Class: Trojan-GameThief
This type of malicious program is designed to steal user account information for online games. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan-GameThief.Win32.OnLineGames
No family descriptionExamples
C17A1254C8E4C7D917E5ABA8A8A7C58D910E709F6D858A61D2CF4EAFF9360F24
8A529A14DD2AC805C739B7493EE11C06
91B4DB926826BDF6BC8403E451CCB9F8
4B63CFA314D8B39949242C9FEF7D9FE3
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1218.010
Regsvr32
Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.