A45C4043C22B98DD529B77E73A416FA4A2811EE546DA7C62CA5A09196FB0AFAA

File Size: 3.82 MB, 3815424 bytes

MD5: a220f3853b58475e83f09de0ea35c432

SHA1: 2f4a2638911e8cfdc4a0f0ced7ba628c488d9592

SHA256: D5D0D7F233B22C3C4FC292AB69CDA1F036FB715F65C00C6D5757A9974F2E8C14

File Size: 1.50 MB, 1504256 bytes

MD5: d80ce8f9fe60834f403e13b049a0c93b

SHA1: 3d491b2742e2dce7c5c5d991db22c87d07f71157

SHA256: 1389A71109DE7437D1468DA7B6AC6A7E6E235F0163E3755BAA50EECD7724F52B

File Size: 530.43 KB, 530432 bytes

MD5: dbeef6a5b9a578a9034252fc97770963

SHA1: 23d35173d4cad10aa584135af18f2f55b82d5254

SHA256: A9C70F5264474075E7C2628B27063A21171D9301C5EE6545125F9C600B21077F

File Size: 2.56 MB, 2562048 bytes

MD5: db03cc7805b0b468fe1dd62d0b70852e

SHA1: 66f9cc626c01e4aa662905fe385aacd08fdf9781

SHA256: E5D86C6B580F8762C458B7FF0FD039B31B483B5AFEC265F7B69A9F998F557EFE

File Size: 2.36 MB, 2362880 bytes

MD5: 191d06712c76c7c8ab07136984dba149

SHA1: 4bf853445e4d87deafb4256fdde97ddab41d9866

SHA256: 74192584EB5666D9AAAD58766E1649F900FE1FDCB1DA28C711D4B518C6C716D4

File Size: 1.84 MB, 1841152 bytes

MD5: 2f0b3851a3b0e9098989f409abf2e3f5

SHA1: 86dc10b16f2678d1560777b95ce8ba71283180d0

SHA256: 9A4485A9EDA0B8A77BF0530613C91429E7EB62F733EE47F29F2B5A5F15368060

File Size: 1.29 MB, 1290240 bytes

MD5: 1c0424aeb4cf21e500d5e1cbb18d30ef

SHA1: 63e46657201ed30c514fac2608f7ac5c81f8d36a

SHA256: C11948DD1362AF210450AA9FCE38B24FC6E4F31DB4D29715A72CC8597788ED93

File Size: 6.03 MB, 6025216 bytes

MD5: a7bac6987dfcad2823bcf8610f3f8c39

SHA1: 2571b9d97947f7032c1ff3290757072d43846587

SHA256: 140F9F4E640B4C2AA4978C5C5784B31C756786E726DE5BB3B5DAA3C66CF9F048

File Size: 5.02 MB, 5022296 bytes

MD5: a3a424dbc576cf2d2a829f9afb40476e

SHA1: 67499e9ffc9dfd400ccf1d9cce6bb15b0c759b72

SHA256: DD9ACCCC5249BD1AA966C9B769286780EA593AB6F10425888BB8CB7BE90E967A

File Size: 7.64 MB, 7642624 bytes

MD5: 70b8932674bfb8d1e3da2e724b527bd6

SHA1: 0296d641420e4249031d43e55e65b9b60102f3c6

SHA256: C013BA0E42BD1B2C55531B957FD34DBA10D05A2C88EA76C4FC26E50F4A201CF9

File Size: 1.63 MB, 1634304 bytes

MD5: 8b3ca8e166799bfff08629a69a0ce478

SHA1: bdf9bfc9830515cc0626ca9e9dd38866d7b799ad

SHA256: 06D4DFE01DAD866A40432782ED64826BFADD23E99B63F12F255FAC1FADA7141D

File Size: 9.64 MB, 9635840 bytes

MD5: ae89f3aaef13790f0be238d2fe3d9d3f

SHA1: b746a7e6a9b7047ebfcf2b058aefdce135babf86

SHA256: C7525C34E25FC29AE394AF1D6F9B0FFA59FAC50C521899CEE80DDAAEC126A496

File Size: 1.94 MB, 1935360 bytes

MD5: d566cc0fa2b98ff6e8ee4d0cc2bf494c

SHA1: 6d30329886795cea3c2a17222655d8d936f77382

SHA256: D9F0E737CCD5B5FE1CD9CB66A719F89B261AB1CCE93FCDC067A35C4757727EBB

File Size: 473.09 KB, 473088 bytes

MD5: 9c67b9825e9c403ec04c4681b9e58168

SHA1: f6cdc2da11cc24a8bc10f1cb98dba45a468e5ee6

SHA256: AA767FEB7373C61532FFA2AD793AA27249C1088F5B8E1FC0E839C60C6094E240

File Size: 2.00 MB, 1995264 bytes

MD5: 2daccff36f2ef686bfc4223928812c4b

SHA1: 36325e65d7611a64392f91f28c4c067e93702d3f

SHA256: CF4EBF57EDCAEC9AA7399D77707020329947ED745F2DF603C57AF5E024F278F6

File Size: 568.83 KB, 568832 bytes

MD5: 87dfc178a2339c30b478c6ca08a2153d

SHA1: 388c5f61810d5ea0e4f5eca0ac069cc3ed49c823

SHA256: 6BF043F044F7756C3410CF19AEACD037965F32851C4496213D152D5D9E5FA466

File Size: 57.86 KB, 57856 bytes

MD5: f4a91426d33dc476881e93ea38612137

SHA1: 3135c2a54000aabc9395e983a4f62c72e470e4f6

SHA256: E9B6A59B1D90A4ADDFA965D78CC0EDF89152A2011738814A87D04951E2544C21

File Size: 1.51 MB, 1514496 bytes

MD5: fe92d74634288bc7f62451b2097df84a

SHA1: c59a2429ebd2cb62f50725c7a853f4b3ac16bad5

SHA256: 624501847F1B10B13DF3402DBF86FE936BED7188A99FA731A7FAC5EB227571DB

File Size: 2.52 MB, 2522624 bytes

MD5: d892b6de14f9bad47e367ebda10d4003

SHA1: e04969f2baecfe2443301fe74e259887dcaca2bf

SHA256: 50B29A30035B1608FDFE3596913CAF320F070153DECEA9CEA972F3736074427C

File Size: 718.34 KB, 718336 bytes

MD5: 0d6b80bbcd3cf706fef2cde45e7e1e5b

SHA1: bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c

SHA256: C9E6696F8AD7065AA2E2339BC396921E41A1E93A25C0A66206E7D3E338E38774

File Size: 6.31 MB, 6309430 bytes

MD5: b831badebaa55eeb0f5bca62fecdcf1c

SHA1: 6ce464aa416d3bd9189d044e058162afe7b857d2

SHA256: EC3F8E99B208A2FA3B42AA526D590E12C066222C197C6DC9532EC39EFF431AA6

File Size: 2.96 MB, 2964992 bytes

MD5: 1142ce8e28897dab86807c94cc059c8d

SHA1: 1aaeb60d24504fd918b9fdd6f9ba7474f106290c

SHA256: 7A66F7C9EA28B9C2353108D7A3BE73048008BD440F910806114B326DD7545B55

File Size: 1.50 MB, 1504768 bytes

MD5: 707e57f5b466c5213afff712d3d6aac9

SHA1: bf54807712e6a12a1b9bef03520c6f837cdc9bab

SHA256: ED335044BE6AEAAD503BB2D2BE70EDEA23123E84F300BD64E9FB0C5A73F4527E

File Size: 5.15 MB, 5153280 bytes

MD5: 230296c6e1d5a0cb79e7cd40c2f42db4

SHA1: 76fdc5cf1e60a8373cc53efb585d44d4084d6516

SHA256: 934F32264A329377BA58894FCA7D1D2B960C31F94761BF9B1068A2B4C621E954

File Size: 1.94 MB, 1943040 bytes

MD5: 8248b958654f21c5d092ab7e62f05eff

SHA1: 11b94b01869cf4d545f77d9cdbb34600d450420d

SHA256: 9A8104845C2075286ACD86C089631649E8B6F1121CFF4A7FDC6B8902FA1FF977

File Size: 1.29 MB, 1294336 bytes

MD5: 6539803a040d63a876bc027d7b0b21fc

SHA1: 7588ed7a39168ee0a6a5c3d773042804d4596a38

SHA256: F831B4A858DB6BDF617DF94B19B7C220D22C163AF205C54F7573B22DC50DC419

File Size: 202.75 KB, 202752 bytes

MD5: f08c8d29bd3e13c3a0426c8d187bfb8a

SHA1: 13a015bfa9009d20f31cfb1d79090e67a8af48d7

SHA256: FB711007615191FC175A94260FCF377A40302BB70510192565082AB26B6BC58D

File Size: 360.48 KB, 360479 bytes

MD5: 6769a26479d04b72bfa40bfd140bc9de

SHA1: fc9e1f17fa172b639050903a65607ffbc069444a

SHA256: ED15E96C6600A9F7DCB10063D1448375DA5B9219D9EF4958C7D3B8C338208C53

File Size: 7.27 MB, 7266816 bytes

MD5: fd508abfea36a4e802b45a6a52495101

SHA1: e840fe746dec9d3321cb7fc39a44373fb53363f5

SHA256: 6EA04358BCA54A2EBB7C730768E101917FE3C317BE606C522705E8929CC3CC76

File Size: 718.34 KB, 718336 bytes

MD5: 799be0dbaeb4204ecf49ff4d3e593ffa

SHA1: 67c522854bfe8441489a695eda2945d9f73b35c3

SHA256: DBDC542B635A0AE8BF013B704369993F4571EE4E936888F82A70D2C4A1CC1713

File Size: 3.83 MB, 3834167 bytes

MD5: b47a96e4a7568cf52fc1bcb5181831e0

SHA1: b6f426fc6ed04b1b970e39c6a62fdcc05f398ca7

SHA256: 1624C8759E9DFDDA883A06D9EB9201FCA2165493E068067F90C088B25B0CE26E

File Size: 7.88 MB, 7879168 bytes

MD5: a35bce35cfba9e85ea2cab8dfc5e9962

SHA1: 00cda6928231dff4cbf3a18ccabe569b588d776b

SHA256: 4C0C48558754FC8EFEBCF9E6EC41A1D0E145FDF2A7F6E76D340E2E7E1BDC2487

File Size: 2.12 MB, 2123776 bytes

MD5: 1a0dfee0a9c9dcb605e9473ef435d61c

SHA1: 3f57e04d3949c0651067e36450d53d92947cc641

SHA256: 740DBF8B5031CA283B25936F46337B80401495C7219947FD6D35BC553E191847

File Size: 631.43 KB, 631433 bytes

MD5: cf271c6fdcc847fce62e9fb918d60ae7

SHA1: cd55b0e814aafb8286819e9ea006d176eae33f7b

SHA256: 45D4D7570F9ED14F02C61D8F4091AF5A87305CB923270D55062FB3DA118F6810

File Size: 1.96 MB, 1963520 bytes

MD5: 5f8fb61521eff85bb034716a8cc66231

SHA1: b1b0b11fb70ab0b57f41bcfa36acc4cfe1200877

SHA256: C0ADACD0352624DC1046E66B4A07BF3D1516310364F8EDEF077585DFAF3C9C9E

File Size: 4.19 MB, 4188160 bytes

MD5: 66a0e4f848bdba8d8c60e988a519f711

SHA1: 1f9bc08b195f768b534bf1498d166022f7914720

SHA256: 87A382BA26EFB86B5860B23B6094F79ABA169DCF1E1FF40A0231750F3836419D

File Size: 623.10 KB, 623104 bytes

MD5: 7531c1219397a53cc6903bdcab0b3033

SHA1: 6682cc62c4e6d512221ecfffc77e594dfedf288a

SHA256: 700D53E7811C19E4A795198F252B8090ADB22F161C0FE3A449D82B779C52E315

File Size: 557.06 KB, 557056 bytes

MD5: 6a23b2088e5e90d6318b8d50c32bbd42

SHA1: 45617fb42d5624a25e948203c83c4f8c69783def

SHA256: 2956D85B41274E90F5CD29637514DDD3E0E74BC68CEC0ABF58CBFCAEF0D451F1

File Size: 1.33 MB, 1328640 bytes

MD5: c40f1e50b513479dbd32e4efffcf8d6f

SHA1: ac62a4d97ae4c2ba1d8b998e79362243f18750b1

SHA256: 29423F715BF9CEE1DA181AAE383E696D4E0CF6C33FC469A56BF8D6509B23C39A

File Size: 150.53 KB, 150528 bytes

MD5: 0e7548dd03b712743390e8c3c9637a7c

SHA1: a822d13cfca0e65526df410028f63ab0c6f8b52e

SHA256: 1D9CE3DB742867F56B7FDFA1C9F210C5D12032179B018173A45AF4D87D066250

File Size: 1.50 MB, 1497088 bytes

MD5: 4b39ae50c91560aa24d23bf99ee40cbf

SHA1: 98122d030f1368c7280e5f03bccfa6851a05c06e

SHA256: 0F890156D00721C74DB5CCB2D50E7AFBA1D64BF3EE89EC36A6BC0C3B6817D093

File Size: 4.33 MB, 4333056 bytes

MD5: e7207192deccc1273fd3490dee61cbee

SHA1: eaba9a6c719da4218dc69f483f0a979a33946755

SHA256: 325EDCA33855252D12378A91DFF508EFB1B9E688DD0D10C3BE8FBAA04FB54C06

File Size: 42.50 KB, 42496 bytes

MD5: 3b7e587bc4eab85e9fc6f8658270b002

SHA1: fa4f1be181e28472e492af9d139aef0b0095ce63

SHA256: BBAD2B2AFFE61DDF469ED7B3C92FC22F150EE8165F8F4B766C2C5F3FC5322646

File Size: 6.72 MB, 6718580 bytes

MD5: 4a0f14223a29d3dcc773a154621b66f7

SHA1: 2e016ef49d18a5166eb78782b52029d8c722b5f6

SHA256: B137C3442EE1C09926801EFB82890D24DF519B17312EA6157503E169ED91B5B3

File Size: 1.30 MB, 1302016 bytes

MD5: 141a1d2c944d59ac65c185f5b38882fa

SHA1: 4d06f1d02a821d35bf680300fc47463c6e720095

SHA256: 32BC6CA0CA77A92A15525A61074F897A52B228B9EB280F49718E5A08F7E765E9

File Size: 1.37 MB, 1374208 bytes

MD5: f4cca7c00e8afdca953eb02e491f3886

SHA1: 794a2186ab7939594fd14f9009ee22500da7a0e6

SHA256: F9DA2FAAC4052AED34079B242F8D0DF912CFAED7769BDFFB92CF9AFF315A87F7

File Size: 73.79 KB, 73792 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

42 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	2025.12.18.3 2025.11.11.3 5.4.0.0 5.0.0.0 3.1.0.0 3.0.0.0 2.8.0.0 2.7.0.3 2.7.0.0 2.4.5.0 Show More 2.3.0.0 2.1.24.2128 2.1.0.0 1.5.6.0 1.3.6.9 1.2.3.0 1.2.0.0 1.1.4.0 1.1.1.1 1.1.0.0 1.0.0.0 0.0.0.0
Comments	AREPATOOL A12 Audio Services Update iPhone Activation Tool SpiderPRO The Ultimate Dota 2 Mod Manager - Easily install, manage, and organize your Dota 2 cosmetic mods with a sleek modern interface. The Ultimate Xbox 360 Modding Tool This installation was built with Inno Setup. Wllpaper Engine XCoder ZeroSecurity0 Show More [SM] Launcher For DayZ
Company Name	@ChristianMuhi7 Ardysa AREPATOOL A12 Audio Services Bypass Emulator d3velopersteam.com DDtank World faou.free.bg iSkorpion.com KZ Tecnologia Show More loader OPFlashTool SkyNet A12+ Steamworks, Wallpaper Engine, Inc. Unknown Development Inc. ZeroKnoxRemoval [Server Manager]
File Description	A12 Tool ArdysaModsTools AREPATOOL A12 asdas2dasd Audio Services Auth Black MythWukong BYPASS Bypass Bypass Emulator Show More csrss DayzZona Launcher DDtank World DevTeamPRO A12 Tool FANKAR REG V 1.1 FAOU ACTIVATOR FFH4X MOD DESIRE Fortnite H-Malware Builder V5 HFZ Activator A12+ Premium Horizon iBypass LPro A12+ KZPROG Setup Launcher Dignot Launcher MelhorOT Launcher Mythera Launcher Valdraken loader Mafi Ai Aimbot !! Motov05 myprivatebypass OBS Studio OPFlashTool REYD FREE Sheet Rat SpiderPRO Uid Bypass Loader vison free Wallpaper Engine ZeroKnoxRemoval
File Version	2025.12.18.3 2025.11.11.3 5.4.0.0 5.0.0.0 3.1.0.0 3.0.0.0 2.8 2.7.0.3 2.7.0.0 2.4.5.0 Show More 2.3.0.0 2.1.24.2128 2.1.0.0 1.5.6.0 1.3.3.9 1.2.3.0 1.2.0.0 1.1.4.0 1.1.1.1 1.1.0.0 1.00 1.0.0.0 0.0.0.0
Internal Name	AMARRENEX.exe ArdysaModsTools.dll AREPATOOL A12.exe Audio Services.exe Auth.exe Black MythWukong.exe Bypass.exe Bypass Emulator.dll Cz Ai Aimbot !!.exe DayzZona Launcher.exe Show More DDTank World.exe DevteamproA12.exe FAOU ACTIVATOR.exe H-Malware Builder V5.exe HDN Uid Bypass Loader.exe HeadShoot Storefps.exe HFZ Activator A12+ Premium.exe Horizon.exe i-RTA12.exe iBypass LPro A12+.exe IMMORTAL 1.0.exe Launcher.exe Launcher Dignot.exe Launcher MelhorOT.exe Launcher Mythera.exe Launcher Valdraken.exe loader.dll MainV.exe MicrosoftEdge_X64_121.0.2277.106_121.0.2277.98.exe MotoTool.exe OPFlashTool.exe REYD FREE.exe SAM XX 2.6.8 C#.exe Server.exe SkyNet A12+.exe SolaraBootstrapper.exe SpiderPRO A12+.exe Steal1.exe Steal3.exe TJprojMain TRX PREMIUM 1.0.exe TStool.exe VG Version 3.1.exe VISON FREE.exe Wallpaper32bit.exe winPEAS.exe ZeroKnoxRemoval.dll
Legal Copyright	Copyright FuckYouAll© 2025 Copyright © 1907 Copyright © 2013 Copyright © 2019 Copyright © 2022 Copyright © 2023 Copyright © 2024 Copyright © 2025 Copyright © 2025 Copyright © 2025 Gus Show More Copyright © 2025 GusCEO Copyright © 2026 Copyright © DDtank World Sync 2024 Copyright © Developersteam.com 2025 Copyright © FAOU. 2025 Copyright © iSkorpion.com. 2025 Copyright © Mw soluçoes digitais me Copyright © SkyNet. 2025 Copyright © Unknown Development Inc. 2017 Zero Security © 2025-2026 Ardysa. All rights reserved. © Wallpaper Engine, Inc.
Legal Trademarks	@d3velopersteam @iSkorpionOfficial @SkyNet @TND95 AREPATOOL A12 SpiderPRO [SM]
Original Filename	AMARRENEX.exe ArdysaModsTools.dll AREPATOOL A12.exe Audio Services.exe Auth.exe Black MythWukong.exe Bypass.exe Bypass Emulator.dll Cz Ai Aimbot !!.exe DayzZona Launcher.exe Show More DDTank World.exe DevteamproA12.exe FAOU ACTIVATOR.exe H-Malware Builder V5.exe HDN Uid Bypass Loader.exe HeadShoot Storefps.exe HFZ Activator A12+ Premium.exe Horizon.exe i-RTA12.exe iBypass LPro A12+.exe IMMORTAL 1.0.exe Launcher.exe Launcher Dignot.exe Launcher MelhorOT.exe Launcher Mythera.exe Launcher Valdraken.exe loader.dll MainV.exe MicrosoftEdge_X64_121.0.2277.106_121.0.2277.98.exe MotoTool.exe OPFlashTool.exe REYD FREE.exe SAM XX 2.6.8 C#.exe Server.exe SkyNet A12+.exe SolaraBootstrapper.exe SpiderPRO A12+.exe Steal1.exe Steal3.exe TJprojMain.exe TRX PREMIUM 1.0.exe TStool.exe VG Version 3.1.exe VISON FREE.exe Wallpaper32bit.exe winPEAS.exe ZeroKnoxRemoval.dll
Product Name	A12 ArdysaModsTools AREPATOOL A12 asdas2dasd Audio Services Auth Auto Update Black MythWukong Bypass BYPASS Show More Bypass Emulator csrss DDtank World DevTeamPRO A12 Tool FANKAR REG V 1.1 FFH4X MOD DESIRE Fortnite H-Malware Builder V5 HFZ Activator A12+ Premium Horizon iBypass LPro A12+ iSkorpionA12 KZPROG Launcher loader Mafi Ai Aimbot !! Motov05 myprivatebypass OPFlashTool Project1 Sheet Rat SkyNet A12+ SpiderPRO Steam® Operating System update console loader ZeroKnoxRemoval
Product Version	2025.12.18.3 2025.11.11.3 5.4.0.0 5.0.0.0 3.8 3.1.0.0 3.0.0.0 2.7.0.3 2.7.0.0 2.4.5.0 Show More 2.3.0.0 2.1.24-beta 1.5.6.0 1.2.3.0 1.2.0.0 1.2.0 1.1.4.0 1.1.1.1 1.1.0.0 1.1.0 1.00 1.0.0.0 1.0.0 0.0.0.0

Digital Signatures

Signer	Root	Status
AO Kaspersky Lab	GlobalSign Code Signing Root R45	Hash Mismatch
Harpy Cert	Harpy Cert	Self Signed
Kaspersky Lab	Kaspersky Lab	Hash Mismatch
rodrigojeffersonk2003gmail.onmicrosoft.com	Microsoft Enterprise Identity Verification Root Certificate Authority 2020	Root Not Trusted

File Traits

.NET
2+ executable sections
Agile.net
big overlay
CreateThread
CryptUnprotectData
Fody
Goliath
HighEntropy
Installer Manifest

Installer Version
MZ (In Overlay)
NewLateBinding
No CryptProtectData
ntdll
Nullsoft Installer
RijndaelManaged
Run
SmartAssembly
VirtualQueryEx
vmp section variant
WriteProcessMemory
x64
x86
Yano
ZYXDN

Block Information

Total Blocks:	22
Potentially Malicious Blocks:	1
Whitelisted Blocks:	6
Unknown Blocks:	15

Visual Map

0 x ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\appdata\local\ddtworld\logs\checkupdate.log	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.blf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\d737a8eb3e29ecb2162fdd9b4dea427a\d737a8eb3e29ecb2162fdd9b4dea427a.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hello.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ijxds.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fhmrq.tmp\bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c_0006309430.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rcxa8ed.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rcxa9b8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\rcxaab2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rcxe05b.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rcxf79.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\zgokr00.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zgokr00.exe	Synchronize,Write Data
c:\users\user\downloads\crash.log	Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve.log1	Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2	Read Data,Write Data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::black mythwukong	"c:\users\user\downloads\3adff7ac7a5f1dac7ab4ca35757ce5845078fe7a_0003815424"	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winsock2	WSAConnect WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket freeaddrinfo getaddrinfo recv send setsockopt
Network Winhttp	WinHttpOpen
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Keyboard Access	GetKeyState
Syscall Use	ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort Show More ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueryWnfStateNameInformation ntdll.dll!NtQueueApcThread ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResetWriteWatch ntdll.dll!NtResumeThread ntdll.dll!NtSetContextThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetSystemInformation 20 additional items are not displayed above.
Process Shell Execute	CreateProcess
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory

Shell Command Execution


							C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 804


							"C:\Users\Sbyssnnx\AppData\Local\Temp\is-FHMRQ.tmp\bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c_0006309430.tmp" /SL5="$60304,5490584,780800,c:\users\user\downloads\bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c_0006309430"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Spy.MSIL

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Searchscr.com

PUP.ShieldPlus

Isafe-net.com

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen