Trojan.MSIL.Downloader.Agent.BID
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Downloader.Agent.BID |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
cb253d9e8f728a11859316c93b97de19
SHA1:
76eb28384a035c1a858a0e4f70d32709a324daff
SHA256:
1B3DE645FC0929C81D7B908213DCF715C2CB9213709D8AB3A9FE28A22B2216B9
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
55dbe616130fb84f7358b81d9c51a95d
SHA1:
fed4206bd5ac37c506efc4ca24139a16036694e5
SHA256:
EA33BFCB15B83CE2450EFF287B98BC0AED87E9FACAF8E89EEC1354EEB8E42368
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
84f34b38f77fc4c1666b7c400e83ea4e
SHA1:
a92ec1cd710b9affb30335d888e921bb0554dcc1
SHA256:
8241C442CFA4327A147E2CC36B8FE653F49FB82F3DDA31AFD7A6712AA978B879
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
382e941b24537fa18d6dab5f5793eb50
SHA1:
a6fb4aab9d2e5568055c79df5d80ad7e9b499d6d
SHA256:
BE726F116C32BE69943F2DE1BCA58516CBB768216751B90C39A6529CD53209F7
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
fc0a5a3fac0d331cec8a924085d42cc9
SHA1:
5dc1cccad10a3d7bc685dc26b36c5d60e001b125
SHA256:
7C1CEB5C745ED276AB2BFB3A9491B6CDF46049848FEAC0515DF6318D64686930
File Size:
5.63 KB, 5632 bytes
|
Show More
|
MD5:
41bb511f2d32c08b71eec417d2a95c4e
SHA1:
7450e744834a63db3e9e983b1728b4090e9dcc38
SHA256:
219ECCDBCD19357864262DA806BDB1A8CD2B130720C54A690BE580AFA62F9803
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
fd1afc7c7f1af18e16197f594cad1f09
SHA1:
f0bab7a27421e006ddeddbdeb1323a00e5018fd0
SHA256:
BC43DC4DE6949BE150D3E539B8140CF8380076C320E95B70E6E5C70F78439744
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
6e66006b01c84dca834353fd7a492dc2
SHA1:
726417ddf7d42d5986a6f4f8cadb24efd8c1832c
SHA256:
D76FD95A6946BB214B9AB61FA5728BF8A1D368A6672186DE7778FFA44910E361
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
fda0b64e3a306f330313a51fd871886f
SHA1:
5d328cec1e7e1303c1af44c2f074c95fa929df3e
SHA256:
5F02A0E94F18DD878DE8BCCEA1F64AFDD4391F823CB1F07BE8DF34E72F47D851
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
ca79db9c82c338758af04277246c2fa9
SHA1:
ae5dc1a93a5ecc2a882514a7e85d006dfe10931d
SHA256:
2B29EA66BE7FF21ACB0CB6E0E01B6606AB62A27774DFE4C24463569B25A40E39
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
42743e322ba3bc046ea794d5fa5b8bec
SHA1:
6f62163ffb2580027555c7c791d5824af87fdfd7
SHA256:
F411FA122EEED1958BAF984F793C3BFC254863DA36E2B2EE30E040EDEF2B5C96
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
357aa8e72e2b6c460ac617e68248195e
SHA1:
2ac391d06a765540dcb2a84e758602a98c824ac5
SHA256:
027A524C5268A530B29763A1AEC023252634C33874C7ED664C04CE2789FB2F65
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
c3f3870f88ae8b227b4fd4d8e5b5a103
SHA1:
8e8483720b12fe91de0b2d60c8461aef99eb6a89
SHA256:
8A141CB40B72F5E0FBA7D6D1AEBCA21A4B655A6876C64017AE1AB333C13241B3
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
aa645c64b9da28bd8b4ace879106641b
SHA1:
b6242dbcbbe9c35afee4280b6cdf2b5ff030f866
SHA256:
2B09D83B5E7FB48805F0C03CE26B854524F975152B5B1ED3DCE96CF96D0E262E
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
a125844f5eb2d27f7768a966e7133888
SHA1:
8e6b5de6ee5405ecba5e5fec8e585a5db5095d77
SHA256:
E8D40A6109E8BD415C36ACA97EE8EB86BA01E4A73749A7D4E3668BBFC03F1B6B
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
eda8d4a3a2143ef35676cb335c290322
SHA1:
03b555bcbdb1cd0427559112dfae07bd8514ad1c
SHA256:
4FA9510BF91A0526BFDE36E48323D3B82E76F5026054EFF0967035ACA0585D25
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
84c8120984fbd01aa175b5769ffce750
SHA1:
1323f10c4b3a60d8953680a8bbaf87a3819b07f1
SHA256:
F476048045C361AA85ADC2ACB0503E7107C34028A9982BD712C180DB61C4C9FD
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
3fecc3deb439ba75cd8e721ba32ee9d9
SHA1:
2100e1a899c2cccea240a35b07af03ddecc35de4
SHA256:
98089C0EC1017FBF52BC7C777942E35C14ADDC842796F90875D0D97BAB0F2343
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
7b25471969bc711438303cf4a5acb89a
SHA1:
84720b86a8b98bf951b215bf120dc425694df0bf
SHA256:
B252C8D967872C9FC14A390C40C79EEEFA50019AF381E58A77FA8EB059C5D395
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
ca65e30edaee5841fb57ad2c2f198c9a
SHA1:
065830f65f61e601ddeb347e675e95188606371f
SHA256:
8B2157F5AABB3BB49E2981E6D2DE2A5876F80F2781F1C8D09F9C85E4EBE119AA
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
5be4c808149cebd4131c17879738a3bc
SHA1:
4a0f7220a15db48816699d5c61d9e7d144de0419
SHA256:
966D06F1AC452E04DB3EEE3B2E9A8FDFD15AF2EF144912A9A931BFD376F69A3C
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
c633dcfe944a3b9eee444d4eff45c127
SHA1:
c3c874f5596d6a63b05c09abfd563d20a2a0ad6b
SHA256:
056F81C06C4406D4600E2DFE971BF8E1F09D74057325308FF46B6B9706569AE0
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
8ee249d07fc651d3eac75216177c72eb
SHA1:
fb14f73b8ccf1558280ebb7ae3d3b5796a6d8a84
SHA256:
C13946472F29A438209DACB474C3A8E224DAACF0DFF066AAB6700165BFEBEAC1
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
a87632628723e9a8fd60a9d1e87f14cf
SHA1:
d83416fef3be67ff7edc19b32c5612a8dc739dd3
SHA256:
474C30482447C0D88CFBA2754EE3F4AB5EFA2FF27A5341C666A0147D6F7E9D0F
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
4b2dd731616413891980479b3e2bb5c0
SHA1:
1e97c748f8cc56af5b93c12cfdb10c96b647f989
SHA256:
AFE06AC7EF27F2199789E0814FACA10C2F7CAB864D46E07379286FD303CB28B5
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
b3d2a327a2535e04792276a223fff420
SHA1:
37cf8ccf204acb70914edf659d37d687ad9f8339
SHA256:
7FAC4F0E4A98A19BDEAD73D5697BB8986B89E7E95C8B40503F69023C88227C43
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
47c52099b6641c62153cc993be3577ec
SHA1:
08282f33987e1db647144a93581c5f7f1806d476
SHA256:
133C8DA68B99CF79385F1D5A115561EB46B2C0422D3FD5FE099B382B7B8E8867
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
b36d924c6e1c95a188d7ef4937768011
SHA1:
c93a5a4e34f8f3acdc0100f4db2e185453b55f22
SHA256:
52239D2724D50C186CB5F5401A18810F32B8A294982188440EFE490F4D306390
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
af3b31290e24e440519f55f0c9cf5259
SHA1:
51e9b418ff3a922053cc663637da8c7d05c40e48
SHA256:
C6C7CBB3E61BF5821A08E66FD2DABDB49C2D5D45786A39C4B87E686399D011F3
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
3fdbf0109498b0e59ed549c513617fd6
SHA1:
046eb3f3421fc6acb9bd9679dc20de629b1e1d67
SHA256:
C1C77B90C3EFFE2D4397ADAA9AED8E73D35C65C6CCD5CB34B2EAE30321FF1834
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
bf31f1f293bcda81d3c3a3cd186e5930
SHA1:
db17e4e9ed37a64164f66d565feadb255695e134
SHA256:
E6DF6A683804FCD90A6C36EFACD12CEEE4A6853BF8A6C679C85EBD2368F9B8DE
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
dc38539c7faa90c75cb1732ce27b4037
SHA1:
549f6966e50ee525739552323466ab50d8d86f63
SHA256:
9FC65BE4BD38123A6A0A901E9C7D11F6AE0968602136C374192556CA57AD5AB2
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
81c48da9abb77627eba6055be56a0729
SHA1:
4aa4d7863f739dd278b4e389f02038dccc7be8ce
SHA256:
72C90756EED5F7CBC9EF4CFF817CAF7D6104FD1B22E280475F34BC87FDE4CB60
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
8d0c5fa9f4736bca1c5adc9ccac63fb0
SHA1:
c50866f7b2162926704ee1978fa13e382a1ae190
SHA256:
FF7EF6B1592FAD8763758C45EF4E4C7E33AA38977EEF3777A5280600D3E00D5F
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
2a4f5048c72a00e59281ca1be491a7dc
SHA1:
8f85bb9febd4860612d02f3b1dc4a6cdcf5b1914
SHA256:
6013FB1E6AE9D6323E9C317AEBD178170CDF08F3994E110C394823F53485989B
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
300da38bf6b95a19b3468e174972b31e
SHA1:
5408d7d2a6e59ec0e91accefb84775b07fd6f3d6
SHA256:
363853E674ED967F2669280F7208AB9A66A2B5907C1801DCB4E1E2EE21CF0834
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
16ec99a9ef5e9a43e091435198ae3d81
SHA1:
c41178d8746497c26126799c473c215a1d5743f9
SHA256:
B9450F2B2FEACD4783148CDE11E71937E9092838D2D39E55A69E6270BC2ED904
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
2ee29767fe3b4b1f7bcec300f27d1ca1
SHA1:
c2109ae1ebb4350aff63ac02930f8a2d75bbb7f1
SHA256:
D435C90D67F55CAF37F4094F2E85A465C3F19F799E2E8BD0ADE28D6619EB652E
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
3167e74144564a114af43aa4625b480a
SHA1:
18df928759dcf100724380b734d45ce820dfb8c5
SHA256:
021CB44C9A7D633348ACBBC1D4082B66940AE22CD3072EB7D3B0CA9328DB08C1
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
a7d6a84307bab0669be717ec28f1d8ec
SHA1:
5cdbcdb4445dcb471c12060e084377c3143165cc
SHA256:
0420F68C495038F438D3E38EEEE1F4A392FAC5124E84A9FA30BD075ADE28BB94
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
e89a5db671da75f7eb0f75ca95f48e8c
SHA1:
6c9878a4ef2fc64b8fdc68410ce2827756aad74e
SHA256:
157E0BD9E8835B6D3C59057CBA07E38F05D45C27E58957BA4B9C0311BAA22C77
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
5f79239d5653908d903d76109b25b195
SHA1:
6da2c0da185dbf0d4a8b5a7e504f0e26bcdef26f
SHA256:
686C294E3CA3665E4B2BA42598F3AF2AAF9AF3E85A2D5F0FAC8D4767B41F9573
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
fb4ff85f064d9db73aed7d41e0193c78
SHA1:
c1e4e6e20fc4e5079ec14c27b0a4ad017ae172b8
SHA256:
9763D2FAB231E4E5CE9A2BD6F873DB5B7EBC8CB7CF5812192014E17B489A4175
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
1734cbc583f05c53f0ea67ca6e6de0c9
SHA1:
3a0a98408131878e7f93f6de27fec47a9dd3b9b7
SHA256:
6A7BE6EF0A13F08B9E1CA28B136358ABC45E8AD09F356C4292EFAA2BC2979F13
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
4b46b6f9dea5e557429ade2095bf1bb0
SHA1:
19545fd32224fa8130d48fa8ebb1d32402152c94
SHA256:
0319A5DA230E08C8FA4F8CE00C5F43BECD691B0DD302F9E0B58F780AB0358418
File Size:
5.63 KB, 5632 bytes
|
|
MD5:
a52c993dd59e23f43a2e5b4d93a0a5e8
SHA1:
45071e6a8a53ead271dff360259fa287f4cc2262
SHA256:
7668DAA43014691239CBA0556A9A180B5A2B49D29F2C8ACD2151005943DCCCFE
File Size:
5.63 KB, 5632 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
Show More
|
| Original Filename |
Show More
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- Installer Version
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2 |
|---|---|
| Potentially Malicious Blocks: | 2 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 0 |
Visual Map
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Downloader.Agent.BID
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
