Trojan.Bingoml.AA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	12,030
Threat Level:	80 % (High)
Infected Computers:	48

First Seen:	April 19, 2023
Last Seen:	April 8, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Bingoml.AA
Signature status:	No Signature

Known Samples

MD5: cdddb7e45a34625bc8eb29d85d5d82b7

SHA1: 1dd335d21f52c0f24d90ae2f98d765a075c05f7b

SHA256: 350DA0C00C28191A0F61076B9107BC94DA689DD14A9D728796C3159C22780421

File Size: 45.06 KB, 45056 bytes

MD5: 583e15437d6e04a882257cb6d249253b

SHA1: 92e76cdaf57fecb4209612ee0840a6a4d72b142a

SHA256: E9E9C71D46C23DE8E6FAFA7A2A288F586AD51A3D453CB92F79C2AA3993A1D962

File Size: 44.54 KB, 44544 bytes

MD5: a2d669a79e4f9bb1f79eec6ae0e437e4

SHA1: 82ff29f4c99b06254fbcd5d3b804f809c94a8de0

SHA256: 7D1B9DFFBBC468B6E79F3126315DD1029DF2AD16F3177B38C1876719DB4EAFA0

File Size: 30.72 KB, 30720 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Version	0. 2. 0. 0
Legal Copyright	Eric.Yan
Product Version	0. 2. 0. 0

File Traits

2+ executable sections
No Version Info
x86

Block Information

Total Blocks:	158
Potentially Malicious Blocks:	6
Whitelisted Blocks:	152
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 x 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Bingoml.A
Dropper.Delf.J

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0cnp3inu.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\84wvnkal.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8wiably1.bat	Generic Write,Read Attributes
c:\users\user\downloads\sftclassiclog.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\sftclassiclog.txt	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	挠睚Ⴌǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	挠睚Ⴌǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	揘㈄䯠ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쑺㈆䯠ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뼿貪잹ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	萒貯잹ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort Show More ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateNamedPipeFile ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream 88 additional items are not displayed above.
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							C:\WINDOWS\Sysnative\cmd.exe /c ""C:\Users\Ohneecjt\AppData\Local\Temp\84WVNKAL.BAT" "c:\users\user\downloads\1dd335d21f52c0f24d90ae2f98d765a075c05f7b_0000045056""


							WriteConsole: 'KBTEST.EXE' is


							C:\WINDOWS\Sysnative\cmd.exe /c ""C:\Users\Wbtcoavu\AppData\Local\Temp\0CNP3INU.bat" "c:\users\user\downloads\92e76cdaf57fecb4209612ee0840a6a4d72b142a_0000044544""


							WriteConsole:


							WriteConsole: c:\users\user\do


									WriteConsole: start


									WriteConsole:  Ryujinx 0100fc6


									WriteConsole: The system canno


									C:\WINDOWS\Sysnative\cmd.exe /c ""C:\Users\Iibgbfbx\AppData\Local\Temp\8WIABLY1.bat" "c:\users\user\downloads\82ff29f4c99b06254fbcd5d3b804f809c94a8de0_0000030720""


									WriteConsole: cd


									WriteConsole:  /d c:\Users\use


									WriteConsole: IF


									WriteConsole: NOT


									WriteConsole: EXIST SFTClassic


									WriteConsole: goto


									WriteConsole:  fail


									WriteConsole: color


									WriteConsole:  04


									WriteConsole: ECHO


									WriteConsole:   TEST FAIL


									WriteConsole: 1>


									WriteConsole: >


									WriteConsole: SFTClassicLog.tx


									WriteConsole: devcon64.exe


									WriteConsole:  status @*


									WriteConsole:  |


									WriteConsole: find


									WriteConsole:  /i "problem"


									WriteConsole: 'devcon64.exe' i

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Bingoml.AA

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Nextgeeker.com

Mr Beast Discord Scam

Bear Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen