Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Dorkbot.B

Trojan.Dorkbot.B

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,896
Threat Level: 80 % (High)
Infected Computers: 25
First Seen: December 6, 2018
Last Seen: December 28, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Dorkbot.B
Signature status: No Signature

Known Samples

MD5: 10b029115108d406b88b70ca391480c9
SHA1: 404bd0dd3f2ca6c13e6c18e5d4708b9e70e8c5a8
SHA256: A2EF6AD63D42BF44A92D5BFFB8094A98FD7D5993D61093771C8E8CA40064C44A
File Size: 6.99 MB, 6986251 bytes
MD5: e201d666e4196b3df43ce780ceab46e3
SHA1: 11b93da82b05abc8157943b59e4e9bf4353bbe33
SHA256: BEECEFB09F237715E6BC6337607A4D8A42151AF1AB8822736A81A00FED496AA2
File Size: 316.98 KB, 316984 bytes
MD5: 5453a1d47e632cc65da81eef5460a25b
SHA1: bd972b64e081e5dc09e2c344f58fd9fbccbf28a8
SHA256: 35C821AE3BDFBF351FA9027C6737FFBE44BE29F362CD6388760DEE2729173460
File Size: 5.25 MB, 5249032 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 2.5.11.0
Comments Aktualizator komponentow AnoMail
Company Name
  • AnoMail.pl
  • Nanosoft
File Description
  • Verim Enterprise SQL Database Schema Sync Tool
  • Wewnetrzny aktualizator pakietu AnoMail 2015
File Version
  • 5.09.0005
  • 2.5.11
Internal Name
  • am-Serwisowy
  • VerimSqlDBupt.exe
Legal Copyright
  • Copyright (C) 2012 Nanosoft
  • P. Rusiecki 2015
Legal Trademarks AnoMail.pl
Original Filename
  • am-Serwisowy.exe
  • VerimSqlDBupt.exe
Product Name
  • AnoMail Moduł Serwisowy
  • Verim Enterprise SQL Database Schema Sync Tool
Product Version
  • 5.09.0005
  • 2.5.11

Digital Signatures

Signer Root Status
AnoMail.pl AnoMail.pl Self Signed

File Traits

  • big overlay
  • HighEntropy
  • x86

Block Information

Total Blocks: 148
Potentially Malicious Blocks: 1
Whitelisted Blocks: 82
Unknown Blocks: 65

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 0 ? ? ? ? 0 0 ? ? 0 0 0 ? 0 0 0 0 ? 0 0 ? ? 0 ? 0 ? 0 0 ? 0 ? ? ? ? 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? ? ? 0 ? ? ? 0 0 ? ? ? 0 0 ? 0 ? 0 0 ? 0 ? x 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\downloaded installations\{5153a73c-cee4-41f1-a222-8c9f3736f38d}\hdd regenerator.msi Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\_is66b2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is66e2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is6732.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is685c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is729f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_msi5166._is Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\data0008.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hr2011.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{d517c977-e512-4f0e-acb4-b92f735dc664}\0x0409.ini Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\{d517c977-e512-4f0e-acb4-b92f735dc664}\_ismsidel.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{d517c977-e512-4f0e-acb4-b92f735dc664}\hdd regenerator.msi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{d517c977-e512-4f0e-acb4-b92f735dc664}\setup.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6731.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~729e.tmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㵗ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute

Shell Command Execution

(NULL) C:\Users\Qehqwxbx\AppData\Local\Temp\hr2011.exe
(NULL) C:\Users\Qehqwxbx\AppData\Local\Temp\data0008.exe

Trending

Most Viewed

Loading...