Trojan.MSIL.Clicker.CCE
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Clicker.CCE |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
41313d93e8a8131f511f0b5c5754fbf1
SHA1:
3748a497e79f3aa88dfeff893577fba3d933feb8
SHA256:
6210C2A4257A9579748593FAAA39B8199D6D1196A0B499FB9544F1EF9457012B
File Size:
18.94 KB, 18944 bytes
|
|
MD5:
ef83e731b96d75dd6a0516a28a878ad1
SHA1:
fd8ecb9df6a733c2e6d3978a11a90263eba1ff23
SHA256:
50790452B1F52FF8705D9A9139514BC2948A57701486FC848ECF6299EDC3EA16
File Size:
18.43 KB, 18432 bytes
|
|
MD5:
6f64176a983faf9b8646e2ebfc321a61
SHA1:
259e6a1a5fcd445677b850ffac4ae39ef176c909
SHA256:
CEA7307638AA53369033FDF9DD80F448DD6212B911D61F6314BFEF68D320C4D1
File Size:
18.94 KB, 18944 bytes
|
|
MD5:
040510bf1f9ca9cbe9a3b03eea904cdb
SHA1:
fc1d2028dfdf73b8297a262e6f9cadc7ede7b675
SHA256:
89593A84BE8717B2CE00D8A46D709F737137BBF1CC5D4C1C1C34E03128463C21
File Size:
18.94 KB, 18944 bytes
|
|
MD5:
ee26a34c356aedfac711cab491a090fa
SHA1:
505edcb6424960a5fc378a8084261d2cde43b191
SHA256:
7E029216B1DA1428296F63AE305163EAAAA0DBB09A0EDC1B2A8A0D7CE1E77718
File Size:
8.80 MB, 8803328 bytes
|
Show More
|
MD5:
a95c8b253e6f82985f02e7d1addfef1e
SHA1:
f63fa7180c99e15453e1346532e966349688ef56
SHA256:
392F338082EE0EEFC9309D04A77CBD548818961AEAD90FDECDBC2A391B29AB7E
File Size:
7.74 MB, 7740416 bytes
|
|
MD5:
a851d45b4479ce00b0fac3ce23e26fb7
SHA1:
76051283ded09e5d6e90d93b13419051155a42d4
SHA256:
F9F06D70D626C7F6A2AA270EE56154F66A2F3DC501A794E6E3BC1EB1B9D6E0F5
File Size:
7.41 MB, 7414272 bytes
|
|
MD5:
fec32c7b9bbf5cf4f68156d9133941ef
SHA1:
50338df1defb9b97d5f5cbb298843953d7d6f44c
SHA256:
B92787FC8D36FD4161873862878E2DE2924F18B458D364CFD0AC1A37EF0B70B6
File Size:
7.51 MB, 7506432 bytes
|
|
MD5:
0ae080786a976c050e001337d8274b19
SHA1:
2f380e8ee97d8832fc9b11e051a566f3871d6380
SHA256:
206CDE049366E236F13613CE9C837A9CFFAB5F9759748A4B0B83519E4EFE645D
File Size:
18.94 KB, 18944 bytes
|
|
MD5:
dff00aa9fc8b809852d8843bd5831c31
SHA1:
41e97298213814754f0c8cede3904edf88886d4c
SHA256:
79BAD815EF66E4578DED74494BC9D007BE984EE5FA6CEE63C20C0CB389962E1F
File Size:
8.20 MB, 8199680 bytes
|
|
MD5:
704613c5cdc58283d70d7a3b79eacb5c
SHA1:
e5a371d48a541827fdeeaea13a6da19840be53c2
SHA256:
B315ECD73D6AE415A37062AC2C766BBECF894ED6ADDBB8AC1C2A57936719F0D8
File Size:
9.08 MB, 9078784 bytes
|
|
MD5:
e880b3134f4178bbf8655741c561b7a1
SHA1:
5e23a7857bd34b0ed1e4b4075fc3b45381224d14
SHA256:
AA84EFC2758A9AEA0D9DA65E25CF500711FAA6D2966CF836E56DEB1EBEF663FF
File Size:
7.79 MB, 7791104 bytes
|
|
MD5:
bfa9547346a6db34e494086e15a93beb
SHA1:
4c2788dd71f2566db12830384bc9d0da8fdcd1d5
SHA256:
2E04CEB974479C75B642527CEBF533C8C08E476DE7D5CC26F33FFB5ADDB68607
File Size:
8.34 MB, 8338432 bytes
|
|
MD5:
fc694dd3d0dc863c76ff9ca3af1c9285
SHA1:
407119c9ddd8c6715f1d917096a6f4771dcdc6b9
SHA256:
28EE7096B6E490ACC41D761CFBD9DE8F3E001DD20E21A57DFCF7433B8BE16860
File Size:
4.35 MB, 4352496 bytes
|
|
MD5:
f93f4199a69c85b1d1a0757521df9d90
SHA1:
eb6288cb0f26e4c37fdd55cb8e751fa7301429be
SHA256:
ACC1A18AF90616E389A35EE15FB4ACA803206E064ADB6354C1E15F687BCA22CC
File Size:
7.64 MB, 7638016 bytes
|
|
MD5:
27d83456eb9fbf5ca86f89fa73f06789
SHA1:
99c2f64c5f6d387469209c0b4459abc6083f0f0a
SHA256:
20DBC26B3492FB3804F9F83CB66B36EFE6A985EAC914BB1886AA290E0324CC2B
File Size:
8.51 MB, 8508928 bytes
|
|
MD5:
ea894fcf4656513fed47b4ab31bb4d32
SHA1:
200631e93891918eb2ead84ac0ec2ee39d043e9a
SHA256:
544BB3252FC398DD98627DF39DE71760C61F80D6FE212F29B22E18630BB8E216
File Size:
9.06 MB, 9056256 bytes
|
|
MD5:
e68d0dac9adc98883729582afbdc9c35
SHA1:
bbc52846fca05fdc41a69539f3fbaf63f04b35fd
SHA256:
CBFFB1BDFC6C450E51742720CAA2163F52CA7AFC3B843A2B9AF0F63FCD3B9ACE
File Size:
7.41 MB, 7407104 bytes
|
|
MD5:
960d57014e8c4465464ad7273b9405ad
SHA1:
fb4f31c0389b9e8c96f351d0808cdd08947ac8aa
SHA256:
CC69AAA95E148F5500BC3993AFBF8A22A93EF3F4B9A776A7A8B6DEAF1508B4F4
File Size:
7.55 MB, 7552512 bytes
|
|
MD5:
42408764a64f6e68331e3e3c4bc693c9
SHA1:
11879df7e3fc52764dd45c63b54e217d45dff57f
SHA256:
9FCD2004A7DFEC811B0FFEFFA909153D34E84DC907EB807BF08DB1E3A422835F
File Size:
6.46 MB, 6464716 bytes
|
|
MD5:
ae0bc6c22f4bdb302ae78c1e512df7b9
SHA1:
18b83f2ae733b8f5352ba8b1cba8ad45b383d312
SHA256:
B59DF85D492A4F576F04BBA2ACAFC669E71393FBE7139CB4E723D6B706D6496A
File Size:
9.92 MB, 9920792 bytes
|
|
MD5:
702b2bfe23203174bc9f7ad02b12617f
SHA1:
b1d92393c9c1758d791adad8730d4349daaf2a61
SHA256:
DABD915D373DCD8E76FB1E3018282DA8C45D45EB2CCE958C3A45E86BAED1BE61
File Size:
8.04 MB, 8037888 bytes
|
|
MD5:
71a168b7c8acc1de0d1168d572f8c30a
SHA1:
6e630f46c7e9838b62775ae4bda5c429e5df7488
SHA256:
D993D0B4B7D6C99BA4DCAFE1850E3753F2469AF08FFC56067AE8607AF6BD117A
File Size:
5.89 MB, 5889790 bytes
|
|
MD5:
fbb31918f318eecf034ce91dc9f61234
SHA1:
edf1518f94548831618d8b6a1e2dfef9b8233623
SHA256:
BF7152126E8F78CA017C45E6A627125F37D7661F224F0B277267B49EE36BA76B
File Size:
8.21 MB, 8205312 bytes
|
|
MD5:
027e6240014905506c025280dcee05be
SHA1:
96abe4eb77abff5605f0ff10c59e2f4ca00da2b8
SHA256:
E70F1C8AE8F90660B7DC83877AB7DDC8486B9D049574930AFE415EAFC6DEAE64
File Size:
4.43 MB, 4431859 bytes
|
|
MD5:
4435f3742e7563c1f3e0d6fbaab53390
SHA1:
e01d8ae997b430eb11111a512d15de55c20eb4da
SHA256:
884D36CA4B30A71D875EB4FDABC9B4E6A3CD6BC808766CAC43027B204783FA3F
File Size:
6.03 MB, 6025393 bytes
|
|
MD5:
8621c35be412a40dcb719e27c9e890b9
SHA1:
1189a14473e3ba7d8abf021fcebc5ea96f377614
SHA256:
1ED54FB99544C1640C1F67FF593A43AA0B73FCFC11A9F8A252D03948DEE56522
File Size:
8.04 MB, 8044032 bytes
|
|
MD5:
9a8353fccca7b81ba8296b3350c163d5
SHA1:
e0456e2269ee63db47ad466adbc6e90f916775ee
SHA256:
1889C157DD0E59EB96718B45F7AFDC9CA2E8D34E27749673C2284C70B7946C28
File Size:
6.16 MB, 6163292 bytes
|
|
MD5:
0c96460b4ce45203fd985ca5f7e8ab5e
SHA1:
9305574d40a9128e60dee0e009d7980575eaa37b
SHA256:
7A1D511C3A0CC9A9CF441700B04A6ADEEDF65D6A94A986BFA1F949F46A8F4415
File Size:
6.58 MB, 6579971 bytes
|
|
MD5:
221506acc32c8f74c5d6c949a05dca1e
SHA1:
54075d78a72d76d92260045a894e14a0b0ba1dd1
SHA256:
86468B2E97B6ABE7C194A3DAC1112978490CB97E31F2AEF31BA94F3672928E00
File Size:
5.56 MB, 5563856 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| Comments |
Show More
|
| Company Name |
Show More
|
| File Description |
Show More
|
| File Version |
|
| Internal Name |
Show More
|
| Legal Copyright |
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
|
File Traits
- .NET
- HighEntropy
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe | Generic Read,Write Attributes |
| \device\namedpipe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsf357f.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsga592.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nslbd4b.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsne1f1.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nspb9c1.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsra709.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsud20c.tmp\nsexec.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsva331.tmp\nsexec.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\nsxa777.tmp\nsexec.dll | Generic Write,Read Attributes |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 謃㊵塀ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 瘈욟窕ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | ⳬ舜ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 泣꽢诜ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 樺鸘鎵ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | 뤖谥鐴ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | ⨔⊍鞏ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | ඳ띯騑ǜ | RegNtPreCreateKey |
| HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe | ꕮ硴ꘚǜ | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Encryption Used |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Ucshqlvm\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Hbusbzwt\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Nhnjknqy\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Loxzwzxe\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Zfxmgibt\AppData\Local\""
|
Show More
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Jtbjefbo\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Nhwzegqf\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Ogvbnwwa\AppData\Local\""
|
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Sbezglli\AppData\Local\""
|