Most variants use heavy packing (like UPX or custom crypters) to hide their true code from signature-based antivirus scanners.
Potentially Unwanted Application (PUA) / Trojan / Infostealer spoofer v0.2.exe
It has been observed attempting to inject code into explorer.exe or svchost.exe to mask its activity. Malicious Capabilities Most variants use heavy packing (like UPX or
The executable often attempts to modify HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IDConfigDB to alter hardware identifiers. Analysis shows some versions include modules designed to
Analysis shows some versions include modules designed to scrape browser cookies and saved passwords (targeting Chrome, Edge, and Discord tokens).
Certain "v0.2" builds have been linked to Remote Access Trojans (RATs), allowing an attacker to execute commands or view the user's screen. Detection Statistics Microsoft Defender Trojan:Win32/Occamy.C Kaspersky HEUR:Trojan.Win32.Generic Bitdefender Gen:Variant.Lazy.152843 Malwarebytes Malware.AI.4285102000 Risk Assessment
It may create a scheduled task or add itself to the Startup folder to ensure it runs upon every boot. Security Evasion