Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.FlyStud.DB

Trojan.FlyStud.DB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 12,545
Threat Level: 80 % (High)
Infected Computers: 712
First Seen: September 19, 2022
Last Seen: June 1, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.FlyStud.DB
Signature status: No Signature

Known Samples

MD5: 87153a981152c11bb57ce2c126d1dade
SHA1: 5ef59625ff3b6142387fee92448a8f8cd2ba78f8
SHA256: AB61C2ED61AB9CD26C51EA1226370B306B9B619B83EF15B7EE6F723026685F6D
File Size: 1.24 MB, 1243400 bytes
MD5: 8523b63d9d4917be0931267a5b2834bf
SHA1: d71296cc7647a4b2d947bf3714e42ae5b1b36e44
SHA256: 9EBD7C3D32F6B33AE48443F42A7ED9ED447067220AF5DBF6438C6BED1CE97A9C
File Size: 1.17 MB, 1173962 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • 编译于2026/01/23
Company Name
  • Pzwboy
File Description
  • NIKKE Hosts v1.3.4.0
File Version
  • 500.0.0.0
  • 1.3.4.0
Legal Copyright
  • By Pzwboy
  • ⑨ 版权所有
Product Name
  • NIKKE Hosts
  • 易语言程序
Product Version
  • 500.0.0.0
  • 1.3.4.0

File Traits

  • 2+ executable sections
  • big overlay
  • x86

Block Information

Total Blocks: 102
Potentially Malicious Blocks: 5
Whitelisted Blocks: 91
Unknown Blocks: 6

Visual Map

0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? ? ? 0 ? x ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\e_n40005\commobj.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\edroptarget.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\ethread.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\iext.fnr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\iext2.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\krnln.fnr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\krnlnex.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\spec.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e_n40005\threadpool_fne.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nikkehosts\eapi.fne Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nikkehosts\internet.fne Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nikkehosts\krnln.fnr Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\e2c6cbaf0af08cf203ba74bf0d0ab6d5_7f584189dfcc61aa971930ca5aed3120 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\f2324d0f4e082f1fb1600cfc6410db8b Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\e2c6cbaf0af08cf203ba74bf0d0ab6d5_7f584189dfcc61aa971930ca5aed3120 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\f2324d0f4e082f1fb1600cfc6410db8b Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile
  • InternetSetOption
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...