Hacktool.MSIL.HackAgent.LG
Table of Contents
Analysis Report
General information
| Family Name: | Hacktool.MSIL.HackAgent.LG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
167cdce0f08676b7c6b76b505dd60d9e
SHA1:
56ecbf799ef8ebe08cfc79b3f0a25946a5ed93bb
SHA256:
290F400337912A577BD01D4B88FC77C5609D28144DC9105AC73E1D7ACA208B9F
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
8695bf8285a2976ebd22778b9c7f005c
SHA1:
c3c56dca4075503e2630f3d8be4a730b3e1f5af7
SHA256:
D10E90EFE6A1A2B606F5A1F20AE8653BCA743C9E67D52C507E356208DF55E6FC
File Size:
162.82 KB, 162816 bytes
|
|
MD5:
dd3f038412e30a8fca871ce2c243d9e8
SHA1:
ecb3b9a907d9c26f2ed7d9737f1b5c706a8129d9
SHA256:
3F798A2C379649E4909DFA6557B1599D06CB5EFFD7E9849CA0001DF764C378B5
File Size:
970.24 KB, 970240 bytes
|
|
MD5:
c12783d68929e0f4f325c06421cf1fd6
SHA1:
1885a5411f41c280475eb7d31684c0bf5f475d84
SHA256:
D6EADA5181AED08569C71DDB9C840ED44352CCE27D4581D2D66E8341D38BE32B
File Size:
164.35 KB, 164352 bytes
|
|
MD5:
aaa6096a400ce69648d776a4733f501f
SHA1:
a54ddf8efa1861717bc183dc2afe79c8b1fc2db7
SHA256:
BD4B317880E3BF37023B869EB20488815856592C7224BA0867C6998FEB640F92
File Size:
158.21 KB, 158208 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| File Description | XVM.Runtime |
| File Version | 1.0.0.0 |
| Internal Name | XVM.Runtime.dll |
| Legal Copyright | Copyright © 2024 |
| Original Filename | XVM.Runtime.dll |
| Product Name | XVM.Runtime |
| Product Version | 1.0.0.0 |
File Traits
- .NET
- dll
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 347 |
|---|---|
| Potentially Malicious Blocks: | 106 |
| Whitelisted Blocks: | 90 |
| Unknown Blocks: | 151 |
Visual Map
?
?
0
?
?
?
?
?
?
?
x
x
0
0
?
?
?
?
?
?
?
x
?
?
0
0
0
0
?
?
?
?
?
0
?
?
x
?
?
0
0
0
0
0
0
0
0
x
x
x
0
x
x
x
0
?
0
0
x
?
x
?
?
0
?
?
x
?
x
?
x
?
x
?
x
?
?
?
?
?
?
x
x
?
x
?
x
?
x
0
x
0
x
0
x
?
x
?
x
?
x
?
?
?
x
x
?
x
?
x
?
x
?
x
0
x
0
x
0
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
0
x
?
x
0
x
0
x
?
x
?
x
0
0
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
0
?
x
?
x
?
x
x
0
x
0
x
?
x
0
x
0
x
?
x
0
x
0
x
0
x
0
x
?
x
?
x
?
x
?
x
x
0
x
0
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
?
x
0
?
?
?
0
?
?
0
0
0
0
0
0
0
0
?
?
0
0
0
0
0
?
?
?
0
0
0
x
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
x
x
x
x
?
0
0
0
0
0
?
?
0
0
?
?
0
?
x
?
0
0
0
?
x
?
x
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.HackAgent.CC
- MSIL.HackAgent.LG
- MSIL.HackAgent.LK
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
