Trojan.Stealer.HL

By CagedTech in Stealers, Trojans

Threat Scorecard

Popularity Rank:	2,811
Threat Level:	80 % (High)
Infected Computers:	424

First Seen:	September 21, 2021
Last Seen:	April 22, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Stealer.HL
Signature status:	No Signature

Known Samples

MD5: d71c65219d6f1aaae0a9f4882d327d1a

SHA1: 35f7eee35313946e314f59284486f5412f14cc77

SHA256: 906C6CF053FC2630E454804DD4D09F63B61B1C7A529667CFF4ED48CB4620F5A6

File Size: 2.18 MB, 2179072 bytes

MD5: 20bef72cccf1622106413b847bae5811

SHA1: aa0f5283de19b99a9d359a9e6a2508f15dae614c

SHA256: 22536D962B22EA593743870ADE9F92DBAAC722D183D423313DAFA6E1926635A5

File Size: 1.26 MB, 1261568 bytes

MD5: 9b91f024d23817cd01e4bcc2168efd29

SHA1: 83a60799c6594494df900b183655d8220982cf72

SHA256: 8B82D2FF0A065FCF866A4E602DE74D46084DACCD6AB11B5A1969D235A6467794

File Size: 979.40 KB, 979402 bytes

MD5: bfa7a6dc1df979e735d83101c52af8c0

SHA1: 296e0084a820f95c2382ecd667ba7d1e09b2c395

SHA256: 27011AD5E2D27E5A6DD7E18725874725DFFDEF3AE9EED9E6AB9B515A60A6F06B

File Size: 978.43 KB, 978432 bytes

MD5: 21bb002a8a359e2a6392e3d8f3b8dd14

SHA1: c2153c2fef4edc56666a10a03899c84f9d9e1db9

SHA256: 1A0CF7CE06A6C626859AB6DAA3D153AF2B470FA990BD3916F49D5BF3B554AEEF

File Size: 1.98 MB, 1975850 bytes

MD5: bca422ba7bb40432ae043b1a506af613

SHA1: 54138048b9a16138b2c976827e00fcf39e4a0505

SHA256: 246087931D798AAB7C6078E81A190DC97647C45F3C6D6A26D19840B8B74E460B

File Size: 1.18 MB, 1180213 bytes

MD5: 64b3d494c2021e64d3c5aef69aaae49e

SHA1: d3899ee46b3cbc0544df1d4d190ae554cf1b674f

SHA256: D884DC9FEA0CAF2118D75709C4DD13BFD321470891E1B4D136CE210937419670

File Size: 8.13 MB, 8129593 bytes

MD5: b3ca3f5e3ea629f055f560a2a65d8b71

SHA1: 3b4938abb1c8e877592971505211d48fc7bd14c6

SHA256: 350043D7FA2B2A903587A98232DD847D5E1B5C6A3AC8A0FCE52BA18878058E75

File Size: 2.47 MB, 2465490 bytes

MD5: 9ad60f273e44e9ad692eaaaa79fab016

SHA1: eb1452a0a670d24b0564317610f62982d79d3d98

SHA256: 400E6C981F78C0922F2685948B5CB5723A1ABD15F5C05795FD1C08C4CD81746B

File Size: 9.31 MB, 9309736 bytes

MD5: 5c3188508b6aa1bc977f62984ea0ca99

SHA1: e9d33ba7fa20969335615d60bac422ca76869ab5

SHA256: CF13AA0B0C939B3513B338B79B383ABCEB37872AEAB4CDC27E84C96B7AF81B0E

File Size: 8.92 MB, 8919395 bytes

MD5: 807643f1642139d2c217b720495748d0

SHA1: fd865f4d3bd868e0c571788b43bb1df805d3d767

SHA256: 8A18B990E70B1394AD774382DCEAF33C4D66C96BBB54945D5252A73501E24386

File Size: 1.44 MB, 1435136 bytes

MD5: aaedace748774017b6c86ca06e8b3e71

SHA1: 56a412c14e9ff664791616b6063364da186827d0

SHA256: B908C3CDB31332B2F5B7A222A78EFE406E17E14D623717237795CEDD5E70634A

File Size: 7.99 MB, 7991075 bytes

MD5: e0293e90704ce09ec7880ee3843756a8

SHA1: e05af617a7a300043e350de373193a12658ee814

SHA256: DABF600470244B94B0EDC602100325D1999C2FEE75EE8C37A0916FDD043C9428

File Size: 1.44 MB, 1435136 bytes

MD5: 082a0e06a23f471342d4037b58848b5b

SHA1: 5fb8283520c9be1555e43c79cd79f9d4c3593d38

SHA256: 212C71A5ED26CA6798B2C97018B5722036ED998BBDA5803EA97D7C88DCF62EAC

File Size: 1.44 MB, 1435136 bytes

MD5: 0ea3f8eccd5e51892a94937dbdc046f9

SHA1: 4049abc2845bfc130dc50cf20f5cb0847b771189

SHA256: DFE44094158725DB2398E4FD4E15EE4AD93BDC33F76D830808DC299B3F8201E2

File Size: 1.78 MB, 1775616 bytes

MD5: daa40c422b9f7eb9db2cdc886a4bd382

SHA1: 5179dfe87f825994e2abc4902f34af4fd14b6471

SHA256: 6FA537881173229214D1AB78EE034F14BC97EBF3276D269C759B82BA0C46DE37

File Size: 1.44 MB, 1435136 bytes

MD5: c9395355c29095628188a795b1208e14

SHA1: b058d35bb7ed9f25e09b368f7ba4d45b38cd2aaa

SHA256: 64BE032653B298F6E3257EFBDD6439202F291AAFE1414E6A1DC6B0A5ECB8B8E2

File Size: 1.89 MB, 1894837 bytes

MD5: 7780911a2aa59b604e6a750ff1f80fb0

SHA1: a439878fa453709e7dbf65b1d00239f84ef928e9

SHA256: 391F2F1B6373D9C0DAF2F3E0E0B26673575E85E851C61B32A559C3C8A3EB7696

File Size: 1.44 MB, 1435136 bytes

MD5: 4a7bd2fe14b0ac4c0b96410cdf20e2b6

SHA1: f88f1ff9725396a5bb8d36ae1db9a78374978975

SHA256: AB810A838A3977C7F113EB82A8F76490A6045DA16E7E0B47526DD145B5E20A77

File Size: 993.28 KB, 993280 bytes

MD5: be32b198a1c2df24a8683dcd3dd6f2c9

SHA1: c594bcd2dccc141e4f5e5015a64369048a5d4da7

SHA256: 7B8DA408918E30D2F2C1EB593135EC4D71C420457B9A00353B3BD7EA2E6A56E7

File Size: 1.45 MB, 1454592 bytes

MD5: 14ce764ef3aa813520b9912defca5826

SHA1: 1996e7376b97234164245333ba27e2b4ce7d64c1

SHA256: D96E958E7324B70DFDCC02274C89A4B61607BFEB032F2AB9032A210A1E6E8EA4

File Size: 960.00 KB, 960000 bytes

MD5: e36f191b06f7b47acb6c87a97c21d7bb

SHA1: a3a804c5bce7945bc3496c847d561bf7fab2033c

SHA256: B88845DECB4E372BAE7000CFDEB2EC17409B5F209DFAC78AFD5F79AF41C4AE7E

File Size: 1.44 MB, 1435136 bytes

MD5: 310e2caf69be3378a6f8b760810a6184

SHA1: 1e6052d4e48e895f5adc48902ffd1ea22a89b209

SHA256: CD02D1163DC198A386076BE813BF87A826B0C3D574EDBBFDCBBF99D1ACA83C12

File Size: 4.06 MB, 4063815 bytes

MD5: cc65942ca75d1af7143cf6f635fe5796

SHA1: 0fde4c0e53399e6cfffafa3a37784fcc2068dba5

SHA256: 98C0EE5C96B5A55EA4CD4A4D9ECB4C00E3DB0BA2C458806CFEEDE99EB56E4BB1

File Size: 2.24 MB, 2241665 bytes

MD5: 52e2cf6ff27a693fa3689e888ba11c89

SHA1: 90235429af3852544857b1dd3b3ce734f64e7fa8

SHA256: 7767F46D3370567F269C41DFCCB75D2E15BC5C63B80DECC65A10AF1D323CC29B

File Size: 1.46 MB, 1458176 bytes

MD5: ffd99f324b3a36498f48173f3bbeb2e8

SHA1: da682e3755fe02bf1f819a23f95ea5a7344abd64

SHA256: 20F2A300FB25A0101D76286AB0986090000D15FB7AD7970AE76BE85AA0B2B9E9

File Size: 1.44 MB, 1435136 bytes

MD5: bf87af35ba0f3b4d4141e451e6832b9f

SHA1: af8ca2dd8b532fd6aeb53a3cb828e2ed3e484989

SHA256: 94886A5549C0DFE73C3DDDBDE860100794D482A9F4888DEB67FD29714882A99A

File Size: 3.91 MB, 3913548 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	Created with InstallForge 1.4.3 Created with InstallForge 1.4.4
Company Name	Bitcoin Core Draminski S.A. Jai Maa Kali Konplast MATURADOR Ninja Sage Team AntiLag UEVR Team UNISOC
File Version	OpenSkyPlus 1.0.1 28 05 4.19.38.134 2.6.2.0 2.1.0 1.3.1 1.2 1.07 1.00 Show More 1.0.0.47
Internal Name	bitcoin-update-win64- DramPHSetup kplwebdocssigner_installation MATURADOR - 1.2 Ninja_Sage_Launcher_Installer OK PARAM OpenSkyPlus 1.0.1 Installer TEAM Fix 2.1.0 Installer TJprojMain UEVREasyInjector Show More UNISOC_Drivers
Original Filename	bitcoin-update-win64-.exe DramPHSetup.exe kplwebdocssigner_installation.exe MATURADOR - 1.2.exe Ninja_Sage_Launcher_Installer.exe OK PARAM.exe OpenSkyPlus 1.0.1 Installer.exe TEAM Fix 2.1.0 Installer.exe TJprojMain.exe UEVREasyInjector.exe Show More UNISOC_Drivers.exe
Product Name	Bitcoin Core Setup Dram PH Data Setup KplWebdocssigner Setup License Param April - May 2025 Setup MATURADOR Setup Ninja Sage Launcher Setup Project1 Setup Spreadtrum Driver Setup TEAM Fix Setup Show More Unreal VR Easy Injector Setup
Product Version	OpenSkyPlus 1.0.1 28 05 4.19.38.134 2.6.2.0 2.1.0 1.3.1 1.2 1.07 1.00 Show More 1.0.0.47

File Traits

2+ executable sections
7-zip (In Overlay)
HighEntropy
Installer Version
No Version Info
SusSec
x86

Block Information

Similar Families

Stealer.HL

Files Modified

File	Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ǜ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://www.ledyazilim.com/logo.gifhttp://ksandrafashion.com/l	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	䡴⬋	RegNtPreCreateKey
HKCU\software\apcr::u2_0	ᩣ	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Stealer.HL

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Kryptik.JUD

Trojan.Agent.MBD

PUP.Baidu.A

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen