Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.GenCBL.A

Trojan.GenCBL.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,253
Threat Level: 80 % (High)
Infected Computers: 365
First Seen: November 9, 2021
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.GenCBL.A
Signature status: No Signature

Known Samples

MD5: 24726441550f5b68db7d7c25a956980f
SHA1: 5711053c855447806561065e6ec48239288531cd
SHA256: CDE984E4C5851216FB06A2BD7EFB30DDE36C70E95D6B424374E158B1320DA5D8
File Size: 864.77 KB, 864768 bytes
MD5: b684be12db8abc72d7c5d9337137499b
SHA1: 3c548612d22d81b646492e2d2cda3fd8cc1ed642
SHA256: 5D0692C34511864E589EB865A838274E0F50B0E80533C24A275E5FFD647241AF
File Size: 1.21 MB, 1214976 bytes
MD5: 474a1512bea81bff6f45b9c811c4da93
SHA1: 789182366813b29c030741892fdb77488b4d04dd
SHA256: 09A5C04B70DAE618637219FFD126D58DE01BA97587AD02131A30C11237EF095F
File Size: 898.05 KB, 898048 bytes
MD5: db974ea2a410062c8bb64478e9ebbda7
SHA1: 8d84f701b7e1508f6cb7d1acc4e8eb5da1a06ec7
SHA256: 41951EB38C04D3A80D94E9B3EE6DC4B1EA562E15FD646538B42BC0CC5B5220B6
File Size: 1.16 MB, 1157120 bytes
MD5: fa1d5a675df0b5894034f3c9dd2fbcd6
SHA1: 471dd7ffe351326f8f81d5c7b16a79c52ee0d3e4
SHA256: A354228954AF54F86CFAAEB558F97D91E4C1A982C05336F2BAD5485B5A8565ED
File Size: 1.26 MB, 1261056 bytes
Show More
MD5: 1e43997231ce3581265ba03f95803122
SHA1: 61f1cccc53974fd04dd4d7759dc7061bbb045a5c
SHA256: 0807B1C8D92C67D76A8D02404073BE039D7230E5D2275182403057CCEFCCBDE7
File Size: 1.02 MB, 1021440 bytes
MD5: 4c62d50f520eee1be27d762100779fe6
SHA1: c692b67461d180d23af47b9dcdf732582d507ad3
SHA256: 2E2D49341D1A06B4ECCBBD7832C87DCCE2B1962F4A37E5D4E28ADEBF000EC3FD
File Size: 1.42 MB, 1421088 bytes
MD5: dfde2a890aececf3e7e1173f121e1fea
SHA1: b65f7a9c9aac5cf10b006f46dbaef9566bb7f3b9
SHA256: E8C929C3483AE157D6969CB65C902F70EBEA30AB71B59E7F62E64AA9107D3177
File Size: 1.40 MB, 1403680 bytes
MD5: 08a3dc798aa091a9437d7990f8629ec2
SHA1: 9133e42f538190a5e5016e86d2e8bc39a8db9c8a
SHA256: 2DC170392A2054A79D92A33DCCF5D06F2D5B67246E51A89C3B6062862062E191
File Size: 1.19 MB, 1186304 bytes
MD5: 62f37a08f420750623b450bdfded1c85
SHA1: 6e84b2f2a6a8079e86e02073488184be56a7aae0
SHA256: 6E5D8FB1D4A81080ACD011BD27B3CACD8762066DB19639A3A149D05E8F432675
File Size: 836.10 KB, 836096 bytes
MD5: 95ccfdeba8e532fdf6e1cc494a12de4d
SHA1: ea36129d1ffdf034203d4f3890c89a54cea7db64
SHA256: 322D312B2ABBB0DE17E13C2D7A940B8B0F5FBE99E98899521A6E0331DACE1CCE
File Size: 1.39 MB, 1385248 bytes
MD5: 572cb6c4165616776218386b831a1bbc
SHA1: ba8fd539f05be2b7829f246f30d2ef8ae69fe1d4
SHA256: 5757963CEE11C0698480A60291FA9CD8CBF0E2D60C39D1E9695EDF86C9A0C50C
File Size: 1.38 MB, 1376544 bytes
MD5: a3d8e01d5bde2e59df580065a28dc4b1
SHA1: 2f5cced4af8be7638161b1c1121ad9d45b219a9f
SHA256: A13741E36F47842FBE210DF2A6F25BBB5AF159FE98545AFE2779DC1EDAC77244
File Size: 1.20 MB, 1200128 bytes
MD5: 21bfd6224e3747ee578e65256915823e
SHA1: ba0d295ccd236e2ebf7c0f742b4f636b0852a5de
SHA256: 307CCDF5DDF086DBF17F17C7EE73540124946596DD301B53BA09DD3C93B61E89
File Size: 868.35 KB, 868352 bytes
MD5: ef0e776b36afd206950cb6c27a9773e3
SHA1: 76ecfb58b785bc2b4651088432e151d59f64bc75
SHA256: BFBBF94846BA624F09A80E0D858ECCC968420E0ECB4FBF3A95ED348BDFCF9433
File Size: 1.24 MB, 1242624 bytes
MD5: 61c644a3b0792959d570c7e43394dcd8
SHA1: 7c0b687d334d2594f6556757b8d75a19a353933b
SHA256: 4AB20DCE208EBCA2021A73475C3F35D4BB8507921BBEC205626B9F067895B97C
File Size: 1.10 MB, 1102848 bytes
MD5: ba3e969d8a68af32ac237b80032d6a66
SHA1: 832d4bc9ef87dd9d22d5656553cff3a6748ec972
SHA256: F1E0F3BA79BA53D5EE89E5D53F3A3A8124752BDF99705D4137242568CEFC0027
File Size: 1.33 MB, 1332736 bytes
MD5: f028cead1ccd4d94928a4c442df7a193
SHA1: fece035ad871918415f2c8b9c701072d9662e02f
SHA256: 7D93D59BE3CA30C7F031CD2DC64C2C955B0E0844BCEA2A408148E53FB31255F9
File Size: 1.34 MB, 1341440 bytes
MD5: 9774e43a34c78671a5e9a5f9fd53fcb3
SHA1: 256a47292795a6737b3923c7b1616ca3425a313a
SHA256: 3517BDE960C190D914396EA28E9EBEE972A0DBE050C929C046EF48CD974CB888
File Size: 1.21 MB, 1210368 bytes
MD5: 152fec83af40ce4dbdad4e3adcc38c4b
SHA1: 538e32860f0d0014fb40fd58531d9dee47c840b7
SHA256: 1704C6274FF146BB2C4E51DAB23BB223399670650A479B23AC307941D759DA1A
File Size: 1.34 MB, 1339904 bytes
MD5: 910658046e297995e47dd1d42d46f520
SHA1: 50ee2b65eff36e4ec4b52c894fbe59259f87438d
SHA256: 11AD8C1A04A914140E6F298002E8CF55CA50175EFDEDCE2FD8B64CB167E25E98
File Size: 1.34 MB, 1341440 bytes
MD5: 7947e9299b8ef8f39bd85481afb2bed9
SHA1: 4fe8303a74d65e726a373d87862a6c10ed79aeaa
SHA256: 839F9D8B30FFEE00AF86B550E099C777C8250D0EB94DCA9786BA82C431E74103
File Size: 1.28 MB, 1283584 bytes
MD5: 23849187b16c160ff2c50ee27f050fc0
SHA1: 83b3aa9eb58c64c7050a59db1caa688b77b0321a
SHA256: 987CB7027D334EF26E69E93670C4A821F3B590CBD4FBD80FA9F5846690629A66
File Size: 883.71 KB, 883712 bytes
MD5: 91bac2aae365cb11ed548183f65b2f9c
SHA1: fbe9b7e3d54e5fdc92613a955e0f6875e3eb950b
SHA256: BA90A1B3A1DEBDD51A422ABD69A0A2A94E61B1EAFE00AA6E580B6CF8D309BF0A
File Size: 1.18 MB, 1184256 bytes
MD5: e2430bb65a1291cbe68f2e44cb8c46cb
SHA1: 7fe72ceb27b7bf5daf46c25dc14fa6fc820b67d0
SHA256: AD861BAB957265B27BBD9B8F8FD9BD650AC9843ED0B05BE7F0D0B7ADB1A96F97
File Size: 1.42 MB, 1422624 bytes
MD5: ba410b9a332ee9e8e43a9ef94dc6b196
SHA1: a29bf1c2df800ef3447e996c7fae68470e95d0e4
SHA256: 1FDD76D59F30C92C328D47689E0F28931F8227819DD15058A96E61AEB584AA0A
File Size: 1.28 MB, 1280512 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
OpenVPN Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • dll
  • fptable
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 2,728
Potentially Malicious Blocks: 1,054
Whitelisted Blocks: 1,611
Unknown Blocks: 63

Visual Map

? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 x ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? x ? ? 0 ? ? ? x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 ? x x 0 0 0 ? 0 ? 0 x x 0 ? 0 0 0 0 x 0 0 ? ? 0 0 0 0 1 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x ? 0 x x x x x x x x 0 x x x x x x x 0 ? x x 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 ? ? 0 0 0 0 0 0 0 x 0 x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x x 0 0 0 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 ? x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 x x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x x x x ? ? x x x ? ? ? x x x ? ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\btbfwbjkrkcooijeg.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fbbuwuucbindzfirmluyujt_fqrrjjzihjqurooxmjmojas.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\haoqgmkoutzdsxtctivtbiuzke.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiuygehpsutiwgdhmicroemp.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hmolmdlihrzpfoqwgf_qofjqscwcunzpt.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ijvuohhsvocelyefsqmqr_rqmshuuozkynrxbtqaauu.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lscgujilvkzefejqvcrxc_cjrxwshwrbkkjiafestwucy.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\naclhrqqcvzqtfbrmsj.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ohpmmrlqkqlavxetmkbh.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_11537.txt Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\test_9614.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uezvmlomsnkljcxlmezk_zissjjhjglhkee.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uuebnoijkxhidlpe_ntuhqgdflrthkiqttzpxqop.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xfyioxchzigkevjnwaq.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\bpqggszqnktphbvapmotzl::wbmvombgtsgzlswtgjzy byoxDWkUglrjoEhY RegNtPreCreateKey
HKCU\software\eqlqfhmampqiargpp::dsjvis RegNtPreCreateKey
HKCU\software\ncxhhleigzxdaofxpog::dsjvis RegNtPreCreateKey
HKCU\software\vfsrhhmltgsmmtpvnnjzxm::dsjvis RegNtPreCreateKey
HKCU\software\amtghlpjqqqennqqafa::dsjvis RegNtPreCreateKey
HKCU\software\dbuvpqdakcbiyqiisfdzklhtii::dsjvis RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...