Threat Database Trojans Trojan.FileSponger

Trojan.FileSponger

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 7,320
Threat Level: 80 % (High)
Infected Computers: 490
First Seen: September 2, 2023
Last Seen: March 19, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.FileSponger
Signature status: Hash Mismatch

Known Samples

MD5: 6ca84089561f6264be8e6b379512cb15
SHA1: 09d39a5671bc79e5bc28c781e56b7d95d7ef0443
SHA256: B7A3846F5259111DC055379B3407DC2124D17016ACBB3691E563AF6D7E2E06C6
File Size: 87.98 KB, 87976 bytes
MD5: 3f3add843e929b161575fc912cf926b6
SHA1: cc50ffe500da69728443d4bfb9c469ec23648707
SHA256: C124FDDA278933ED1E3C336D8B54570C07AF7CA2AC949D0A7EDC9BB96E054DA3
File Size: 87.98 KB, 87976 bytes
MD5: b54ec4b46efd700cc021e51acbc63167
SHA1: 7f7bde95dd07707f080225567382b10092879e2d
SHA256: DF437FEC9B2CF7BEC5E26EEBFE2969386BB7E3B24B34F3FDA1A813A91EF3CEDD
File Size: 87.98 KB, 87976 bytes
MD5: d5c544acec5af0fb82febaa1c433c668
SHA1: f0eee3ae2b02f3de87e775e93fb42d47ac1ab693
SHA256: CC03ED615309114B4D4B0B19F2FB51FFE98869BDCD9B9510C83AEB69717FFC9F
File Size: 87.98 KB, 87976 bytes
MD5: 1b9d7bca65889fb8114d1c0388ef73a3
SHA1: ffdd8774658ca6b84072471ee3123814e3d6039b
SHA256: B6B28C1AA036726CD38A3DDA1833CC1051802C214A3DE98C3FA4A1EA133AA4A3
File Size: 87.98 KB, 87976 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name MAGIX Computer Products Intl. Co.
File Description Error Reporting Component
File Version Version 1.0 (Build 5268) 64-bit
Internal Name ErrorReport.DLL
Legal Copyright Copyright (c) 2020 MAGIX Software GmbH. All rights reserved.
Original Filename ErrorReport.DLL
Product Name Error Reporting Component
Product Version Version 1.0 (Build 5268) 64-bit
Sf Char Set UNICODE
Sf Lang I D SBCS:409
Sf Lang Name English (U.S.)

Digital Signatures

Signer Root Status
ProteinHost ProteinHost Hash Mismatch
MAGIX Software GmbH Symantec Class 3 SHA256 Code Signing CA Hash Mismatch

File Traits

  • dll
  • x64

Block Information

Total Blocks: 17
Potentially Malicious Blocks: 0
Whitelisted Blocks: 14
Unknown Blocks: 3

Visual Map

? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
Show More
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Related Posts

Trending

Most Viewed

Loading...