An infostealer that uses process hollowing to evade detection and maintain persistence on your system.
Analysis of similar "DHL.zip" or related archive attachments has identified several serious threats:
The malware often includes "anti-analysis" features to detect if it is being run in a sandbox or virtual machine, allowing it to hide from some basic antivirus checks. Typical Scam Characteristics
These files often contain executables masquerading as shipping documents (e.g., DhL-FINAL SHIPING DOCUMENTS.exe ). Common payloads include:
The file "DHL.zip" is a frequently used in global phishing campaigns to distribute high-risk malware. If you have received this file in an unsolicited email, do not open or extract it. Malware Profile