Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Agent.SKI

Trojan.MSIL.Agent.SKI

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Agent.SKI
Signature status: No Signature

Known Samples

MD5: e4f6a9df9b689ef06b4f99dd25855ba3
SHA1: 8d3872e06fd73f3cb354a5d4de22d84e126465c6
File Size: 20.48 KB, 20480 bytes
MD5: 23082d80c7ec9cbf4f55f49c54b4a2fe
SHA1: 7f0c4ad0d24f55cbc78b827b873101950fbc8360
File Size: 34.82 KB, 34816 bytes
MD5: c3bf390733ecab51f3668daab1aab6d9
SHA1: 5bf11507c97629a4b383a3bd6efe50613dc733a3
File Size: 20.99 KB, 20992 bytes
MD5: 8ec8f6da1bbb8d7bc5d95baae3990a2f
SHA1: 19c0d0698ef210f9611c0b7a3d4aaf11ec30b2b2
SHA256: E27C7F60689BC39F2CE98A1C0ECD8AD60A8F8E13177AA6D68C6BD9B34BF26316
File Size: 23.04 KB, 23040 bytes
MD5: 78cca43b1e7e07eb2deba9c0d9115711
SHA1: 68f400d7fe8dfad8b4eb52ee030ab1fc24ada1e0
SHA256: 0235398847622B78BE2D86F5BE8F64D1CA1E591EF80B93D312575BA517DD0BB5
File Size: 26.62 KB, 26624 bytes
Show More
MD5: a4d2a74520d03b03a3a2579641340f33
SHA1: f69954811abd6f2db02ca19625035c6d10e75784
SHA256: C3252C19987E29E250349B3E86F17B12137171A0905E02E3559B77887944543D
File Size: 20.48 KB, 20480 bytes
MD5: a66b35ae5cb8701563166557a8f6e670
SHA1: fae97638fa8ac58c38b294d4d27b93e8a121d275
SHA256: BDA03C0D6064E72155FCE924FE50676BA58D24CF5555AB55444183CE27A06D33
File Size: 23.04 KB, 23040 bytes
MD5: 724efa37df6cef5877fe165da30eaa1e
SHA1: ebeb403bc3960e27c0c48ac53614c88421cc3127
SHA256: D3C4F27C43B8EEBD3F30770B91EB03078DE9A962664251E5E6EBC41F5CEAC1C6
File Size: 34.82 KB, 34816 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Dynamic framework that simplifies your scalability. User-friendly engine that accelerates your data. Reliable framework that manages your productivity. Dynamic framework that simplifies your scalability. User-friendly engine that accelerates your data. Reliable framework that manages your productivity. Dynamic framework that simplifies your scalability. User-friendly engine that accelerates your data. Reliable framework that manages your productivity. Dynamic framework that simplifies your scalability. User-friendly engine that accelerates your data. Reliable framework that manages your productivity.
  • Dynamic service that controls your operations. Robust system that boosts your data. Reliable software that coordinates your security. Dynamic service that controls your operations. Robust system that boosts your data. Reliable software that coordinates your security. Dynamic service that controls your operations. Robust system that boosts your data. Reliable software that coordinates your security. Dynamic service that controls your operations. Robust system that boosts your data. Reliable software that coordinates your security.
  • Innovative application that controls your files. Seamless solution that analyzes your storage. Smart technology that optimizes your productivity. Innovative application that controls your files. Seamless solution that analyzes your storage. Smart technology that optimizes your productivity. Innovative application that controls your files. Seamless solution that analyzes your storage. Smart technology that optimizes your productivity. Innovative application that controls your files. Seamless solution that analyzes your storage. Smart technology that optimizes your productivity.
  • Nosiva Nosiva Nosiva Nosiva Nosiva Nosiva NosivaNosiva Nosiva
  • Scalable module that manages your system. Smart solution that improves your analytics. Lightweight tool that controls your operations. Scalable module that manages your system. Smart solution that improves your analytics. Lightweight tool that controls your operations. Scalable module that manages your system. Smart solution that improves your analytics. Lightweight tool that controls your operations.
  • Secure program that accelerates your analytics. Advanced extension that controls your system. Intelligent assistant that analyzes your automation. Secure program that accelerates your analytics. Advanced extension that controls your system. Intelligent assistant that analyzes your automation. Secure program that accelerates your analytics. Advanced extension that controls your system. Intelligent assistant that analyzes your automation.
  • Secure technology that improves your analytics. Cutting-edge program that customizes your processes. Smart framework that customizes your performance. Secure technology that improves your analytics. Cutting-edge program that customizes your processes. Smart framework that customizes your performance. Secure technology that improves your analytics. Cutting-edge program that customizes your processes. Smart framework that customizes your performance. Secure technology that improves your analytics. Cutting-edge program that customizes your processes. Smart framework that customizes your performance.
  • User-friendly system that detects your files. Dynamic platform that boosts your analytics. Innovative AI that optimizes your speed. User-friendly system that detects your files. Dynamic platform that boosts your analytics. Innovative AI that optimizes your speed. User-friendly system that detects your files. Dynamic platform that boosts your analytics. Innovative AI that optimizes your speed.
Company Name
  • Acetone
  • Duxugu
  • Ecahaq
  • Eqabot
  • Nosiva
  • Uvumaj
File Description
  • Abstraction
  • Ayajoj
  • Fecafe
  • Ivedat
  • Iwipiz
  • Okapug
  • Saqiha
  • Tepubi
File Version 1.0.0.0
Internal Name
  • Acetone.exe
  • Duxugu.exe
  • Ecahaq.exe
  • Eqabot.exe
  • Etosad.exe
  • Nosiva.exe
  • Obojaq.exe
  • Uvumaj.exe
Legal Copyright Copyright © 2025
Original Filename
  • Acetone.exe
  • Duxugu.exe
  • Ecahaq.exe
  • Eqabot.exe
  • Etosad.exe
  • Nosiva.exe
  • Obojaq.exe
  • Uvumaj.exe
Product Name
  • Abstraction
  • Ayajoj
  • Fecafe
  • Ivedat
  • Iwipiz
  • Okapug
  • Saqiha
  • Tepubi
Product Version 1.0.0.0

File Traits

  • .NET
  • x86

Block Information

Total Blocks: 123
Potentially Malicious Blocks: 38
Whitelisted Blocks: 77
Unknown Blocks: 8

Visual Map

0 0 0 ? x x x x 0 0 ? x 0 x ? 0 0 ? 0 0 x x 0 x x x 0 0 0 x x 0 x x x 0 0 0 0 0 x x 0 x 0 0 ? ? x 0 0 0 x 0 x 0 x 0 0 x x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x ? 0 ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Agent.SKG
  • MSIL.Agent.SKH
  • MSIL.Agent.SKI

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation

Trending

Most Viewed

Loading...