Categories: Crack

Application.Hacktool.YL (file analysis)

The Application.Hacktool.YL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Application.Hacktool.YL virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Anomalous binary characteristics

How to determine Application.Hacktool.YL?


File Info:
name: 1F23932652110260099C.mlwpath: /opt/CAPEv2/storage/binaries/985476e5a5b3ac39ae74849a5df6705e922c7404b700e6b52802220d420ee389crc32: 781C02CFmd5: 1f23932652110260099ced8a04bc9c3csha1: cbce721661aa8d664b2b533116f4d2c74b8b7b27sha256: 985476e5a5b3ac39ae74849a5df6705e922c7404b700e6b52802220d420ee389sha512: 4146565a3831cfa46ffca5ed326f32bb3914c69b0d00e8a5c08f4278db33e44a1eb9b3166bca2d36a71bcc012d70b0f42be006770e56b0f71b5a93341625ef2fssdeep: 6144:9DKW1Lgbdl0TBBvjc/lUqffOV2qSFu6nxf/68n3pVfJ3d9SVU/rZAH:1h1Lk70TnvjcjnC2FU6xxnz9SVU/tAHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16A74DF2171C0C172C4B6113045E6CB7A4A7A7C21177A92D7BAD97FBB7E312D0A7362CAsha3_384: 98842112af52e9fe4d38bcb23742f94bd213cc37c71351ff23b06a63d1b3f5ba4523d3f78c9f8b58facd3618c9067239ep_bytes: e8e15c0000e9a4feffff8bff558bec83timestamp: 2012-07-13 22:47:16
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: TerteusLoaderFileVersion: 1.0.0.0InternalName: TerteusLoader.exeLegalCopyright: Copyright ©  2017LegalTrademarks: OriginalFilename: TerteusLoader.exeProductName: TerteusLoaderProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Application.Hacktool.YL also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Application.Hacktool.YL
FireEye	Generic.mg.1f23932652110260
McAfee	RDN/Generic Dropper
Cylance	Unsafe
Zillya	Dropper.Injector.Win32.84576
Sangfor	Riskware.Win32.Agent.ky
CrowdStrike	win/malicious_confidence_60% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/DllInject.AQG potentially unsafe
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
BitDefender	Application.Hacktool.YL
NANO-Antivirus	Trojan.Win32.Drop.eyzeyg
SUPERAntiSpyware	Trojan.Agent/Gen-Injector
Tencent	Win32.Trojan-dropper.Injector.Dzkd
Ad-Aware	Application.Hacktool.YL
Emsisoft	Application.Hacktool.YL (B)
Comodo	Malware@#2mted7slhro3w
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	Generic PUA ML (PUA)
Ikarus	Trojan.MSIL.Crypt
GData	Win32.Trojan.Sabsik.B
Webroot	W32.Injector.tytg
Arcabit	Application.Hacktool.YL
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Occamy.B
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34212.vq0@amCr@Bm
ALYac	Application.Hacktool.YL
VBA32	TrojanDropper.Injector
Malwarebytes	Trojan.Injector
Rising	Dropper.Injector!8.DC (CLOUD)
Yandex	Trojan.DR.Injector!+HD3rdmFR6U
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.TYTG!tr
Cybereason	malicious.652110
Panda	Trj/CI.A