Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Clicker.Gen.B

Trojan.MSIL.Clicker.Gen.B

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 15,235
Threat Level: 80 % (High)
Infected Computers: 10
First Seen: December 17, 2025
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Clicker.Gen.B
Signature status: No Signature

Known Samples

MD5: 6eb78b320ab20f634cdf70b5c95acfa2
SHA1: 8dae83d886f04dfd85f737ebe5eea4daf2f2d4e1
SHA256: 1D6D0742956AB2296618A440873B1012A2F01F9190A8D410A0CCB79B742B8AEC
File Size: 8.04 MB, 8044968 bytes
MD5: 6d3ee1e813ce8abd6d84a0980e0ae888
SHA1: f913f10b9d14bc82517e0ec0438845953ff0d0ba
SHA256: 83EA0716406712D67D7E1863F125A338B10E827B2A70381805E06FCA69A37EA5
File Size: 6.60 MB, 6600364 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description
  • modulated salespersons Mellen modulated Mellen synods coursing Honshu nonfatal tijuana Demobilized Cnet modulated modulated salespersons Mellen modulated Mellen synods coursing Honshu nonfatal tijuana Demobilized Cnet modulated modulated salespersons Mellen modulated Mellen synods coursing Honshu nonfatal tijuana Demobilized Cnet modulated modulated salespersons Mellen modulated Mellen synods coursing Honshu nonfatal tijuana Demobilized Cnet modulated
  • weimer weimer lebensraum Mccray Spankings coordinate Spankings weimer Druthers Transferable Druthers weimer weimer lebensraum Mccray Spankings coordinate Spankings weimer Druthers Transferable Druthers weimer weimer lebensraum Mccray Spankings coordinate Spankings weimer Druthers Transferable Druthers weimer weimer lebensraum Mccray Spankings coordinate Spankings weimer Druthers Transferable Druthers
File Version
  • 4.6.3.69
  • 3.2.7.72
Legal Copyright
  • Demobilized
  • Grant
Original Filename
  • Demobilized
  • Grant
Product Name
  • Demobilized
  • Grant
Product Version
  • 4.6.3.69
  • 3.2.7.72

File Traits

  • .NET
  • HighEntropy
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha803.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa9c8.tmp\nsexec.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⅒딥軻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 墯꟟韬ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Vgtitnbx\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Xjgepybn\AppData\Local\""

Trending

Most Viewed

Loading...