Backdoor.MSIL.Agent.SKT
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.MSIL.Agent.SKT |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
44a4ead8dfad46202e82c28078b6a398
SHA1:
eae179b72763ca3ee29711133e375c6e47a1e4cc
SHA256:
F3C27D81A3E36075F1B1A2CDCCB62665774FAE87FC24AFEBC2F55274B09E0964
File Size:
15.87 KB, 15872 bytes
|
|
MD5:
13cc2a8ea2ac3f761e79e7f52dc0ca62
SHA1:
70c918a8f9db3459a74cf15d615f3798457ecab1
SHA256:
992859BAE0FE0560B3A8461293E29F679A478B18607524F76C7A25BC83979B70
File Size:
14.34 KB, 14336 bytes
|
|
MD5:
2d6658c0fe2600681bbd29bfc31db595
SHA1:
d7030b0943de696b5cf7c50d4abe4638e2e2dbcf
SHA256:
FDDEF82D1783C20EE1809FFC8161FF1E122EED1E253DF3A2770236308016E1E7
File Size:
14.85 KB, 14848 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| Comments |
|
| Company Name |
|
| File Description |
|
| File Version | 1.0.0.0 |
| Internal Name |
|
| Legal Copyright | Copyright © 2025 |
| Original Filename |
|
| Product Name |
|
| Product Version | 1.0.0.0 |
File Traits
- .NET
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 27 |
|---|---|
| Potentially Malicious Blocks: | 6 |
| Whitelisted Blocks: | 19 |
| Unknown Blocks: | 2 |
Visual Map
0
0
?
x
x
0
x
0
0
0
x
0
0
?
0
0
0
0
0
x
0
0
0
0
x
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
