Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Banker.YJ

Trojan.Banker.YJ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,089
Threat Level: 80 % (High)
Infected Computers: 421
First Seen: August 3, 2023
Last Seen: January 30, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Banker.YJ
Signature status: No Signature

Known Samples

MD5: 2733ac8d1dbf454aec04917bf1179ee0
SHA1: 0fd62ee9c3bbeab9b62db33226930ed950677a1d
SHA256: DB6744026BD5AABC0DAA7A0737FCC1E0D72D20589FDF372137E1D52BBBDD7689
File Size: 1.92 MB, 1921536 bytes
MD5: 2eb5f779a5b3e7f36b7021c95a515972
SHA1: 541c148cce0871c8cfd70a345cbf26d20fcbca03
SHA256: BB72E6DF939B0A8FB99040147C2054853200E465E9787E11729F7A86005078B2
File Size: 1.78 MB, 1779200 bytes
MD5: 49f7e990afd4ca1a4acf87d68a5c4856
SHA1: 4ce6d48536dbe88ae5e2aadc2b3cb52f4dfb2475
SHA256: 71250DFBE0F539F6FB32C926069316C89B27B36B3ABBCC00FE4FCDF28A132C95
File Size: 2.13 MB, 2130944 bytes
MD5: f5ff2b0696403916abdf778defa0f543
SHA1: fda265be01430bb10edaa7e7ab5b9a98f7102f00
SHA256: 7B49948B680CCB0BED39091EB8EEC42460BCB8828F15B10CFC4AE34561A2D2B7
File Size: 7.46 MB, 7459135 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 2.3.3.0
  • 1.4.0.0
Comments Identifies hidden data in files
Company Name
  • Cameyo (cameyo.com)
  • Daossoft
  • Digital Confidence
  • www.mipony.net
File Description
  • Hidden Data Detector
  • Loader
  • Mipony
  • Windows Password Rescuer
File Version
  • 6.0.0.1
  • 3, 0, 1407, 0
  • 3, 0, 1398, 0
  • 3, 0, 1390, 0
  • 2.3.3.0
  • 1.4.0.0
Internal Name
  • HiddenDataDetector.exe
  • Loader
  • MiPony.exe
  • WindowsPasswordRescuer.exe
Legal Copyright
  • (c) Cameyo. All rights reserved.
  • Copyright (C) 2006-2014 Daossoft. All rights reserved.
  • Copyright © Digital Confidence 2016
Original Filename
  • HiddenDataDetector.exe
  • Loader.exe
  • MiPony.exe
  • WindowsPasswordRescuer.exe
Product Name
  • Cameyo Application Virtualization
  • Hidden Data Detector
  • Mipony
  • Windows Password Rescuer
Product Version
  • 6.0.0.1
  • 3, 0, 1407, 0
  • 3, 0, 1398, 0
  • 3, 0, 1390, 0
  • 2.3.3.0
  • 1.4.0.0

File Traits

  • 2+ executable sections
  • big overlay
  • BINinO
  • HighEntropy
  • MZ (In Overlay)
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 4,087
Potentially Malicious Blocks: 1,075
Whitelisted Blocks: 2,987
Unknown Blocks: 25

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 1 0 1 x 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 1 0 x x x x x x 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 0 x x x x x 0 0 0 0 0 1 1 0 0 0 0 1 x 0 0 x x x ? 0 x x x x x x x x 0 x x x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 x 0 x 0 x x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 x 0 0 x 0 0 0 0 x x x 0 0 x x 0 x x x x x 0 x x 0 x x 0 1 0 x x x x x 1 1 x 0 x x x x x x x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 1 0 x x 0 0 0 x 1 1 1 0 0 x x 0 x 0 x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 1 x x x 1 x x x x x x x x x x 0 x x x x x x x x x x 0 0 0 0 x x x x x x x 0 x x x x x 0 0 x x ? x 0 0 x 0 0 x x 0 0 x x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x 0 x x x x x x x x x x x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 1 x x x 0 x 0 0 0 0 x x x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x x 1 x x x x x x x x 0 x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 1 0 0 0 x 0 0 1 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x x x x x x x x x ? x 0 0 x x x x x x x 0 x ? ? x 0 x 0 x 0 ? ? x x x x x x ? ? 0 x x x 0 x 0 x x 0 x 0 x 0 x 0 x 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 x x x x x x x x x x 0 x x x ? x x x 0 x x x 0 x x x x x x 0 x 0 x x x 0 x 0 0 x 0 x 0 x x x x x x x x x x x x x x 0 x x 0 x 0 0 x 0 x x x 0 x 0 x x x x x x x x x x 0 x x 0 x x 0 x 0 x x x x 0 0 x x x 0 x x 0 x 0 x x x x x x x x x x 0 x x 0 x 0 x x 0 x x x 0 x 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x 0 0 x 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x 0 x x x x x x x x x 0 x x 0 0 0 x x x x x x 0 x x x x 0 0 x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x 0 0 0 x x x x x x x x x 0 0 0 x x x x x x x x x x x x x x x x x x x x 0 0 0 ? x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x 0 x x x x x 0 0 x 0 0 0 0 0 0 0 x x x 0 0 0 0 0 x 0 x 0 x x 0 x x 0 0 0 x x x x x 0 ? x x x x x ? x x x 0 x x x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x x x 0 x x 0 0 x x x x x x x 0 x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x x x x x x x x x x x x 0 x x x x x x ? x x 0 x x x x x x x x x x 0 x x x x x x x 0 x x x x x x x x x 0 x x x x x x x x x x ? ? 0 ? x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x 0 0 0 x 0 x x 0 x 0 0 0 x 0 x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 x x x x x x x x x x x x x x x 0 x x x x ? x 0 0 0 0 x 0 0 0 0 x x x x 0 0 1 x 0 x x x x x x x x x ? x x x x x x 0 x x x x x x 0 x x x x x x 0 x x x x x x x x x 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Banker.YJ
  • Banker.YJA

Files Modified

File Attributes
\device\namedpipe\mydbg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df15543afd579f756a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\appvirtdll64_hidden data detector.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\appvirtdll64_hidden data detector.dll Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\appvirtdll_hidden data detector.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\appvirtdll_hidden data detector.dll Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiad23.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiad23.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiada1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiada1.tmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiade0.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiade0.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiae20.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\%windows%\rgiae20.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\c:\users\user\appdata\local\temp\tmp4352$.tmp Generic Write,Read Attributes,Delete
c:\users\user\appdata\roaming\vos\hidden data detector\changes\cryptcheck.dat Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\runninginfo.ini Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtfiles.db Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtfiles.db Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtfiles.db Synchronize,Write Data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtfiles.db.7136.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtreg.base.dat Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtreg.dat Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtreg.dat Read Data,Read Control,Write Data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtreg.dat.log1 Read Data,Write Data
c:\users\user\appdata\roaming\vos\hidden data detector\changes\virtreg.dat.log2 Read Data,Write Data
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\appvirtdll64_hidden data detector.dll.20160111-194003.371.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\appvirtdll_hidden data detector.dll.20160111-194003.371.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\diskmodedeploy.marker Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\hidden data detector.exe.20160111-194003.387.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\hidden data detector64.exe.20160111-194003.387.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\sandboxcfg.db.20160111-194003.387.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\virtfiles.prog.db.20160111-194003.387.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\virtreg.prog.dat.20160111-194003.387.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\enginestamps\zipcache.20160111-194003.387.stamp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\hidden data detector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\hidden data detector.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\hidden data detector64.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\hidden data detector64.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%desktop%\downloads.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%desktop%\downloads.lnk Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%desktop%\hidden data detector.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%desktop%\hidden data detector.lnk Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%desktop%\uploads.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%desktop%\uploads.lnk Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%program files (x86)%\digital confidence\hiddendatadetector\hiddendatadetector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%program files (x86)%\digital confidence\hiddendatadetector\hiddendatadetector.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%programs%\digital confidence\hidden data detector.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\prog\%programs%\digital confidence\hidden data detector.lnk Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\c_\installed modules\hidden data detector.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\prog\c_\installed modules\hidden data detector.lnk Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\prog\icons\hiddendatadetector.exe.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\sandboxcfg.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\sandboxcfg.db Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\sandboxcfg.db Synchronize,Write Data
c:\users\user\appdata\roaming\vos\hidden data detector\sandboxcfg.db.7136.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\virtapp.ini Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\virtfiles.prog.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\virtfiles.prog.db Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\virtreg.prog.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\vos\hidden data detector\virtreg.prog.dat Generic Write,Read Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\virtreg.prog.dat Synchronize,Write Attributes
c:\users\user\appdata\roaming\vos\hidden data detector\zipcache Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\vos\hidden data detector::basedirname C:\Users\Hdqrmjdl\AppData\Roaming\VOS\Hidden Data Detector RegNtPreCreateKey
HKCU\software\vos\hidden data detector::carrierexename c:\users\user\downloads\fda265be01430bb10edaa7e7ab5b9a98f7102f00_0007459135 RegNtPreCreateKey
HKCU\software\vos\hidden data detector::dataintegrity X%Program Files (x86)%\Digital Confidence\HiddenDataDetector> RegNtPreCreateKey
HKCU\software\vos\hidden data detector::dataintegrity X%Program Files (x86)%\Digital Confidence\HiddenDataDetector>X%Program Files (x86)%\Digital Confidence\HiddenDataDetector\Hidden RegNtPreCreateKey
HKCU\software\vos\hidden data detector\registry\%currentuser%\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\vos\hidden data detector\registry\%currentuser%\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\vos\hidden data detector\registry\%currentuser%\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\vos\hidden data detector\registry\%currentuser%\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetUserName
Network Wininet
  • HttpQueryInfo
  • InternetOpen
  • InternetOpenUrl
Process Manipulation Evasion
  • NtUnmapViewOfSection

Trending

Most Viewed

Loading...