It has been observed attempting to inject code into explorer.exe or svchost.exe to mask its activity. Malicious Capabilities
Certain "v0.2" builds have been linked to Remote Access Trojans (RATs), allowing an attacker to execute commands or view the user's screen. Detection Statistics Microsoft Defender Trojan:Win32/Occamy.C Kaspersky HEUR:Trojan.Win32.Generic Bitdefender Gen:Variant.Lazy.152843 Malwarebytes Malware.AI.4285102000 Risk Assessment
It may create a scheduled task or add itself to the Startup folder to ensure it runs upon every boot. Security Evasion spoofer v0.2.exe
Do not execute. If already run, disconnect the machine from the internet and perform a full offline scan.
This file is commonly distributed via "free cheat" Discord servers or YouTube descriptions, which are unverified and high-risk sources. If you have already run this file, It has been observed attempting to inject code into explorer
Analysis shows some versions include modules designed to scrape browser cookies and saved passwords (targeting Chrome, Edge, and Discord tokens).
The executable often attempts to modify HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IDConfigDB to alter hardware identifiers. Security Evasion Do not execute
Registry modification, credential harvesting, and disabling of security software. Technical Analysis Summary System Modifications