The file identified as (often associated with strings like "李映йњÐ") is linked to a highly dangerous Remote Access Trojan (RAT) known as Moonrise , which was widely documented by security researchers in early 2026. Executive Summary
: Once executed, it can modify the Windows Registry to ensure it restarts automatically with the computer, often masquerading as a system process like svchost.exe . Risk Assessment of the ZIP Archive The file identified as (often associated with strings
: The malware enables attackers to execute remote commands, capture screens, monitor microphones/webcams, log keystrokes, and harvest credentials from browsers and clipboards. ZIP files are a preferred delivery method for
ZIP files are a preferred delivery method for attackers because they can bundle multiple malicious components that remain dormant until unzipped and executed. Why ZIP Uploads are Dangerous - Cloudmersive APIs It is frequently distributed via ZIP archives masquerading
: At the time of its initial discovery, Moonrise was largely undetected by traditional Antivirus (AV) solutions on platforms like VirusTotal because it uses unencrypted WebSocket (ws://) channels for command-and-control (C2) and lacks heavy obfuscation that might trigger signature-based alerts.
Moonrise is a sophisticated, Go-based (Golang) malware designed for of infected Windows systems. It is frequently distributed via ZIP archives masquerading as legitimate software, cracks, or driver updates. Key Technical Findings