Threat Database Backdoors Backdoor.MSIL.DllInject.HM

Backdoor.MSIL.DllInject.HM

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 19,252
Threat Level: 60 % (Medium)
Infected Computers: 3
First Seen: June 4, 2024
Last Seen: January 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.MSIL.DllInject.HM
Signature status: No Signature

Known Samples

MD5: 47067b4dd67e7be296ebcdb879e39b88
SHA1: 0575c89b4d2844daeb8d092034f90b98b3f2c520
SHA256: BC35B7717B0B44C2F2112F748AF846B10BFD95CBA77E37893E37421FEDCC0E6F
File Size: 10.24 KB, 10240 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 1.4.0.0
File Description FsFlight
File Version 1.4.0.0
Internal Name FsFlight.exe
Legal Copyright © CIVL 2019
Original Filename FsFlight.exe
Product Name FsFlight
Product Version 1.4.0.0

File Traits

  • .NET
  • x86

Block Information

Total Blocks: 37
Potentially Malicious Blocks: 2
Whitelisted Blocks: 35
Unknown Blocks: 0

Visual Map

x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Agent.FTDA
  • MSIL.DllInject.EBE
  • MSIL.DllInject.HM
  • MSIL.DllInject.XC
  • MSIL.Krypt.GDDI
Show More
  • MSIL.TelegramBot.H

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\software\microsoft\tip\aggregateresults::data 鐄ȴ 鲱誎峟ʏ耀氅歿䧾洎ʫ赲荓䪏픋˹耀뫹躧픋˹➇ⵌ㭔/꘷˿耀뱝鴡䛯↑̀ā耀惟탌㧁隞̃耀꧌њu RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 840

Trending

Most Viewed

Loading...