Trojan.MSIL.Downloader.Agent.BIF

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Downloader.Agent.BIF
Signature status:	Self Signed

Known Samples

MD5: 33c83f93946682aa18afebb546f81c87

SHA1: 6f87019f4211d5ed164efb584aef80093eb8fcc4

SHA256: 536F220F8DA950BD3FCC21ABCBAE6BE67219D36631CCD5419C7FC99460595B7B

File Size: 4.11 MB, 4109984 bytes

MD5: 6848396de00563ee5170f2e18d15b72a

SHA1: c061957d424ce4e169f99e63241d79fa865c0946

SHA256: 9536BA5EA7DF8818E194FA110A3B35701E770A917BAB34C9ED4ACB0008D25026

File Size: 5.63 MB, 5626312 bytes

MD5: 94cf481d42b44b85eca981d49ce47c8a

SHA1: 9a6b3adc0698699dfcfedb18ff11a3e42905c71b

SHA256: 054BE24BF1F86C4E94193A9636A89A148922CCFC97E1DB76BD05890F0CFBE69D

File Size: 5.69 MB, 5685920 bytes

MD5: d19571655a1a7a6f602c1afa2cb74f3c

SHA1: 22dd72e48da58516aca2c365f5515f8baa66b6bb

SHA256: 8B80391A9223400940D01D2826D4FFCA2CCF0B10BA598E5C8AF7BAFC2D9BA03F

File Size: 5.75 MB, 5753688 bytes

MD5: af943000dbb26c8322e34c58672d5d81

SHA1: 1efe4971f114b8c246aad2279a34713f806972cf

SHA256: 6DB4A89234CCF5BA6FBCB9319E9D50EB4B22D3E784900A95188984BF709BE213

File Size: 5.69 MB, 5685928 bytes

MD5: 6d580e091d706f512014c39a21157e82

SHA1: 07d3d2ef9f9174585c573dc7d4abe4a5ce7a2b63

SHA256: 9353F90B5F0C2961BC8FFF1606792E23F7A0DD3E02C12B7BE976A356FE5E21AB

File Size: 4.27 MB, 4273768 bytes

MD5: 3ce0f223a70ba51ca5cf9d3c70d7a879

SHA1: b8dd09e536bee940252bf03b622912a5c9fbb187

SHA256: 488B8E5A559223BB02A2B22A22D4C1913E7DBDB11203942C6FA34C1A3FE13813

File Size: 5.94 MB, 5940680 bytes

MD5: eebc288137a132de13596474e4afbadb

SHA1: d3ce63fa9344a6fd90c080e8ab77f6a4875af6b2

SHA256: D9063C473872C14E2DBA178A135C838868B0EF65DC675729E21606955A3A0E16

File Size: 3.20 MB, 3196184 bytes

MD5: 430fac6114bdf1f082a29442d6f98e68

SHA1: 5301d8091bac777a98289ab4ef6491db159d72ad

SHA256: 795F41F5FE4B3DAC068DF923A1CF03A20A5E2E3BEDE0A775A3B658488DAA9A18

File Size: 5.90 MB, 5898056 bytes

MD5: 70b7ed9706d70ad0520dba3dbeab3935

SHA1: 9afc39f9c2b036455bcdbd1f3a18429574aba798

SHA256: 949DE7F9CDCCF37A5BDC5C5FDB67F5EEBA649BC93BF580F5E58E8600EF62E348

File Size: 5.70 MB, 5697592 bytes

MD5: 6f334f0b1242b13fd0e108e74ef79709

SHA1: cfbb21677b69e5eb365d825ffec63f46fe9fa5ff

SHA256: 57AE775925CC78D25787CAF594EC683C16009AB54485FCAD08438E894F3D1D03

File Size: 4.26 MB, 4263304 bytes

MD5: 08b88cdbe94ef0f530afff0f2fde5b83

SHA1: 391e5d6827c3eb0ec2b1a158da47469c66c99e63

SHA256: 4B88C53A735F5A15A093B0CF1A5195011CC0DCDA40B8477CDFF883997A444648

File Size: 5.69 MB, 5685032 bytes

MD5: 2b4d218cde4164949535ce040db25325

SHA1: 5361a70492989024a855f16121f9570ac7ec0d38

SHA256: BA5F084FCD9151B69FFCB8E9F39860E9F28663C263F3D0536094D6B28A688F2F

File Size: 5.62 MB, 5621840 bytes

MD5: a3c9ab919c245a0bd919a165daccc180

SHA1: ee54102cebf0d4bb9fee165188e777a337c0dedb

SHA256: C8306471E79882679F5A5F2F36B1177264EB3424694F3E4D18C0709E6E74034E

File Size: 5.62 MB, 5622920 bytes

MD5: 4c8fab269f420d8089012c3ea147610d

SHA1: f676e43dee81909e1bf62afb5bb3b3332cbb0e69

SHA256: C85DF6605D95C2D95AC4A2A2E203A4575E999004C33E574CD7A0DB629AD3FAFE

File Size: 5.69 MB, 5687120 bytes

MD5: 0e4325a0da50736d6e180d21835243ed

SHA1: 31806452fb1d8acd6df54d550095e8b36075c176

SHA256: EBC00477B7D18CB5A54D892DE9F413DAA39D061C83EC34691015B7FA078CFD7E

File Size: 5.62 MB, 5622840 bytes

MD5: afa8d51ede0a98925b0a6d9e2b560056

SHA1: 32324f69c5f65911a5d8ebfa03fb02e2ec95103f

SHA256: 625C9A27B22E42EB0F3F07D4A5259E9C134FE763366AA084D828D544790DAE91

File Size: 5.74 MB, 5742848 bytes

MD5: c8ecd5ab63dc5d974bf69f5774701ef4

SHA1: 659a90daed59bad7cfdd877e23be5d386ae866f0

SHA256: 00791F7110255BD916A404071D281075EAB7F2D8E2A289E96BDED6171F55E3FF

File Size: 5.62 MB, 5622776 bytes

MD5: a922fdb0f44df8ddfa5cbd38126e0e2b

SHA1: a58554b910fe8b81385b230322abab0be823a499

SHA256: B9F43DB4816481CE2C3EBC4427C1A3B3379AB39BAA957D1F8E6D90966A98F40B

File Size: 5.66 MB, 5658696 bytes

MD5: b1fd7b65a67a2be88257926aa0a32da7

SHA1: 5c2ef2e46eda5c781c8476892434f7fa3dba4a78

SHA256: 1D68FD1ACD3B078D788FFD5851856ED628C15DCCCE92E4C71C752415D037163C

File Size: 5.64 MB, 5637392 bytes

MD5: 0ca48ccf4d7b77baa1ced8c061e5448e

SHA1: 0027ef7d6c67118de84c209598682d8d11359379

SHA256: 99B4D2343BF48D8BFC5D433822EFE867966C46F8DDC1B0307B73412C822D0356

File Size: 5.64 MB, 5640696 bytes

MD5: f8aff363fffde85b69b87deed2acb6a0

SHA1: 9de0effd0739dd034d0484abb0e51e1241c23cee

SHA256: 6DE41DDF708B3FAC4702D915FC7C542E56C5E254016FEC351EBBEB8E8E1AAB54

File Size: 5.62 MB, 5621304 bytes

MD5: 7fafd53aa81cd52beb6f899539ae55b6

SHA1: 139744ab6a6fde8388ba5f95da25a1de3bf3f663

SHA256: 19CB9B648166100E859393F084A0E2281A76C503BAC66443F31EAD4297EC92EA

File Size: 5.64 MB, 5642840 bytes

MD5: f7ff848fcf7fd6620991a43f7813f828

SHA1: 044c3fe02f833d52b6c8133b26c1cc91dbe70e80

SHA256: 33F7A255E28B1E25014C201B34BD01BE5F9EC6EDD6D4C0301E1B35B2B7E148F3

File Size: 5.62 MB, 5622032 bytes

MD5: 6a4ee8633d48934142cd002a034e8eb7

SHA1: 375335fb1bb428b5002b165008e525b910b4ade6

SHA256: 9B82CF8A125B462835EE604D6FEB3DEAD4C94BCBC29092B014D61C09072F6E21

File Size: 4.29 MB, 4286624 bytes

MD5: 417379859a4a91dfada1de3450916c90

SHA1: 1f8ec58cc975ed9e99e595b2dfea72ec9cf620f8

SHA256: 1F13E150E71ACA45E080253EBA19C3F33BEF5665433F8AC08A86E48387E90BAA

File Size: 4.29 MB, 4294024 bytes

MD5: 1c8927122932524f5c3e49527eebb98f

SHA1: cfba1f617841e4c43a3c1078340857a3d9630a96

SHA256: AAD611728366604D8F411F94FB2D0E7784D51B66321C2940FC91265A738EAE47

File Size: 5.64 MB, 5643000 bytes

MD5: 8dd02ed45a7f455bcb76a444a529a4aa

SHA1: 5848a889cdcc3fc3b4c8e2a320d6ff4e612b3023

SHA256: 0877CA62A7943C40EAE894FB6C7E27463B558181C881DAAE39361CF67FB94917

File Size: 5.68 MB, 5675592 bytes

MD5: 7b714d5a1403e831e1cffa3f56b40766

SHA1: bdfbba4dc4098b67101cc2c5960b2a185f9cbe80

SHA256: 356DA2E8F30A23822C6E3339DF12ECE2CD0F789F9CB1F0319641DF1A103D0EE3

File Size: 5.62 MB, 5622112 bytes

MD5: 8c1c6e7cf27ee8e1eeb648c3679bb44f

SHA1: 65008ca9d54e93a9fcad46cc276df3bde025930b

SHA256: A822AB1CBEF3E4E84B3311FFE1041136E3DE6422C71527959D6F3D7FBF6DABD2

File Size: 5.86 MB, 5861008 bytes

MD5: a47efc3af0bb83c04a8c3e1168c9061b

SHA1: a824d370c3c777aa7c2bb7fdea7abab515fa2764

SHA256: 1B63F97A0F1ECC04A1BAB7E1484C9A4262A0195305085F8429289C01E2945C58

File Size: 5.62 MB, 5621336 bytes

MD5: 04a5354efb14f139afc9d72e4256471e

SHA1: 35148c8dcf39ca7b522a927ca17967939baf7c7c

SHA256: CBF9034EBF2B97C1039820127E442846E7F414ED1322EED9294D6FE3EBB05603

File Size: 5.68 MB, 5676456 bytes

MD5: ee60c659c2e0e9a402315c46f6d8a66b

SHA1: edc595b95b840e69146d7c9c48f0417c2afa0b9a

SHA256: C0A1572B0251B0F3D51ED3FE93A869A3611F810A99BC3B826A3170176E646B21

File Size: 4.30 MB, 4298320 bytes

MD5: fc38b558ccdd25b906c0ed7245553077

SHA1: b17c3b3cd1b851db92d30e51088b12e99e7b3858

SHA256: 379F9E69090CFC6A4C55894F06CEBEDEA13693431B96CEBD7B9FB700C83096AF

File Size: 5.65 MB, 5649728 bytes

MD5: e66fe2de0f04588dd46b7cb4d52d0467

SHA1: 14a2bcfee196bb5e2edfebf5da779f8882967473

SHA256: F2335FB6095CA224762D047E4A41BCD057641E6FFE23D70EB3A9A602BCBD9ABC

File Size: 5.67 MB, 5674000 bytes

MD5: 834962a2de46bb943320e6592bf9d22d

SHA1: e5819584fb96aa7b0a464d4da6a1444fcb13a36b

SHA256: 67C2412336B3886121649210E739F85D9224CFA03C03C7CED2F53ED9D85A0D52

File Size: 4.21 MB, 4211080 bytes

MD5: 4641f9dcf5052d665271ea9b6adf9dcd

SHA1: ca8b5588df46df47f51f7ed7aada7ff7c090f986

SHA256: CDFB54ABE6C4896C4108DFB41DA0BC2056133AA62403C8CE47BADCBBFE147D17

File Size: 4.29 MB, 4290440 bytes

MD5: 9a6d1f0541f17467979d1202f821d3f6

SHA1: ec688a295d7c0b6429248f81c3aff2860e8a5238

SHA256: C2CBF87302F9D9CB442740FBCF0981EB65B548524AF56C56DDD8BFBD3DE89972

File Size: 5.62 MB, 5620848 bytes

MD5: 7903c460be243f93e8bcebc6d8f1c747

SHA1: 3a4ae2a2689db4dc68621be8da4b40824838f408

SHA256: 872A14AFEA5A735A425961CC9625DE7A7E87F1AE369309DDFAA8B75CCEA7EBFF

File Size: 5.96 MB, 5964960 bytes

MD5: b273dd5d77ca3f93339758bd667d406e

SHA1: cf2f2d3d12b10338200356eb77cd755118c69513

SHA256: 99AD467E25472ABB0B1A2B26FC158456440866D17C4E98875A7EB1FBAFF2EC28

File Size: 4.72 MB, 4723872 bytes

MD5: 093d0bbed86a0eb8669321a5c8e15c3d

SHA1: 7f1da2647df310e274a9298b9d6df84bae93fb9b

SHA256: 82443FC65B71BA989807163DD1F384997A86CA164A40E2E21CCF253CB529BC11

File Size: 5.65 MB, 5651424 bytes

MD5: 4d0605bbf5bbf5a1cd0ca10dbdc01e10

SHA1: 6adc9fa195bc9584ae7221a9d30ef24a95f5a989

SHA256: 63A0575F47FD4220E8791C1D4DC9D514FCCE311DB3827F5FE91A8DCEA513B327

File Size: 5.63 MB, 5628560 bytes

MD5: fb364b0fdaee183cc43cfd84eaa56538

SHA1: fd62c888ec34e87147d7a6fc136e3e1ed362b106

SHA256: DE02060BB225D13093CDCA9DF873967FB7188171A303F744B524E3F4CC965846

File Size: 5.62 MB, 5621848 bytes

MD5: 5295f543976e1c34f4c9ba1b33949831

SHA1: 83e7e8d8928de730c37f81451c5d14befd59aeb8

SHA256: E6908DB3826245460F08DB9BA1AE1355380ECF6F301BAC0BB5DAAC0B82AB9602

File Size: 5.62 MB, 5621472 bytes

MD5: fa1f3de00783452371be6af7c59c49ab

SHA1: 821e0737d95a8e670f44c0151834af0ae33d6699

SHA256: 7980329CC3F6E14620A3FA8F10AD75BB2AA68F1B01B71EA0E2C86ED3E99FEA3A

File Size: 5.65 MB, 5646424 bytes

MD5: ed5c79b0cc711ce66146602c7ab63051

SHA1: ff8577eaa4324b53a54afe6599d1ef2fd0f19e22

SHA256: 25C80A802BFDC70A9FB11FE63C439FC3CA80E4C1AB17083E37C87BA4CEACFF56

File Size: 5.67 MB, 5666824 bytes

MD5: 2db2a79017862887cf3df61a7f499e4c

SHA1: 4bb9391a87920d90e99ab50a35c1cb325c53593c

SHA256: F2D41B78008136C7107BB5CFC8B61E5BDF63F73BBD67C52EF5D25311A746947E

File Size: 5.67 MB, 5672168 bytes

MD5: 66e386b46db69090f930d4a5dd2211e0

SHA1: 803b48b9dc8249224e2b812226a46fda3e9156b6

SHA256: 200395FC9B829802EC7D7E7D781BF800571AABAE65ED7A9130D581688ECD9B0B

File Size: 3.33 MB, 3327120 bytes

MD5: 117e33918ba4666884ed207719eac994

SHA1: 1fe22f243d1ae9efe8427ab96c4c4140e3371cb2

SHA256: 877AACF902A7542E41151C5B02BD85581F33B793AC88DEB5E9806A5A7D8C620B

File Size: 5.63 MB, 5628584 bytes

MD5: 75ab8adf6ea9b6978527d676d9ac69d5

SHA1: 399e57c8ef5e21a093c84b5342c89a03d763ebfd

SHA256: 9C3BB785678AF0A5393B1FDE3DBC2DC84E8BFC90EF0C33C044445E3A3630004B

File Size: 4.51 MB, 4514696 bytes

MD5: 618b39e771f0fe40a4fa552f2d60ab3e

SHA1: 2dfaa8443dd781fe2c76a6a2de23699b1405788c

SHA256: 2F28390C171EAFA1A0980F3C8861ADAE423F33562A7534E19F9EEE3D7B2DFE24

File Size: 4.15 MB, 4151968 bytes

MD5: 9ba37071828f94eb718a6e1da98b2bf9

SHA1: 451e69c345c72e2c7e982ebd13f759e612b1fb24

SHA256: ED7198C1F73E79ABEA054EA480BE8017B97F7518A6C62DAC6ED3C9B12BE61432

File Size: 5.62 MB, 5622472 bytes

MD5: 0e28bc2ed201ba4c4af9eb79c5c76d91

SHA1: aad6b44a9d27edeae2ba49d344c0cf025087e4fc

SHA256: 2F18ACDD28BAF4923DE1416FF45ECB6280C739CF44669860B5B39192FCC96EBC

File Size: 5.64 MB, 5641848 bytes

MD5: ce82b39fefed9a809a73e30174197229

SHA1: c4ef27624f280ba85e7f55dd667126fe976d20be

SHA256: EBCA4461D64CF29D713819AAED32440F4F702FC4069960AFFC768E33D5FBA015

File Size: 4.28 MB, 4282528 bytes

MD5: 8a3744d61365a7dc189ed846b8a0cb70

SHA1: 105f4b97a67c2cf6f8bc86b60a34e5c42bbc9c84

SHA256: 233D63A704EBB620EFF1DF0816651284A0CD6FEC3820D7E36EA735D3B8AD09B8

File Size: 5.64 MB, 5638408 bytes

MD5: e5dd493785babba26f6e7bf9eb056b4b

SHA1: 89c40e24accc80397577779638787a07832709ae

SHA256: D89004EDD17C457AACECBFF9218CC77C6786A135E434381F39A43C9AD0E178E7

File Size: 5.66 MB, 5657304 bytes

MD5: 13625337b92a7b9d87eff8d4562dfc73

SHA1: b054fecd9e9cd5a04a8150ddced6faa9dad679d4

SHA256: 2CC52085698C6FA96EFBFD91F17C1295FF353F474695643FFB2D7C2253CC2A50

File Size: 5.74 MB, 5741760 bytes

MD5: 944c638fa9e3de7ee03440e842c56484

SHA1: e54c64d999fffe22b1d3b5f7380fe3dd51c418d4

SHA256: 410322D342BFFF6783E284DB378D990CF4592F0BBB5724C05E8100E8F5EC61DF

File Size: 5.64 MB, 5641064 bytes

MD5: aa004cdb57ee4a2c78d3054896e73770

SHA1: b35df7d6f7b057dab38b55f299938b9629aedada

SHA256: E94BABC5C10AF3AA3A464C1659385CEC5B511AC3E2E540AF3DD3EADABBFBB6CD

File Size: 4.27 MB, 4273768 bytes

MD5: ead18b4c05187abf18810223fc998fd9

SHA1: 895d0aa755f0639a07d111b46fdb2f1ee32d8e7a

SHA256: 8268A2D8D870433E1BA94EEBD8153023ACF72DB3A04242F797F7969F041E3B97

File Size: 4.51 MB, 4514696 bytes

MD5: affa9dec1eec688d0434652d3f4139a1

SHA1: 902d873382000eb6a6090ba86a049deea18f7f66

SHA256: 56ABF1046837750C6BA71EFB15D1FB20A577FB7668547793E7918253EA1E7926

File Size: 4.23 MB, 4233096 bytes

MD5: 94c273797ed2dc9958d388d03540088b

SHA1: fb3bbcc69c6f0a9c45d08ec1263e4e81064e4c38

SHA256: F948A61925363C1010FE9EF57184147A9ACEC8039AFA5E5E806AD5090F44B0A7

File Size: 5.62 MB, 5620664 bytes

MD5: 979a8af92121adbbe1b95197d3ba9fb6

SHA1: 00124f1856a53ca546a0bf7ca47340e22b881ddc

SHA256: DC7E146AAFFA88C2A2ED541BDC67A382051784A5A764FA114A12242EC8DFAC9E

File Size: 5.64 MB, 5641472 bytes

MD5: 5e68c03aaa9f0c693ee7df9b3e2b65e6

SHA1: 53b879ac2124be1a7582cca30ee5f4a19d9df26d

SHA256: CA0D2B9679EA2854EC24AD636B2D98667FF7C4CA2D2397AA76853A139E0011C3

File Size: 3.29 MB, 3294352 bytes

MD5: 995569c5796364d024d433d4d0ab889a

SHA1: c242559503efe0ab5cfee6b60f6d1d87d498657e

SHA256: FEE59CDF52CB428D857D650CC1BFABAF56C6A2C8D8693F641C827C201D470770

File Size: 3.10 MB, 3103000 bytes

MD5: 3c40656416d4aef778b928c1ba733e6e

SHA1: e7723dae0f3754a6411613c978bc636564ddf860

SHA256: 3BF84DAA1A05BDB4CBBE4917EB2C2958529FB30E7CC3EDDAB696899AA17BD29D

File Size: 5.62 MB, 5623304 bytes

MD5: e84a8e0e9c554afa3c06175dfa7a2457

SHA1: d4c151e68494826ef58dec22a83c521977e9f2e3

SHA256: B428CFF3C43B71879B182FD3CB2253A6C22021F4DFC787DEB39A4647CD007E2E

File Size: 5.62 MB, 5622320 bytes

MD5: df130f26dbea442e736feb815af0a893

SHA1: 5267cf82c7d6bf6cfb7fe18a3acbae48da9c747e

SHA256: 0D194808F0DEAA05AC560B1D3EC339609A66C4181DEA6A56960199E9D6FC5F50

File Size: 5.90 MB, 5897608 bytes

MD5: 5293c94bcfd767bd88c207ab733deb3c

SHA1: bb19d49a9363f90e362c1d2bd164083bc29b72ee

SHA256: D96532F7D90F8B8A5D29EF7804658BE8B595D664370B2BE22EA49F2574EF5E81

File Size: 5.65 MB, 5650136 bytes

MD5: a3bfd1fc10dd31bfa61a3e3676c1ffb7

SHA1: 94bad920ac3dfe68e6ede2ef1cb96c13c8aacc39

SHA256: 44BA4692041BF139961CCC5F829111CC4BB7DB32E8616630BF561A71256A84F7

File Size: 5.67 MB, 5670624 bytes

MD5: 2c59e74c7e51e7ba6f598af9c43d360a

SHA1: 7ea098003d1398a168be6f6745d7356ea9d22584

SHA256: 7F65CB064914EC56DD127FD69B466C714F37063D27598E435A74123B4AF5142F

File Size: 5.93 MB, 5934984 bytes

MD5: b09e92a3107e9d17c5bff37535f3dc6e

SHA1: 220ee65e48dc7e71ab2bd337156cff755d9724b9

SHA256: 96382DE18F41533A9EF28EEE1535B313E67403D8A421AA2780F45C1AB9FF6096

File Size: 5.62 MB, 5622112 bytes

MD5: c39b4f5bf9107824fa835ab9316ec979

SHA1: 2b5429dbd5ce89f8d04f20b783e072ff363a13bb

SHA256: 25B3B858AA337A8E7BAFEB845E78BF062F3CD1F1D5AA097F4F4BF98624BC5B14

File Size: 5.65 MB, 5651896 bytes

MD5: 870642a3464ee91426dc89057b8aa8ce

SHA1: 010db7c4befdf53f9bf7bf43a8bda6d9dd490f83

SHA256: B5373C8FE8C179189459B0CE60FD05644D9672DC9361352E224B68B35900F144

File Size: 5.91 MB, 5907096 bytes

MD5: e11c02e59f1b5f54ef76de15728f6b5f

SHA1: 8cec9e0231f13b712c466d164fc424db90cdf6e7

SHA256: 30A35B2479E7648FBB2480263C38AC7E254C33C207703575C92346A6047DA981

File Size: 5.91 MB, 5907056 bytes

MD5: fb4d244ff6f3a3ee01041c3c2a3656b6

SHA1: e23880d3478aaaa35d5fd59c350c373faf05c50a

SHA256: E460524882E7E5121FE548A71FF071AA67E8F6E5C63CBDE1FC5FAB11933D5860

File Size: 5.66 MB, 5662048 bytes

MD5: adff72287e58cb46a31a1501d21db7ba

SHA1: ec39f8e34e921a265e2b85c70441122d2ebb7d17

SHA256: B1B6837DABE547E58A4B71F3CC71DCBB65250DA9D33F445E4625AAF88628245C

File Size: 5.62 MB, 5623112 bytes

MD5: ff4f97214b0c42f0f5cfdd7c75b188c9

SHA1: 29fc7fd0223bbfa022033b292c677479f10f6120

SHA256: 3D5B45ED44D9ACCF13402F8B2C8EEAB916A55743C4DC45E98CAFB6A0204F5DEC

File Size: 5.62 MB, 5621752 bytes

MD5: b21d50f8f6498babc62428e3b0f0f5be

SHA1: 623af88fff5f7edcb8359177ebd6813b720ff65f

SHA256: 2DE08D07F23DA55BC362B3295489A8069F9F612B35F2AB648F183996346FE27B

File Size: 5.79 MB, 5792496 bytes

MD5: 4a0742b4d71b2069a147d9d205f95ea1

SHA1: 4ca4fab6c3e26771a3aad0e7a0237d42673df7bf

SHA256: 5090012CAC0BD4DEC4D7676D7D09917B5B4835E313B0DBECAC886F2286134F56

File Size: 5.62 MB, 5622072 bytes

MD5: 8a584675630f9d98f5ac7762e870ce28

SHA1: e294a809e294e321c30af41ff84ce6d230352362

SHA256: B5E6696F75EA88297C3F3E9E30869302AFD5C8BCC65E23264049BD8AF012122D

File Size: 5.62 MB, 5623280 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer	Root	Status
ConnectWise, LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Connectwise, LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed

File Traits

.NET
HighEntropy
Installer Version
x86

Block Information

Total Blocks:	2,872
Potentially Malicious Blocks:	94
Whitelisted Blocks:	2,778
Unknown Blocks:	0

Visual Map

x x 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 1 1 1 1 2 0 x x 0 0 0 0 0 x x 0 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 2 2 0 3 1 1 0 0 1 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 2 2 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 x x 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 0 0 1 x x 0 0 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x x x x 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 0 x x 0 0 0 x x 0 x x x 0 0 x 0 0 0 x 0 0 x 0 0 0 0 x 0 0 1 0 x x x 2 0 1 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 x 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 2 2 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

DarkKomet.PA
Darkkomet.PB

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\screenconnect\086c68cd2c2882f9\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\1123f5e8e6ab7d8d\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\22a11d41ab7854e7\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.6.9056\3a4594764213d345\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\066a2f1694266d0d\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\1ba9bf5e7476c80f\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\2a7e4f0996e23767\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\4d0f1b38e19d2c48\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\4dc9db0f6661745b\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\52b09823c1b37070\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\7c41f55caa0cc376\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\7d1a8d496393719d\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\8665d702f0977c9c\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\aa5e0bf102fc004c\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\c1bd387feb70909d\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\e2272707dac5222f\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\e286d09c7f84f168\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\e9736d81e38965d1\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\e9f0bd0c64aaefc8\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.3.7.9067\eb8eec7114d767d2\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\0046e1ff988ab9f2\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\246e9504ea578251\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\86be238495a9ec95\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\87c123c86dff6583\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\95cde49c995cbf43\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\b2e57648185de99a\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\24.4.4.9118\e7970329fde2a8cd\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.10.9197\228d2831dfec8071\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.10.9197\62804beda79836f5\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.10.9197\69ecb13558bf255f\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.1.10.9197\9d4fe29fbf9818ec\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.3.9216\e5c48917633d9873\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\285039e220a2d84e\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\802ef1280ecd7e88\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\82c53bec26ef9bc9\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\850cb308352bf66c\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\c6e2d3ff30efaa3e\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\d04d96957874ccf0\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\db4078493b964cd5\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\f54e48458ed500f5\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.2.4.9229\f5f7bf627c433fe5\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.1.9245\ce168f0596b824e1\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.2.9271\a71e7e498e2efa3d\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.4.9288\21f724ee8ad866ec\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.3.8.9294\17f04952aa6a4a50\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.4.16.9293\3e1fda6bc2bef6b1\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.4.3.9287\1a5d6cc5d5f07e3e\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\25.4.3.9287\7b3c04acb8b88391\screenconnect.clientsetup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\2cf33bceb71216e9\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\301bb983ef1ce688\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\4d6b605e63455d5f\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\57cadb8d38dfe5dd\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\7cf054d651808158\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\89a7436dabd72315\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\9309e50f7531bcce\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\ad7cfea92c8da348\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\b352d688036f4929\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\cf3dfc0d8da977ad\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\cfe135958d56fabd\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenconnect\ea5a0b00b2e6489b\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges
Process Manipulation Evasion	ReadProcessMemory

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Downloader.Agent.BIF

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.WaveMax Sound Editor

Trojan.Kryptik.JUD

Trojan.Agent.MBD

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen