Multi-License Discount Quote

Change Region

English
Threat Database Backdoors Backdoor.MSIL.Spy.Agent.VCA

Backdoor.MSIL.Spy.Agent.VCA

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 11,771
Threat Level: 60 % (Medium)
Infected Computers: 43
First Seen: July 18, 2024
Last Seen: April 18, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.MSIL.Spy.Agent.VCA
Signature status: No Signature

Known Samples

MD5: b333c873cfaf0330a1cc13b8b8948775
SHA1: d1bcae937fb738d10fb178cda38be708046567d9
SHA256: 23885BFE597EE494F5A4569A95A393FB22C0D89286F9928570B8956ACB708064
File Size: 180.22 KB, 180224 bytes
MD5: 1c1e93cd68adeeb0164c451ef04004ed
SHA1: e2f3e1f5d698ffbace2704315afe96b165a62206
SHA256: A273CA5D5E231B38B37D9652F4B817076E4B4436BC670D4B89A0360FDEC3084B
File Size: 180.22 KB, 180224 bytes
MD5: 5a377477340eb9b27923f768f3da1e4e
SHA1: 48924490e30dbfaa90b8c0555efab1e8fb99d63d
SHA256: 3101773AA68FCB0B43D848BFC14B34DB4D629398F09A328BFFAC8F977FF29716
File Size: 182.27 KB, 182272 bytes
MD5: 44277e6d97c0b4ad1d408e578ccec02e
SHA1: 678ad5f92129d07849f5885e2c4121fffae3bad7
SHA256: FFF08719791B7EFFD7637666BEE52532AFDD04BC008BC2625157C9C5DF518C37
File Size: 182.27 KB, 182272 bytes
MD5: fba5cc85ce9187af5a1b319d0368cf56
SHA1: 031746d708e73512280c0daf3dbd99b55061633b
SHA256: 7085E92EC4B1415B57303E850167A9A722FDA5DC11E4EEB4978D4421FA8D9359
File Size: 182.27 KB, 182272 bytes
Show More
MD5: 5c68d63b89a555abeed3944cd6892fdc
SHA1: 7603dc3ffb2db9b6f6e575de2d46feafa747ad0a
SHA256: 8F8395E85DF744001EDD6475BC537067C0CA0E840EA9DFF82A5C1379D3A1C17E
File Size: 182.27 KB, 182272 bytes
MD5: 80e121c7674554ead56569a541d9fbe6
SHA1: f7feebeb803172de8bc07f05f19cc789b6801463
SHA256: 2E37D4DD16793F81525BAB6A44E0D86FCB3E5B5D16C172210A6572AF8A4A121B
File Size: 182.27 KB, 182272 bytes
MD5: 7a6630e1f2647f81c38e1aa3817b5d60
SHA1: e0a6355d8aef1e461995f828817f30d4cfa60517
SHA256: 05E581AC34386EADC53261DFC61B46AE66D8CDF403DE57CD1845C4FD3C3F9386
File Size: 182.27 KB, 182272 bytes
MD5: bf9de1832208024d18759528ce43e116
SHA1: f464ebc5b357ed22b32e5adaef4737beb38b7525
SHA256: 8CE1D38A7A27AF456BE310D94CDA7CBBF7F0FD5E8F1CEA6884ABCAF10CFD7D83
File Size: 182.27 KB, 182272 bytes
MD5: 4ffd32a9ce58d9813269204f7f41e260
SHA1: 73d66a826faf89a4f9db4440308feea7b7f80012
SHA256: D21D754E6CE280EAE7DB55AA5BDCD65F33A4153E5EF46372D74ABF88A950CC12
File Size: 182.27 KB, 182272 bytes
MD5: 072864983f78b4b11f456f21cbcded26
SHA1: 36219aa8f9cdd4da57548e71f67cb83ed0087ee5
SHA256: BAC3F54A333A5BFABCD0067CF062223534A7C90B0A3DD28CE1AC4A3F41522428
File Size: 182.27 KB, 182272 bytes
MD5: 08a6d8379c1b2f000826c5425bfdf4e3
SHA1: 6f4e229d6ae4acef54a146534a5450f4e48db7f9
SHA256: F1396D28E2059B52C94DC4E22C7AB303FB2EA1C1DB96CFF214C3197C079769CF
File Size: 182.27 KB, 182272 bytes
MD5: 3940b3b56749c2e0fb77dcf937c1da8d
SHA1: e9ec7a4dd15ae84bb7b79e18c14f4212fbc76c48
SHA256: 6AFFB5FE76F747B1B1371830C736E15939089C4D0D63A2AA87A272134217819D
File Size: 180.22 KB, 180224 bytes
MD5: 94f9d7ef1b95a1a0f32760fd3af1c4b7
SHA1: 046f7c7dc4718736a250c0513a40892fbde5f059
SHA256: 370E960297A3068E03115AA79B837E5E79C9ED5A2E4E19C0B603F51D4503063A
File Size: 182.27 KB, 182272 bytes
MD5: f65893ac989b7fa91c6a80c0f8487f5d
SHA1: a32ab2c4672404b21c82a33d291e9acd69daccec
SHA256: 196CC1CB81A97015173ECA30A02FDF379C4969A590952CD2902FA7EA0687839B
File Size: 182.27 KB, 182272 bytes
MD5: 380a3792f0f3cb0193dba6ca98b99304
SHA1: 07181d4a4a1dde4e7201bd7a9fc26f68a7d194f0
SHA256: E44E30FAE2200986609049A259333A578CFCF662721B893106CEF033E693AC97
File Size: 182.27 KB, 182272 bytes
MD5: 59fe6d3b1bd27e118a7f1d447d2df4f9
SHA1: 2397053d0dd1c399a5216a0187ad3991e49d8df9
SHA256: 65DB00BE51147CAB225DFCA10ADB2ABFBDC3B2546AE0C185B47E17C303B84368
File Size: 182.27 KB, 182272 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • .NET
  • No Version Info
  • x86

Block Information

Total Blocks: 249
Potentially Malicious Blocks: 22
Whitelisted Blocks: 227
Unknown Blocks: 0

Visual Map

0 x 0 0 0 0 0 0 x 0 0 x 0 0 x x x x 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Spy.Agent.TCN
  • MSIL.Spy.Agent.TCP
  • MSIL.Spy.Agent.TCV
  • MSIL.Spy.Agent.VCA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation

Trending

Most Viewed

Loading...