Trojan.MSIL.Agent.BIA
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 3 |
| First Seen: | May 4, 2022 |
| Last Seen: | October 24, 2025 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Agent.BIA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
218619fef9edfe001afb6005c18f0398
SHA1:
7695ee48fb6404e2e51c0ca9bdab3bebca39b0bd
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
914b46dbf31910a48f6a931a37738eca
SHA1:
39471ad1eeac85bb3c6fcd4417af6885cfd5d827
SHA256:
A085E985D4278B6B03FFE4AD04CD9945BEEA5CE3B584AF18A78D5EC874474B83
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
f58df3a5178f14c57360d12aa16224c0
SHA1:
a490c402941bf51c16c3f466914f64b773e8049d
SHA256:
AC76BF8986241FB14BAFD567BD268B251D3635138B2DA6A1DD7FFEAADEFDA501
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
1b0a51c3269a1dfd510f7b9bdbc2bda3
SHA1:
f727fc4188017dd3e031e0fb8a21079c53a96104
SHA256:
103073E2A4305E67A112A27DA926104B440DF089CBBE6168C7D20847164CDB8C
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
62729e45724a6422939b53d16aa37ae4
SHA1:
1053a590c5187526faceda8080a15bc038247d2b
SHA256:
35452C95CF6B9795C4AD0E0F6C7F0B012C23BD95FBB4C431C91052C2E329868F
File Size:
4.61 KB, 4608 bytes
|
Show More
|
MD5:
970a46f930fd1dd6c2a8bd7e29dd53db
SHA1:
11ae42b51dd43edb8ffb1909758e5d5649ada458
SHA256:
DD25FDF1E04A6ABAC71D05FB1657721A2168C49F82D923E643EED0DD141CAEAC
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
ed0b2116344b74f3eb9813d9fb6cd7c8
SHA1:
8e3dd6f64f432e160836488c058ad81a99778228
SHA256:
608BB732794F250DE7DA692F20DFB4F379DF4255752755B5482756B2EE966842
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
696311428cb4e86db88c04a63802db3c
SHA1:
cbd75a33dc164254a8685249018925b89abd49a1
SHA256:
95408DB34D7E7D318AD3941DC763F0DB79CAC6F28E06AB55E935075251775AC5
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
489ec447a577ceca27b1ae6b5f6d6b0e
SHA1:
eb913163e2981c7613b1e336835da074df29c05d
SHA256:
C363F4893BAC112C532BF74BC3678242BBE641ED5B43D6E3CF65ADF2E4973ED2
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
d3ead1c57596330255d5d12704f5dc60
SHA1:
2349761a463f5fdea6f6c6c27203c2e263dd72c8
SHA256:
734F8D5916BC5795193FDC01E13B1BB2D616113DF23B3FDF17169B7CF5FEB6D3
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
a67d118d3bd8709bb2a4e273d84e5052
SHA1:
b23c02096d9586ed66a98f5185ff458d5e4fbbb0
SHA256:
B3A1E7FDB53153A10D54827A6D2800C82AF16DB6D6D110F58F52462E026398F2
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
2c68ea35fb576e000c90e83e353f2bb2
SHA1:
19957ad0a91b43c5ae11baca8fe1a6a84e6e9b18
SHA256:
49AE87B53E14496C0A8995EEEB9DC8142B68E3F9FBB860C2CDC3DD29E92C9AE2
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
eb7ecdd94d463fcfa86d830d71f09fc7
SHA1:
7d3e0613ac4c83113d6f147e020ed28802a64811
SHA256:
7E76A799AFA2247E19DB8141B04CAD4506F38CB5AA49939821924F0797AD1864
File Size:
4.61 KB, 4608 bytes
|
|
MD5:
459da2c3ccb9bb89adb324530c8b67a4
SHA1:
f375c1afc7888ad912757edfd7c51e636b922ef1
SHA256:
A5DD1BFBD9AD549258CE2556DA61036D0F44DE7E3372C8B50A0583FB0945E766
File Size:
4.61 KB, 4608 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
Show More
|
| Original Filename |
Show More
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3 |
|---|---|
| Potentially Malicious Blocks: | 2 |
| Whitelisted Blocks: | 1 |
| Unknown Blocks: | 0 |
Visual Map
x
0
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Agent.BIA
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Anti Debug |
|
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
(NULL) C:\inetpub\steamwebhelper.exe
|
(NULL) C:\Users\dorik\AppData\Local\Discord\Update.exe.exe
|
(NULL) C:\Users\PC\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\MicrosoftEdgeUpdateCore.exe.exe
|
(NULL) C:\Users\PC\Searches\NisSrv.exe.exe
|
(NULL) C:\Recovery\SurrogateComponentRuntime.exe
|
Show More
(NULL) C:\Program Files\CCleaner\CCleaner64.exe.exe
|
(NULL) C:\TDPremium\conhost.exe
|
(NULL) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe.exe
|
(NULL) C:\Recovery\OEM\conhost.exe
|
(NULL) C:\Users\Acer\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.exe
|
(NULL) C:\qLoader\backups\steamwebhelper.exe
|
(NULL) C:\Users\maksj\AppData\Local\Discord\Update.exe.exe
|
(NULL) C:\system.sav\Logs\msedgewebview2.exe
|
(NULL) C:\AMD\Chipset_Software\Packages\Apps\brave.exe.exe
|
(NULL) C:\Saves\goodbyedpi.exe
|
(NULL) C:\Program Files (x86)\Yandex\YandexBrowser\Application\browser.exe.exe
|
(NULL) C:\Dokumente und Einstellungen\lsass.exe
|
(NULL) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe.exe
|
(NULL) C:\IntelOptaneData\service_update.exe
|
(NULL) C:\Recovery\OEM\Acerlogs\nvcontainer.exe.exe
|
(NULL) C:\Choppa Store\Sunshine\tools\asus_framework.exe.exe
|
(NULL) C:\Users\Denilson\Saved Games\The Last of Us Part I\users\conhost.exe.exe
|
(NULL) C:\XboxGames\GameSave\pgs\fontdrvhost.exe
|
(NULL) C:\Recovery\AutoApply\CustomizationFiles\NVIDIA Overlay.exe.exe
|
(NULL) C:\CCleaner\CCleaner64.exe.exe
|
(NULL) C:\GOG Games\Heads Will Roll Reforged\renpy\common\_placeholder\MsMpEng.exe
|
