Trojan.MSIL.Agent.FRT

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Agent.FRT
Signature status:	No Signature

Known Samples

MD5: 560505643d101f6ef1461d957cac982d

SHA1: 33386a7d23677c0481e15879a7bab49332a15c33

SHA256: 2ED7B651E973EA14128A19AB309355D79409A9D1E2B9009BE5FF179A6EB9408C

File Size: 475.14 KB, 475136 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	0.0.0.0
File Version	0.0.0.0
Internal Name	MitaPointer.exe
Original Filename	MitaPointer.exe
Product Version	0.0.0.0

File Traits

.NET
x86

Block Information

Total Blocks:	2
Potentially Malicious Blocks:	2
Whitelisted Blocks:	0
Unknown Blocks:	0

Visual Map

x x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Agent.FRT

Files Modified

File	Attributes
c:\programdata\simplecursormaker\cursor\alternate.cur	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\busy.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\diagonal1.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\diagonal2.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\handwriting.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\help.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\horizontal.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\install.inf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\link.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\move.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\programdata\simplecursormaker\cursor\normal.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\person.cur	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\pin.cur	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\precision.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\text.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\unavailable.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\vertical.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\simplecursormaker\cursor\working.ani	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort Show More ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimerEx ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtYieldExecution UNKNOWN
User Data Access	GetUserObjectInformation
Anti Debug	IsDebuggerPresent
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx
Other Suspicious	AdjustTokenPrivileges

Shell Command Execution


							runas C:\Windows\System32\InfDefaultInstall.exe C:\ProgramData\SimpleCursorMaker\Cursor\install.inf

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Agent.FRT

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

SpywareDestructor, Trojan.Downloader.vzu,...

Troj/JSAgent-CK

Jewelstastesrecovery.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen