Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Downloader.Agent.IU

Trojan.MSIL.Downloader.Agent.IU

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 20,836
Threat Level: 80 % (High)
Infected Computers: 322
First Seen: June 28, 2022
Last Seen: March 12, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Downloader.Agent.IU
Signature status: Self Signed

Known Samples

MD5: ed95959996160b58777179a79897b14c
SHA1: cf530e913572d2f7e91f17f180909f66f23626ba
SHA256: 689ED34C6427DD409759C5C05765FB1C3206BA82CD08639B527CE09F16C08A83
File Size: 3.02 MB, 3017696 bytes
MD5: c6857e0a4d4e40145313521e395a322e
SHA1: a286bc8f5065185efb39b4e4a44629a544d123c0
SHA256: F242A989DFB0E19BDE00207A18B2606CA4AA50EECA3EB7A798DEE809A2D322A7
File Size: 2.74 MB, 2742752 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.3.0.0
  • 1.1.0.0
Comments iCloud Bypass A5 Device One Click (No Arduino)
Company Name Skynet
File Description Skynet A5 Tool
File Version
  • 1.3.0.0
  • 1.1.0.0
Internal Name skynetA5.exe
Legal Copyright Copyright © 2025
Legal Trademarks Skynet
Original Filename skynetA5.exe
Product Name skynetA5
Product Version
  • 1.3.0.0
  • 1.1.0.0

Digital Signatures

Signer Root Status
skynet-tool.com skynet-tool.com Self Signed

File Traits

  • .NET
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 1,231
Potentially Malicious Blocks: 12
Whitelisted Blocks: 946
Unknown Blocks: 273

Visual Map

x 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 ? ? ? 0 ? x 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 0 ? ? ? 0 0 0 ? ? ? 0 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 0 x ? 0 ? ? ? 0 0 0 0 ? ? 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 x 0 ? ? ? ? ? 0 0 x ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 0 ? ? ? ? 0 ? ? ? 0 0 ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 ? 0 ? 0 0 ? ? 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 ? ? 0 0 ? 0 ? 0 0 0 0 ? ? x 0 ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 ? ? 0 ? 0 0 0 ? 0 ? ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 x 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 ? 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? ? ? 0 ? 0 0 ? 0 0 0 0 ? ? ? ? 0 0 ? 0 0 x 0 0 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...