Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Nov 21, 2023 | Updated Nov 28, 2023


Detected by Microsoft Defender Antivirus

Aliases: No associated aliases


Trojan:Win32/LambLoad.C!dha is the detection for a weaponized downloader and loader that consists of malicious code added to a legitimate CyberLink application. The LambLoad downloader uses the same icons as legitimate CyberLink downloaders.

LambLoad is known to have been used by the threat group Microsoft tracks as Diamond Sleet.

For information about Trojan:Win32/LambLoad.C!dha, read the blog post: Diamond Sleet supply chain compromise distributes a modified CyberLink installer.

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Devices infected by this trojan might be severely compromised and require complete restoration. Consider restoring your device. When restoring data, ensure that it is a clean, uninfected copy.

Follow us