Detailed sandboxing on ANY.RUN indicates the following behaviors:
The tool is built using Python and packaged as a Windows executable via PyInstaller . This is a common technique used by malware authors to hide malicious scripts within a legitimate-looking container. Indicators of Compromise (IOCs): MD5: 02EADD468D5B5A606F3A73770AE73A41 MAIL ACCESS Checker G-Klit.rar
Upon execution, the PyInstaller-packed script likely targets sensitive local data, including: Saved browser credentials and cookies. System metadata for remote tracking. Potential keylogging or clipboard hijacking. Detailed sandboxing on ANY
39063D85E04B6DA2A504FED78BF9B8ADA68EAE7CDD1945D9D2AD1D576F149B31 Functional Analysis System metadata for remote tracking
Mail Access Checker by G-KLIT.exe (contained within the .rar archive). Verdict: Malicious Activity Detected .
The file is a high-risk package containing a known malicious executable . While advertised as a "checker" tool—likely for verifying the validity of email credentials or session cookies—forensic analysis identifies it as a sophisticated data-stealing Trojan. Core Identity & Malware Classification
The program presents itself as a tool for checking mail access (often used by "gray hat" or malicious actors for credential stuffing).