Backdoor.MSIL.Quasar.CB
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 8,214 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 302 |
| First Seen: | January 10, 2024 |
| Last Seen: | February 4, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.MSIL.Quasar.CB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
5bfd23d919cdca24ca00fd209fb2c892
SHA1:
26ed7e77c2f0e908c44ae91583df7b7d89eb09ab
File Size:
3.27 MB, 3265536 bytes
|
|
MD5:
e63e1002264bfab0984f5bbaa6b087c3
SHA1:
bfd51cdb12fc254f73de42bc86d621bee7baefda
File Size:
3.27 MB, 3266048 bytes
|
|
MD5:
b7a22e3a5f77693df1e60c609422e3c6
SHA1:
788806aaddb01339b9fc3565c3c639b35293be06
SHA256:
9E2C555B3A28BD2FB7DEB92BBF17DB87BBDE1ECCF67968946E0610C1DD0B1FAF
File Size:
3.27 MB, 3265536 bytes
|
|
MD5:
6d122e686eee5c07efc1b77aa8aa0964
SHA1:
6670ed216aa90152e520e2e9ac8d77182eebcaa6
SHA256:
BF3B25A2B492A680410CE9E11BC6CA565421AAAB80F1544688233E4E46BE667C
File Size:
3.27 MB, 3269120 bytes
|
|
MD5:
d014ed4d60a17350c71d2e5802375db1
SHA1:
06a79f2c3f05936c719c41ed9894291bedefbdd3
SHA256:
360C50039718ABA457E304430E4473FFEF01F1AAE1DEA14C26805D2BBC4235C1
File Size:
3.27 MB, 3265536 bytes
|
Show More
|
MD5:
e22042f26afb819589df0c802700c19b
SHA1:
dd23705275195878ef2daaefef3db67765076dda
SHA256:
A01BD1832D20DE21F4F5F6B7A72987D8C83C70BE17AC8730CC67074C901C071E
File Size:
3.27 MB, 3265536 bytes
|
|
MD5:
84000533ecb2ad9cc3cc8b0ed4919393
SHA1:
e2538225215ae24b4cfb52dd5825525d1b1471b7
SHA256:
4140A54E72BBB6A8E103CB109F88FE5A62B2F83735F085D9612674A17B48EF2D
File Size:
3.27 MB, 3265536 bytes
|
|
MD5:
2be09e53d5ce933bafcb0bf54143f0d3
SHA1:
df7055de0aa17d40e0edbe92ac204670b68f119e
SHA256:
C2FF2628B8FEF2F29D326F6B21A7EE79A4367A1066E5151FF524A0B084922A47
File Size:
3.27 MB, 3265536 bytes
|
|
MD5:
f13287e4ccba22c67cb56af757086b7d
SHA1:
3e0780337841c7c9117661f057f49ccac16deb6a
SHA256:
441361AED58CCA83DDAE2000305153C4BD471D379201D7B964489148D0D3922A
File Size:
3.27 MB, 3266048 bytes
|
|
MD5:
05190a8f5edd34062bcaaa1dae84242f
SHA1:
0d5ba02e4d891b351e8aa269989feb3789ea0ad5
SHA256:
616D158A93F67CB26999D87B80FE512661E27543BDDC3973B34665EED79F1B03
File Size:
3.27 MB, 3266048 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version |
|
| Company Name | Manthe Industries, LLC |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | Manthe Industries, LLC |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- .NET
- Run
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 14,560 |
|---|---|
| Potentially Malicious Blocks: | 308 |
| Whitelisted Blocks: | 14,252 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
x
0
0
x
x
x
x
x
x
x
0
0
0
x
0
x
x
0
x
x
x
0
x
x
0
x
x
x
x
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
0
x
x
x
0
x
0
0
0
0
0
x
x
0
0
0
0
0
0
x
x
0
0
0
0
0
0
x
x
x
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
0
0
0
0
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
0
x
0
0
0
0
x
0
0
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
0
0
x
0
0
x
0
0
0
0
x
0
x
x
0
0
x
0
x
x
x
x
0
x
0
0
x
x
x
0
x
x
x
x
x
x
0
x
0
x
x
x
x
0
0
x
x
0
0
x
0
0
x
x
x
x
x
0
x
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
x
x
x
0
x
x
x
0
x
0
x
x
0
x
x
x
x
0
x
x
x
x
x
0
x
x
0
0
0
x
0
0
0
0
x
0
0
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
x
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
x
x
x
x
0
0
x
x
x
x
0
x
x
x
x
0
x
0
0
x
0
x
0
0
0
x
x
0
x
0
x
0
0
0
0
x
x
x
x
0
0
0
x
x
x
x
0
0
0
0
x
0
0
x
x
0
x
x
0
x
x
x
x
0
x
x
x
x
0
x
x
0
x
x
x
x
0
x
0
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Mardom.SF
- MSIL.Quasar.B
- MSIL.Quasar.CA
- MSIL.Quasar.CB
- MSIL.Spy.RC
Show More
- MSIL.Spy.RCB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Other Suspicious |
|
| Anti Debug |
|
| Encryption Used |
|
