HackTool:Win32/Ntillusion is the detection for a user-mode rootkit. It uses SetWindowsHookEx to inject itself into each running process on an infected computer. It then hooks the Import Address Table entries for several functions in order to redirect them to functions implemented by the rootkit.

HackTool:Win32/WpePro is a tool called Winsock Packet Editor Pro or "WPE PRO" that listens, logs, filters, and modifies Winsock packets.

The tool may be used to hack online communications and online games by mimicking traffic from the communication or game.

Windows Defender detects and removes this threat.

Hacktools can be used to patch or "crack" some software so it will run without a valid license or genuine product key.

We recommend you don't run hacktools because they can be associated with malware or potentially unwanted software.

We often see malware on PCs where hacktools are detected. You can read more about hacktools in Volume 13 of the Security Intelligence Report.

Microsoft Defender Antivirus detects and removes this threat.

This is the detection for malicious DLL components of malware typically used in targeted attacks. These threats employ the reflective DLL loading technique to run specific commands on a compromised system.

When loaded in memory, these DLL components \can execute their payload. 

Windows Defender detects and removes this threat.

Hacktools can be used to patch or "crack" some software so it will run without a valid license or genuine product key. They can also be associated with malware or potentially unwanted software.

We often see malware on PCs where hacktools are detected. You can read more about hacktools in Volume 13 of the Security Intelligence Report.

HackTool:Win32/Sqlinject.B is the detection for hacking tools that exploit software databases using SQL injection. These tools may be used to exploit vulnerable websites or steal information stored in databases.