Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Boxter.D

Trojan.Boxter.D

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Boxter.D
Signature status: No Signature

Known Samples

MD5: 16df26b45baab907097c0e12a7fec620
SHA1: 959e0f93d3ed7461dc2986c1bc0f55972cc778cf
File Size: 5.85 MB, 5848183 bytes
MD5: b20702d358acf85d412ddcb093867925
SHA1: 314dc0cc8c3ba04b24110008ae00a54246bd29e3
SHA256: 2D59D834FA600731C0E7C0B5CFCE580AEA77E63D676645A33470A1CF33D5F803
File Size: 7.52 MB, 7521899 bytes
MD5: 9b1b2e0ee54cb8db01bf844afb9899af
SHA1: 1b1be6e50d76bbccaaa5833554bc80c65deb7491
SHA256: 054C88E00981DA495DF47526614C6FDEC9D0F62BE0E3C44D6CDC585E4C247E3C
File Size: 5.95 MB, 5952770 bytes
MD5: ace0ca86cd02b05a93025837cc0b9078
SHA1: 7bde8599b83eb8811c23861262328a15ca9191e7
SHA256: CA87D099D4935C978B55978B58BF657CB38C4B2DE4D7DD33A8CB1F56BC25D81A
File Size: 429.31 KB, 429311 bytes
MD5: d6bb7f91695351274c46568ba2724f10
SHA1: ce9dd2504a3504dace72a7ec4a50ad39f27d7278
SHA256: C12E688A63D2213B1C8122B024832EFC7766FB20DA7959BFF3162F6214C79AA6
File Size: 7.25 MB, 7253816 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Bandisoft
File Description
  • Bandizip 7.32 0 Setup
  • Bandizip Professional x64
File Version
  • 7.32
  • 1.00
Internal Name TJprojMain
Legal Copyright Copyright(C) 2011-2023, Bandisoft International Inc. All rights reserved.
Original Filename TJprojMain.exe
Product Name Project1
Product Version
  • 7.32
  • 1.00

File Traits

  • HighEntropy
  • No Version Info
  • WinZip SFX
  • x86
  • ZIP (In Overlay)

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca40a_rar\ce9dd2504a3504dace72a7ec4a50ad39f27d7278_0007253816 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca40a_rar\ce9dd2504a3504dace72a7ec4a50ad39f27d7278_0007253816 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317  RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ǜ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://www.ledyazilim.com/logo.gifhttp://ksandrafashion.com/l RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 䡴⬋ RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...