Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Clicker.CCM

Trojan.MSIL.Clicker.CCM

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,664
Threat Level: 80 % (High)
Infected Computers: 15
First Seen: December 15, 2025
Last Seen: April 28, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Clicker.CCM
Signature status: No Signature

Known Samples

MD5: a32c11d64adc0ffb947e2804ce86ece9
SHA1: 8b099bced56c0adcf663c9e58b64cd7935cdfed6
SHA256: 9AE8D144DB3B4BCC224C15A27B27007EC0CC8BC7640463A64CA05F67881C5559
File Size: 6.29 MB, 6288472 bytes
MD5: d1ebe9d94920c0cb9e64ba1f680ca922
SHA1: 8b6313d322c61f1c5a92e20ce8d72919b9c20cac
SHA256: 0FB7BDB871C05A9EB18C6BDE6788B71DF941DC14C94DDF564954D5623B3DB6C0
File Size: 6.83 MB, 6834356 bytes
MD5: f9bd67375c66058ec3b9c84ac1972437
SHA1: 1c1eed0d1acd380cd71ce1ecfebbc35ecbe6f543
SHA256: 877D368A44DAD1E7CC35200BFBB1F5BB28B1DA4EE45000737B4FC45D6FF6BA50
File Size: 5.59 MB, 5587103 bytes
MD5: 01718e23dadc9fc46aa217a9611ea69f
SHA1: 159fa848b76ad84d39f790e1433cbe90a0c00e98
SHA256: F210A5960BF5E1377EB0576AB0297644C152F24430C6F66900F3F5AFE06F0AF5
File Size: 5.55 MB, 5554952 bytes
MD5: 902231f3fc6a0066e3499aa55cf809fd
SHA1: 6d27dbd240dee55098b7b0610a1d512c21d5cf56
SHA256: 4FCEDE1A177037E000C0617EC8A06E97A5B9F0CAB6F003C6E85AD3CB733D4FC5
File Size: 6.78 MB, 6781376 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description
  • allover Fireballs Goodly milliners Kyodo tramways basmati Spoilage Fireballs allover Spoilage allover Fireballs Goodly milliners Kyodo tramways basmati Spoilage Fireballs allover Spoilage allover Fireballs Goodly milliners Kyodo tramways basmati Spoilage Fireballs allover Spoilage allover Fireballs Goodly milliners Kyodo tramways basmati Spoilage Fireballs allover Spoilage
  • floodlights Solves discharging Solves Scrubby barstow Scrubby marabou peroration timbre barstow floodlights Solves discharging Solves Scrubby barstow Scrubby marabou peroration timbre barstow floodlights Solves discharging Solves Scrubby barstow Scrubby marabou peroration timbre barstow floodlights Solves discharging Solves Scrubby barstow Scrubby marabou peroration timbre barstow
  • melissa polishers Undercut letts Empiric specious meed melissa polishers Undercut letts Empiric specious meed melissa polishers Undercut letts Empiric specious meed melissa polishers Undercut letts Empiric specious meed
  • tips apatite Kamchatka Babysit disquiet disquiet tips apatite Kamchatka Babysit disquiet disquiet tips apatite Kamchatka Babysit disquiet disquiet tips apatite Kamchatka Babysit disquiet disquiet tips apatite Kamchatka Babysit disquiet disquiet tips apatite Kamchatka Babysit disquiet disquiet tips apatite Kamchatka Babysit disquiet disquiet
  • viz Freckles Rolland Paz Statement Paz viz Freckles Rolland Paz Statement Paz viz Freckles Rolland Paz Statement Paz viz Freckles Rolland Paz Statement Paz
File Version
  • 8.8.2.137
  • 8.3.2.31
  • 3.9.5.141
  • 3.5.4.190
  • 1.3.9.54
Legal Copyright
  • 2025 Babysit
  • Bayle
  • Fireballs
  • Suazo
  • Tivoli
Original Filename
  • Babysit.exe
  • Bayle
  • Fireballs
  • Suazo
  • Tivoli
Product Name
  • Babysit
  • Bayle
  • Fireballs
  • Suazo
  • Tivoli
Product Version
  • 8.8.2.137
  • 8.3.2.31
  • 3.9.5.141
  • 3.5.4.190
  • 1.3.9.54

File Traits

  • .NET
  • HighEntropy
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg9308.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha767.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshdd53.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjb9a1.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyaa45.tmp\nsexec.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ௡椪震ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 騍ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 戱뺬ꋪǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꑔሯ꤮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 싍꨻ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Hgjteadr\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Vajrfuyj\AppData\Local\""
powershell -Command "Add-MpPreferencaC35a1aC35a1 -ExclusionPath \"C:\Users\Ieqodwvg\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Uywsnnol\AppData\Local\""
powershell -Command "Add-MpPreferencaN92a1aN92a1 -ExclusionPath \"C:\Users\Snvqddwy\AppData\Local\""

Trending

Most Viewed

Loading...