Backdoor.DataStealer.E

By CagedTech in Backdoors, Stealers

Threat Scorecard

Popularity Rank:	7,390
Threat Level:	60 % (Medium)
Infected Computers:	3,417

First Seen:	October 13, 2022
Last Seen:	April 15, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Backdoor.DataStealer.E
Signature status:	No Signature

Known Samples

MD5: a1c800569add69d60ee589b3e44ba35c

SHA1: 895c6759cbab294073618731df7c0f6c380f91bb

File Size: 8.25 MB, 8250693 bytes

MD5: aa294edfce5f15337a315c8ea09eabfc

SHA1: d8a6ce6a5f1415b0970c86b3d4d0d639745c534e

File Size: 2.41 MB, 2413632 bytes

MD5: 54708b355bc60d0612b593310b822ea6

SHA1: 6983b1a7420f8ada3f53685c639c822e7e0ac972

File Size: 551.19 KB, 551194 bytes

MD5: 34d8a2b5ab42a1b57070e0b4742ca52b

SHA1: 28e59fe803725cec2530760ce9bea51ee874961b

SHA256: D3119AC26B0AC224DF14FE7C1D73325DFCC7A705F43461277A70477311FA79CD

File Size: 1.05 MB, 1047698 bytes

MD5: bed9333d992d421601cda6f6b92fc5cb

SHA1: 7ba7236f9284440fc6a7d8b7d46155a2c5c0e47d

SHA256: 8909420BA22B38ABDB6BA1FAF10AE5F79A2ADBCF97189D3003755A59BCA504BC

File Size: 6.05 MB, 6052147 bytes

MD5: 2b7a9e4f3d46dd158481362926f9ee91

SHA1: 608cf4416473fbe6488d944037022c5b153057af

SHA256: 36ECD0C930382A4BD94352F694AD7E640A6A4335B29A877CB7088908D5B83C2B

File Size: 2.94 MB, 2944719 bytes

MD5: 33429258c15d095892c5364d0310700f

SHA1: 20bb04c0996864c9f6ba4407ebc10d0f36ebf039

SHA256: FB7BAE1FB1EE19F9D767116AD610F0D2454436B8E6785E997286C24F39E8DD77

File Size: 579.30 KB, 579304 bytes

MD5: 715669c5fbbf4d4fc7a9815ee07ebce2

SHA1: ae16641df1b7535302c88adcbabe79aa2044ec25

SHA256: 0938BD32AB5694D98B202D12C57F31C82A8CD35798C9D4C092A6741875DC807E

File Size: 3.40 MB, 3402510 bytes

MD5: 7325fb9c697584892e392268fe7bbb33

SHA1: 86e2211264e566c3ecd66cde2ca3dce638dbfee4

SHA256: EE9D6B739972A70CA1C7C013AC1F491987774190223DC3F71B12964497159ADF

File Size: 6.51 MB, 6508390 bytes

MD5: 31a0799e809c1f75085d5fad001d2a00

SHA1: ce1a981b9b33fbfe5920580de53df24e8c05de15

SHA256: 057A635249D98805FE72EB579834A79AC0F326C9DE87530E35B4DC21F945DD10

File Size: 2.98 MB, 2979150 bytes

MD5: 062248230541ae9e6e647130617f2546

SHA1: 9f1204347464fe93225c27da57dcc7237464f3bb

SHA256: E50C9943E9D99A9569DFB016A3D552B7584FD1D0937FBD41550A5602A95855B9

File Size: 2.92 MB, 2920460 bytes

MD5: 1f0b2716a8ac00377355b5d43b84c190

SHA1: 1ab297d0d30f29c61d8b432fc1b5ab281c4d8cf0

SHA256: 8464E30297F14ACD578F5D4F3A74A114263E8C48E21783A777919E7F9F49710A

File Size: 2.70 MB, 2701175 bytes

MD5: cb35a8f0207cb131e44d17107cb7c35b

SHA1: bd2fce12e30b80bba17e04fd5a5f59120f6a54a4

SHA256: 76C81DE35BAF435AE7983689EFD18C4AC6E3F256D62075F91CFA30D0570F2172

File Size: 415.69 KB, 415688 bytes

MD5: 9f49e46462296ce28cca6ef13ddaf044

SHA1: 346716f37abc98ef44f0227fe5b5989cf143b002

SHA256: D6C8E97009D5CEEE1BC20502710B3258AD38220914FF189C7A77FCE13C284AC3

File Size: 2.59 MB, 2593380 bytes

MD5: 44105803320ea8d73137636cdc2d2777

SHA1: b61a2fd617521038df63bc3ae1891d47bd8de062

SHA256: 73C76BD6A6FAFD4AE37B73F498E86B9F6C8093284C2A7310CC77E532DBE1F69B

File Size: 8.44 MB, 8440478 bytes

MD5: 7f88cd1cb08e13f8ba890a01bd78a825

SHA1: 0bad6bb4cc80661ec5d94a4f0cf2d6cd710771dd

SHA256: 5B7A63ED3D979B18094EC61E508A68F817DECA80A9361B35465FF6BA855B4B77

File Size: 5.35 MB, 5354321 bytes

MD5: b69e6ac6fe2cd143cae43a1eb694c471

SHA1: 33522f46bea43faf3f92784fdf17013942749de5

SHA256: D9575A55687296C220B17BF06C70080B839FF808BD5C4761D2427E6DCCA8BB65

File Size: 2.59 MB, 2594896 bytes

MD5: 21c49a2ee818afc823cebe440228aa59

SHA1: 4a436486acfb32b608265b49b04dd71ce23bc3ce

SHA256: E929DA1BB4E74921F4F22B09EE8F531F16A4FECCDB3BD3F9BD165D3C8F95ABDF

File Size: 484.16 KB, 484159 bytes

MD5: 4434d0fc7fa96eddf45462583668b5e3

SHA1: 6f3e0cd174cb2811606ff00edb249d2346922a94

SHA256: 2D5BE9EFD84C99D4A03D9022C2AA4FF48955F8D9C92C0E4540E57DF9F4F72420

File Size: 418.60 KB, 418601 bytes

MD5: bd7e9615b4e1deadc7044aabc98d4834

SHA1: 3762c2c87ccefcdaec74b08bc73f96dba57fedbe

SHA256: BB98841B885A82972C39FB07478096B9F3E100E815776D20FD893ECA4E612F1F

File Size: 359.85 KB, 359852 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
Sogei S.p.A.	Actalis Code Signing CA G2	Self Signed

File Traits

HighEntropy
Installer Manifest
No Version Info
RAR (In Overlay)
WinZip SFX
WRARSFX
x86
ZIP (In Overlay)
ZIPinO

Files Modified

File	Attributes
c:\programdata\winteros	Synchronize,Write Attributes
c:\programdata\winteros\instaladores	Synchronize,Write Attributes
c:\programdata\winteros\instaladores\__tmp_rar_sfx_access_check_444484	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\winteros\instaladores\cursors.exe	Generic Write,Read Attributes
c:\programdata\winteros\instaladores\cursors.exe	Synchronize,Write Attributes
c:\programdata\winteros\instaladores\easy context menu.exe	Generic Write,Read Attributes
c:\programdata\winteros\instaladores\easy context menu.exe	Synchronize,Write Attributes
c:\programdata\winteros\instaladores\resources.exe	Generic Write,Read Attributes
c:\programdata\winteros\instaladores\resources.exe	Synchronize,Write Attributes
c:\programdata\winteros\instaladores\winrar-x64-701es.exe	Generic Write,Read Attributes

c:\programdata\winteros\instaladores\winrar-x64-701es.exe	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\__tmp_rar_sfx_access_check_2145000	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\system32\exitg.vbs	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\exitg.vbs	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\gcc-win32.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\gcc-win32.exe	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\startgc.cmd	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\startgc.cmd	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\startmupdate.cmd	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\startmupdate.cmd	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\startupdate.cmd	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\startupdate.cmd	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\updatemssm.vbs	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\updatemssm.vbs	Synchronize,Write Attributes
c:\users\user\appdata\roaming\system32\updatessm.vbs	Generic Write,Read Attributes
c:\users\user\appdata\roaming\system32\updatessm.vbs	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname	Microsoft ® Windows Based Script Host	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany	Microsoft Corporation	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001	Windows Network Diagnostics	RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx

Shell Command Execution


							(NULL) C:\Users\Csvanvgl\AppData\Roaming\system32\updatessm.vbs


							(NULL) C:\Users\Csvanvgl\AppData\Roaming\system32\updatemssm.vbs


							(NULL) C:\Users\Csvanvgl\AppData\Roaming\system32\exitg.vbs

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Backdoor.DataStealer.E

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Downloader.ConsCorr

Trojan.Vapsup

Trojan.Agent.aypy

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen