Threat Database Trojans Trojan.Disabler

Trojan.Disabler

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 7,008
Threat Level: 90 % (High)
Infected Computers: 541
First Seen: July 24, 2009
Last Seen: March 23, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG Win32/Dzan.B
AntiVir HEUR/Crypted
BitDefender Trojan.Generic.2204956
Avast Win32:Disabler [Trj]
F-Prot W32/Bifrost.Q.gen!Eldorado
AVG unknown virus Win32/DH.00000000{00008208-00000000-
Ikarus Email-Worm.Win32.Brontok
Antiy-AVL Trojan/Win32.Disabler
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.J
AntiVir TR/Gendal.3059368.4
Comodo TrojWare.Win32.Disabler.I0
BitDefender Trojan.Generic.3059368
ClamAV PUA.Packed.FSG
Avast Win32:Malware-gen
NOD32 Win32/Disabler.I

Analysis Report

General information

Family Name: Trojan.Disabler
Signature status: Root Not Trusted

Known Samples

MD5: 549da3a396ae13b9109bde2d1f29dc40
SHA1: da274c563598e1d6d1589df2e1eb64b4d28f603a
SHA256: 3D946939605636D2FF1BCFAD0AC35D5FC2D21364AE2F324B10502112E3C56FB7
File Size: 103.55 KB, 103552 bytes
MD5: fad10459662a996602afed94514de714
SHA1: 18b728bf435e869b7cfa07fe7798f577142453c8
SHA256: 9738CE648B7C1A36DDDAA197492F0FEE6EEB8B368252497C496D027E1AA8A157
File Size: 3.45 MB, 3445760 bytes
MD5: 238c16a0800c14b6068021fe38e903ec
SHA1: 9209966d8c2bb7e5abc14909f035c171699fc3af
SHA256: 6A71C8AC1309B3272DA941425314DAD8D9C297EE94CBC78D8C208648E717132E
File Size: 112.14 KB, 112144 bytes
MD5: c42c6504d247aec0debd106d6617be1e
SHA1: 79456828862223a1c10bb0754f1cf037c125c43d
SHA256: B3E9A1AF26B66959ED4AB714FBDBBACF9A3B749A25114907FB5A9D174EE2FB8B
File Size: 112.14 KB, 112144 bytes
MD5: f970a59a728c152ebdbd8e45f26ac9d8
SHA1: ee6390f8798ffefd4472b427a4078e0c68286add
SHA256: FA544F8E0146D5F12BD904F65C2E999E475A525FF676350F90289A0CA834C21F
File Size: 169.47 KB, 169472 bytes
Show More
MD5: adb0d247ab2e257179cb47fda5ac84ad
SHA1: c1beecb44fcef56b51e17093a28ede5f5bfde553
SHA256: 430F045CB7BE47862C90766076424FD343BABB76DF1A7369FD650AE94DE95A51
File Size: 112.15 KB, 112152 bytes
MD5: 4145076aabfda767957a073140132580
SHA1: 493b5742ee075da607e12d03315af25886bfa4be
SHA256: 1D1E563B67F2FBF75E074568DE80D8FD9DC8D4B7A872FA61BC9433557DCB6BA0
File Size: 100.37 KB, 100368 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Be Happy 🙂
Company Name simplix
File Description UpdatePack 7 / 2008 R2
File Version
  • 25.10.15.0
  • 25.9.10.0
  • 25.7.10.0
  • 23.5.10.0
  • 22.2.10.0
Legal Copyright simplix
Product Name UpdatePack for Windows 7 SP1 & Server 2008 R2 SP1 Universal
Product Version
  • 25.10.15.0
  • 25.9.10.0
  • 25.7.10.0
  • 23.5.10.0
  • 22.2.10.0

Digital Signatures

Signer Root Status
Alexander Lomachevsky SSL.com Code Signing Intermediate CA ECC R2 Self Signed
Alexander Lomachevsky USERTrust RSA Certification Authority Root Not Trusted

File Traits

  • golang
  • HighEntropy
  • Installer Manifest
  • No Version Info
  • packed
  • x64
  • x86

Block Information

Total Blocks: 84
Potentially Malicious Blocks: 7
Whitelisted Blocks: 62
Unknown Blocks: 15

Visual Map

0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 x 0 ? 0 x x ? 0 0 ? ? x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 ? ? 0 ? 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AdGazelle.A
  • Agent.IFF
  • Agent.XCO
  • Chapak.CBC
  • Chapak.HC
Show More
  • ClipBanker.UDB
  • Dapato.ACA
  • Downloader.Agent.TJ
  • Filecoder.VBC
  • Mobogenie
  • SearchSuite.C

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\roaming\microsoft\protect\securityhealthsystray.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\protect\securityhealthsystray.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoft\protect\securityhealthsystray.exe Write Attributes
c:\users\user\downloads\18b728bf435e869b7cfa07fe7798f577142453c8_0003445760 Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\partmgr::enablecounterforioctl  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::realtek hd audio universal service C:\Users\Vtmzrwfd\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 榤㛚ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
Show More
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushBuffersFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletion
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
  • win32u.dll!NtUserCallNoParam
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserShowWindow
Network Winsock2
  • WSAGetOverlappedResult
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Other Suspicious
  • AdjustTokenPrivileges
Process Shell Execute
  • CreateProcess
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Network Info Queried
  • GetAdaptersAddresses
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • socket
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\WINDOWS\system32\attrib.exe attrib +h +s c:\users\user\downloads\18b728bf435e869b7cfa07fe7798f577142453c8_0003445760
C:\WINDOWS\system32\attrib.exe attrib +h +s C:\Users\Vtmzrwfd\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\WINDOWS\system32\reg.exe REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
WriteConsole: The operation co

Related Posts

Trending

Most Viewed

Loading...