Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Agent.XCB

Trojan.MSIL.Agent.XCB

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Agent.XCB
Signature status: No Signature

Known Samples

MD5: 7848f1fbfeb0791a01ac39516bd2b2b5
SHA1: e71468099531ca8dc8fd9d85412c4fefd4ba6b04
SHA256: ED63B58A52D8577F9A5EC05F579A707B8352FD5DF633E4CDB4B9E4FBAE214E69
File Size: 31.74 KB, 31744 bytes
MD5: 2c84bce609a2379b08e03f5bc86b8926
SHA1: 7596a1717dba3ad3c3d1b22ef65a1ed4ed22b94c
SHA256: CEA6CBA733E102F0395D6DEF566BC0C371D53BA2998E8D7C9BD0830E95F64BC0
File Size: 237.57 KB, 237568 bytes
MD5: 3c8392a8b2e2a42be1966927e1c1f5dc
SHA1: 816fc5d10f19ff675498ca45b39fab7f8cea7f79
SHA256: 1D978F2D67E2DC707A554B3BA37655438C50C318F2087F4AABD4E80C4C28A49D
File Size: 71.68 KB, 71680 bytes
MD5: fdc91fa4f02e4e41d87b92c522ad502e
SHA1: 4e464e5607526d88b41fc1d047b230fb2c26907f
SHA256: 141153FF12C9C0F0F66E2D70DBD8D5DE8AA8A145555A3792FA1EE6CFFE378FCE
File Size: 40.96 KB, 40960 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.0.1.0
  • 1.0.0.9
  • 1.0.0.0
Company Name NiggaClient^2
File Description
  • DolphinRecoilPanel
  • NiggaClient^2
File Version
  • 1.0.1.0
  • 1.0.0.9
  • 1.0.0.0
Internal Name
  • DolphinRecoilPanel.exe
  • Launcher.exe
  • NiggaClient^2.dll
Legal Copyright Copyright © 2025
Original Filename
  • DolphinRecoilPanel.exe
  • Launcher.exe
  • NiggaClient^2.dll
Product Name
  • DolphinRecoilPanel
  • NiggaClient^2
Product Version
  • 1.0.1.0
  • 1.0.0.9
  • 1.0.0.0
  • 1.0.0

File Traits

  • .NET
  • dll
  • x86

Block Information

Total Blocks: 71
Potentially Malicious Blocks: 28
Whitelisted Blocks: 43
Unknown Blocks: 0

Visual Map

0 x 0 x 0 x x 0 x x 0 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 x 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Agent.XCB

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Other Suspicious
  • AdjustTokenPrivileges
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Network Winsock2
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • setsockopt
Network Winhttp
  • WinHttpOpen
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
Show More
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetAncestor
  • win32u.dll!NtUserGetClassInfoEx
  • win32u.dll!NtUserGetClassName
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetIconInfo
  • win32u.dll!NtUserGetIconSize
  • win32u.dll!NtUserGetImeInfoEx
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadDesktop
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserGetWindowCompositionAttribute
  • win32u.dll!NtUserIsNonClientDpiScalingEnabled
  • win32u.dll!NtUserIsTopLevelWindow
  • win32u.dll!NtUserMessageCall
  • win32u.dll!NtUserRegisterClassExWOW
  • win32u.dll!NtUserRegisterWindowMessage
  • win32u.dll!NtUserReleaseDC
  • win32u.dll!NtUserRemoveProp
  • win32u.dll!NtUserSelectPalette
  • win32u.dll!NtUserSetCursorIconData
  • win32u.dll!NtUserSetWindowFNID
  • win32u.dll!NtUserSetWindowLongPtr
  • win32u.dll!NtUserSetWindowPos
  • win32u.dll!NtUserUpdateInputContext

Trending

Most Viewed

Loading...