Mail Access Checker G-klit.rar -

Detailed sandboxing on ANY.RUN indicates the following behaviors:

The tool is built using Python and packaged as a Windows executable via PyInstaller . This is a common technique used by malware authors to hide malicious scripts within a legitimate-looking container. Indicators of Compromise (IOCs): MD5: 02EADD468D5B5A606F3A73770AE73A41

Mail Access Checker by G-KLIT.exe (contained within the .rar archive). Verdict: Malicious Activity Detected . MAIL ACCESS Checker G-Klit.rar

39063D85E04B6DA2A504FED78BF9B8ADA68EAE7CDD1945D9D2AD1D576F149B31 Functional Analysis

The file is a high-risk package containing a known malicious executable . While advertised as a "checker" tool—likely for verifying the validity of email credentials or session cookies—forensic analysis identifies it as a sophisticated data-stealing Trojan. Core Identity & Malware Classification Detailed sandboxing on ANY

The program presents itself as a tool for checking mail access (often used by "gray hat" or malicious actors for credential stuffing).

Like many modern Trojans, it may attempt to establish a foothold on the host system to remain active after reboots. Risk Summary Verdict: Malicious Activity Detected

Upon execution, the PyInstaller-packed script likely targets sensitive local data, including: Saved browser credentials and cookies. System metadata for remote tracking. Potential keylogging or clipboard hijacking.