Multi-License Discount Quote

Change Region

English
Threat Database Dialers Trojan.Dialer.GA

Trojan.Dialer.GA

By CagedTech in Dialers, Trojans

Threat Scorecard

Popularity Rank: 19,802
Threat Level: 80 % (High)
Infected Computers: 7
First Seen: May 23, 2023
Last Seen: November 16, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Dialer.GA
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 34f80e4c95022ca5405055bbd789b606
SHA1: 345c0812ce0f80e2ca19c1b423022bcc7c85a797
SHA256: 3574C7CA75F71481EEED44BE9B373D7CE76F917C2F835AF84A6E62A58EA3CB77
File Size: 94.18 KB, 94176 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name A Lifestyle GmbH
File Description aconti NetService
File Version 2.24
Legal Copyright (c) 2000,01 A Lifestyle
Original Filename aconti.exe
Product Name aconti NetService
Product Version 2.24

File Traits

  • packed
  • x86

Block Information

Total Blocks: 407
Potentially Malicious Blocks: 158
Whitelisted Blocks: 238
Unknown Blocks: 11

Visual Map

x x x x x x x x x x 0 x x x x 0 0 0 x 0 x 0 x x x x x x x x 0 x x x x x x x x x x x x x x x x x 0 x 0 x x x x x x ? x x x x x x x x x x x x 0 x x 0 x x x x 0 x x ? 0 x x x 0 x x x x x x x ? x x 0 x x x 0 0 x x x x x x x x x x x x ? x x x x x x x x x ? 0 x x x x x x x x x x x x x x x x x x x 0 x x x x ? x x x x x x x x x 0 x 0 x x x x x x 0 x x x ? 1 ? 0 0 ? x x ? x x x ? x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\aconti.log Generic Write,Read Attributes
c:\windows\aconti.dat Generic Write,Read Attributes
c:\windows\aconti.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\aconti.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\aconti.sdb Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::aconti C:\WINDOWS\aconti.exe -auto RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\aconti::displayname aconti RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\aconti::uninstallstring C:\WINDOWS\aconti.exe -uninstall RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute

Shell Command Execution

(NULL) C:\WINDOWS\aconti.exe -firstrun

Trending

Most Viewed

Loading...