Trojan.MSIL.Agent.GFDA
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 21,471 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 14 |
| First Seen: | September 11, 2024 |
| Last Seen: | April 5, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Agent.GFDA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3207a0f451319772fe5f0e2778ce607d
SHA1:
fd0026541e0fed709dd4f0cfe38e25f6fa9bbe38
SHA256:
43D4CE970EFB87CC4FB0B9C978AD02D20A4580720B275E332C0BA0EECF1EE2AD
File Size:
3.96 MB, 3964416 bytes
|
|
MD5:
f3c7c9c65311fd3cfbea97d93592a8eb
SHA1:
2d3f4aee1155162319841a6d6d9cc5ee8da7cc30
SHA256:
B2CD47EAA870926D4682C245B0D8FC55559009190BC3CB5758B9536B6881886D
File Size:
3.97 MB, 3970560 bytes
|
|
MD5:
c8a8c6c13cebc19ed416bcfe6382419f
SHA1:
40e5fd80962b038cd864dfe570de5e95cd89e553
SHA256:
8C1D6245C4E1B1B6998D8A98E0D6FB829708242953123439A4F593CA290B0760
File Size:
4.00 MB, 4000768 bytes
|
|
MD5:
02861ba81a0b24d194e3c8e57a521ed2
SHA1:
65c957d7861fc6e112c7e958a1fb10eb3377f556
SHA256:
3A603EF4B31003C993EDED047528086745215C13E21FE138C229F2BE7FE89997
File Size:
3.97 MB, 3973632 bytes
|
|
MD5:
d87b89e0fd2a5ac80adecbe1592b74fc
SHA1:
6dd38dc6caf3480807c3723432d295a8dc5ac2b6
SHA256:
84519E64F6D9DF2EE78924C8E5452EC8006F6A3AB49B13CC8657B06071452D3E
File Size:
3.98 MB, 3976192 bytes
|
Show More
|
MD5:
f6b2e6972b61c91d7aeeda2b1470e33d
SHA1:
c77d668a90f40161d9bb2c797da301703cad2fbd
SHA256:
40055847C1F14E534C60BDB8FC94E505DAA14133C97272CDD699786F8EA6C8D1
File Size:
3.96 MB, 3959808 bytes
|
|
MD5:
74bb8fddd27629f99ffe6a2eda3d2563
SHA1:
1087d9d5decd600f54337027be6e51adea8eaac9
SHA256:
635B25EF829F9192997C12BFA69D5D716C54BC5560D3D50DFDFC91FF05404FC5
File Size:
3.98 MB, 3980800 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 0 |
Visual Map
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Agent.GFDA
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Other Suspicious |
|
| Anti Debug |
|
| Encryption Used |
|
