Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan.WinLNK.StartPage
No family descriptionExamples
E0D30E2CF8FBEBC0D492B3C65067B5F1CC402C4AAB62C293126940F8259DD8E0
013D9EC2CCDEC36F5EFF2B912628C792
0D23178A6762BF3EEF00A62E865E2D7B
02A04A882BA3EA3C04D803402B702C42
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
T1218.010
Regsvr32
Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.