Trojan.MSIL.Agent.ASC
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 2,200 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 637 |
| First Seen: | October 24, 2022 |
| Last Seen: | May 21, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Agent.ASC |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
512fba0e45bdaff7751e98259b7fc60a
SHA1:
12a3c8467085c6d88cf0b8b2978ddb6de964ec23
SHA256:
A89F0597DC16911AF7F6A65A7873C1B8550167D4F56BA21998DF6896A721F5CF
File Size:
22.02 KB, 22016 bytes
|
|
MD5:
b1b1821e0c0602bc0b105ac1adec9ee5
SHA1:
ecb99f5bda33984335b2104f15492e72bd46db56
SHA256:
F0531D00E82BCFC5751B212F4E95758767F84980E35FD09338122974D62202C5
File Size:
23.04 KB, 23040 bytes
|
|
MD5:
8375f3c68fa79586de08ffb9911cf4cd
SHA1:
b0311d1af17a98518dc5c21c0f5921114e6a5933
SHA256:
AE7CF1B2C3DDAA272B55BD74642983AE80EC85CBEDD75E4AD00C4EE139E1E90D
File Size:
15.36 KB, 15360 bytes
|
|
MD5:
991ffadefc1da0f8880bfc37cae80701
SHA1:
0275792a4641da67f1684ae3bd623fad0588dcd9
SHA256:
B83E59449D17A5A51181669BE0F227951EADF690AF37B567A39D3905E1E931C8
File Size:
57.34 KB, 57344 bytes
|
|
MD5:
061c00d5a89797def413c44de2d352d1
SHA1:
bd68db8f43488a3ee19d13c5bc2508ba9113078f
SHA256:
172742ACA117A40A3C3C03D557372B49A12959053EAEFF3C2CA13A7AFCE6E878
File Size:
61.44 KB, 61440 bytes
|
Show More
|
MD5:
602667f226480679a4f66676dccb1754
SHA1:
31cd67fb5f26468eb0bd9fd15d48e45c66875bfe
SHA256:
571627356B6219D116805974345693B90EF5301917F9681FC4DAA34E2B781B53
File Size:
11.26 KB, 11264 bytes
|
|
MD5:
e756ef8191a753b973ae15217cf17a1b
SHA1:
637fcdbc9ccd833827ef2a9284f71a0884d81739
SHA256:
1061A8B8F308AB59EB120823FEE57D20EE5A2DEDE1D5E7CFAFA104D17A8EFEE2
File Size:
24.06 KB, 24064 bytes
|
|
MD5:
9a73f73f2ab3ce39eb27f64d76153531
SHA1:
00bde344a7def67f0b06a61070daaad7cd181458
SHA256:
59349BD42733B478B402B4F9386583746BFF01960ADA6AF3F88E6E21C0E5279E
File Size:
71.68 KB, 71680 bytes
|
|
MD5:
ca09108b5c119b226a86b97c6d62a893
SHA1:
b87e3f2fdbcd9e00dba5321fc9cd367d92a95ce3
SHA256:
6E32B2D2A1DAA7394E824B2E0D13426095C0200F91C388DB7D0D48FFA7D458AF
File Size:
50.18 KB, 50176 bytes
|
|
MD5:
cb1654f97f6f8ecb620ef25981d4528b
SHA1:
064c9bd804bf9802dfe2eb881d860de3d74cc632
SHA256:
44C102E5D468985C50D1BBC290DB22C9371EC0F7DCF726D0BF3B19390120DB04
File Size:
198.14 KB, 198144 bytes
|
|
MD5:
cd913da9047bb2a2ea48d6a79f57e29d
SHA1:
13a6fd48b4d6d271b9de1b1407f50d10b7ba1218
SHA256:
6A919AD74C14870B1AB5888FA7A96C74ECC2AF1A1BBBB8E7E6E3F267D3B33D3D
File Size:
14.34 KB, 14336 bytes
|
|
MD5:
0ec80c2c82fda27d8cb43906920929be
SHA1:
b31edf236e8e8ffa1ae34a73e7f7b0409cc6337c
SHA256:
D85847904CFEA208EFD890FDE54F940F9186899B374F240394E4F6A0031937F8
File Size:
32.77 KB, 32768 bytes
|
|
MD5:
445ccab5cdb970bbce878bbb989c374f
SHA1:
6c5ceaacf8532b9dfc94a3c8ee946f25f0a47ebc
SHA256:
A67ECDB70C3558435BBDC9B4CAD63DB4024255B3A95A8107E3A66876E16EE8C3
File Size:
391.17 KB, 391168 bytes
|
|
MD5:
98fed55c99ffb9592b673cea9f7ec3c3
SHA1:
b121ac5f7074f12032f90916b073150d6ad7cd03
SHA256:
CF66F2EE294862E127ACEA77F06712599F589B60D6AC547E773067D1A1C3958C
File Size:
8.19 KB, 8192 bytes
|
|
MD5:
f2e71be559cea413a8f9f6bf54807f2d
SHA1:
624bdb2d85499dc07d7393afa06e970ab276983c
SHA256:
2B7C8F9CD42769061A91E0A16C750486A38CAD5D926F23650CD6BF7ACD085D1A
File Size:
7.68 KB, 7680 bytes
|
|
MD5:
5bd59098abda414376b52bcef5c28224
SHA1:
a5e5ce560fe952d7cc65cba4c949891527d5be9d
SHA256:
8D5650A4EC64CAFA70117E1FE3F200695ACEF11C8F1531779C06CDAC14123D54
File Size:
32.77 KB, 32768 bytes
|
|
MD5:
1f7eb6d4d586be7b1b5ec44243b439fb
SHA1:
91dcab02a92a64b411a06e7d2696dc8ee8d63e2f
SHA256:
B84E67877AD1B8A250ABCB50AE18BA98F0719EAB639B3EE034F94A5E1F874D61
File Size:
305.66 KB, 305664 bytes
|
|
MD5:
161dc4f7cf08d1ba96a65f9f7dd7d7ed
SHA1:
050d8e52c950680e0fcf106dbea1104f29187154
SHA256:
81614E805052B79325067A42A1B8E942C80250A196C5EC76A66BD620CCBA814B
File Size:
32.77 KB, 32768 bytes
|
|
MD5:
84e265febad37591ff5882b0a626e827
SHA1:
325153643905cdcf08dd2261316396a0ea375cda
SHA256:
98D8866857C555557B1046361D9998BCB6577A91DB7F4CD5960E2E0609E45061
File Size:
32.77 KB, 32768 bytes
|
|
MD5:
e67f8bbed23ce3decf44644793fe0fdc
SHA1:
2cf25509f747a2900e3e1fe06b2592d0fffe3038
SHA256:
29CAB1A4DCD48D107AF8D7C5E5EE25CB7492AF7D4AF31A70E6D736F85A47B66D
File Size:
14.34 KB, 14336 bytes
|
|
MD5:
3c2205717ab0e6abbb4e919a2a6c07ca
SHA1:
e3f2c55e3e7b09b90366ea62f2e04b4ef7667f8e
SHA256:
DB92FF36BD8F230422E9EA768139E72244812FA09F480A897F98F09825EC79B1
File Size:
7.68 KB, 7680 bytes
|
|
MD5:
c2a1157f627c0b709b3c73e13e3300ec
SHA1:
8f213e6f9e93bf9788342bfb1ef9e02156510553
SHA256:
5CA75724BEF33E9035EC611461F33F7EA597390B7EFCACA5B79AA92958BE70A6
File Size:
7.68 KB, 7680 bytes
|
|
MD5:
c930e7a2f7805c75b7f3527180ff10cc
SHA1:
675bb0ed91429e1d376d80b7cea8568c7f9a74f6
SHA256:
4AC49EA3EA6276DA03F7325FC99673469C29C71E4911619E3022989FA43CEE3B
File Size:
14.34 KB, 14336 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
|
| Original Filename |
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- dll
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 20 |
|---|---|
| Potentially Malicious Blocks: | 12 |
| Whitelisted Blocks: | 6 |
| Unknown Blocks: | 2 |
Visual Map
x
0
0
0
x
x
x
x
x
x
x
?
x
x
?
x
x
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Webshell.AA
- MSIL.Webshell.BV
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
