Threat Database Trojans Trojan.MSIL.Downloader.AH

Trojan.MSIL.Downloader.AH

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,458
Threat Level: 80 % (High)
Infected Computers: 635
First Seen: January 8, 2022
Last Seen: April 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Downloader.AH
Signature status: No Signature

Known Samples

MD5: a6c0ef06c8f8d56f6908dfa8d399d6ce
SHA1: 0b28a417c6cf3284ace5d88bc86b8b745a1ed69d
SHA256: 436CE8B5CCA592CEE1D0B7D047BBF5ADB0C220C34564F1451CA13E536ABEA0F2
File Size: 4.00 MB, 3997696 bytes
MD5: 327ce9c6295187e9fb371de5365bd284
SHA1: 95fb3b4dc1fa0d5a3090b1be18c9b591e95738d7
SHA256: C6157F7115F660ECAF4B7D2333D03430D1120467720C1C88DBE075395D6436B6
File Size: 3.99 MB, 3987968 bytes
MD5: a2d3510db575fa830c93fb5934ca070a
SHA1: e0071ca4112aeead4e272073e900feb04bd47866
SHA256: 6A0ADA7CFA60DDDC86349852ED846787F5F11D0278CFE4B01D8C4E3708D4516A
File Size: 4.13 MB, 4127744 bytes
MD5: 5e924d4ad826c51d311832c9addcb164
SHA1: 0eade0b8cb3b498a61b12deef8cb03dc7d658b74
SHA256: 831792DC74A41EE23E4BB6003C0854366BC40FC51148534B66042EEDEF72B80E
File Size: 4.12 MB, 4119552 bytes
MD5: 58a20cd5c3fe337a9f66ab64d1e590db
SHA1: 77da4bddfeae1d2ebb3ee578b12be02a6bb82d84
SHA256: E92FE1C0802B0A37B7F88ACBB66947542D42E1FFB255DE7742EAF7FDEF3ABCDA
File Size: 2.77 MB, 2772992 bytes
Show More
MD5: f6d522fce022d0d215417d4a39b0c74d
SHA1: 0affa354b17458412803cd83f3283797b05169c3
SHA256: B06D9286584D6ECA7292C1EB2963223F7CD4DAB330B5393955DA1F049E1F175C
File Size: 4.16 MB, 4157952 bytes
MD5: 5a962163f3a2ed4e602747dea44d636d
SHA1: 577bdd7514b32741735c6dee4da5240767b8447d
SHA256: 6D869B053F4E507EE9988DE74AA0A9664FDCFEFF455B5566009A54540C8E109C
File Size: 4.22 MB, 4216832 bytes
MD5: 0f91f22a4c7f24b5734ac545271443a1
SHA1: ab2e6937bf404be6bed05cb379858b7a3a76af2a
SHA256: C0FD2DAC89A761F8C673557F7E1362BDDBBDA01CC3A0D60B82CC0B61089EEF98
File Size: 4.20 MB, 4204544 bytes
MD5: d96b388668fce1013798c3c132fac93a
SHA1: 406db4e6512caee454d20a7358435a1dc06e0d9e
SHA256: 15D091B9B7FFCB081BBBDF57C8C053D1FB05314E8DFC2D0CCD94335BF79EF780
File Size: 4.16 MB, 4162048 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 4.0.29.6
  • 4.0.29.2
  • 4.0.28.8
  • 4.0.28.3
  • 4.0.28.0
  • 4.0.27.7
  • 4.0.26.1
  • 4.0.25.3
  • 4.0.23.6
Comments A software designed to repair Android smartphones
Company Name Family Guerra Software Company
File Description
  • Guerratool
  • Themagictool
File Version
  • 4.0.29.6
  • 4.0.29.2
  • 4.0.28.8
  • 4.0.28.3
  • 4.0.28.0
  • 4.0.27.7
  • 4.0.26.1
  • 4.0.25.3
  • 4.0.23.6
Internal Name
  • Guerratool.exe
  • Themagictool.exe
Legal Copyright
  • Copyright © 2024
  • Copyright © 2024
Original Filename
  • Guerratool.exe
  • Themagictool.exe
Product Name
  • Guerratool
  • Themagictool
Product Version
  • 4.0.29.6
  • 4.0.29.2
  • 4.0.28.8
  • 4.0.28.3
  • 4.0.28.0
  • 4.0.27.7
  • 4.0.26.1
  • 4.0.25.3
  • 4.0.23.6

File Traits

  • .NET
  • HighEntropy
  • ntdll
  • RijndaelManaged
  • x86

Block Information

Total Blocks: 11,968
Potentially Malicious Blocks: 314
Whitelisted Blocks: 6,899
Unknown Blocks: 4,755

Visual Map

0 0 0 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? x x 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? x 0 0 ? ? ? ? ? ? ? ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 x 0 0 0 ? ? ? ? ? 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 x ? 0 ? 0 ? 0 0 0 ? ? 0 ? 0 0 ? ? x ? ? 0 0 0 0 0 x 0 0 0 ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? ? 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? 0 ? ? ? 0 ? 0 0 ? 0 ? 0 0 ? ? 0 0 ? ? 0 ? 0 ? 0 0 ? ? 0 0 ? ? x ? ? x ? 0 x ? ? 0 0 ? ? 0 0 ? 0 0 ? 0 0 0 0 ? x ? 0 0 0 ? 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 0 ? 0 ? 0 x 0 0 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? x ? x 0 x ? 0 0 0 0 0 ? 0 0 ? x 0 0 0 0 ? 0 0 0 0 ? 0 ? ? ? 0 0 0 x ? 0 0 ? 0 0 x ? 0 0 ? ? x ? ? 0 ? ? 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 0 ? ? ? 0 0 ? ? 0 ? 0 ? ? 0 0 ? 0 x ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 ? 0 0 x ? ? 0 0 ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? x 0 0 ? ? 0 0 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 x ? 0 x ? 0 ? 0 0 ? ? ? 0 0 0 0 ? ? ? 0 0 0 0 0 ? 0 ? ? ? 0 0 ? 0 0 0 ? 0 ? ? ? 0 0 ? ? 0 ? ? ? 0 0 0 x 0 ? 0 0 0 x ? 0 0 ? 0 ? 0 ? ? ? ? x 0 0 0 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 x ? ? 0 0 ? 0 0 ? 0 ? 0 0 ? ? 0 ? 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 0 0 x ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 x ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? 0 0 0 0 0 ? 0 0 0 ? ? ? ? 0 ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 0 ? ? 0 ? 0 ? 0 ? ? ? 0 0 ? x ? ? ? 0 ? ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 ? ? 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? x ? ? x 0 0 ? 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 0 ? ? ? ? ? x 0 ? ? ? ? ? 0 ? ? ? 0 0 0 ? 0 0 ? ? ? 0 ? 0 ? ? 0 ? ? 0 0 ? 0 ? ? ? x 0 x ? 0 ? 0 ? 0 0 ? 0 ? 0 x ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 ? 0 0 ? ? ? 0 ? x ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? 0 0 0 0 0 ? ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? x 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 0 0 ? x 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? ? 0 0 ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 0 ? 0 0 ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? ? 0 ? ? 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 x x ? ? ? ? 0 0 ? x ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 0 ? ? ? ? 0 x ? 0 ? 0 ? 0 0 0 0 0 ? ? x 0 ? x 0 ? ? 0 ? 0 0 ? 0 ? 0 0 0 x ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? 0 0 ? ? x ? 0 x 0 ? ? ? ? ? ? ? ? x ? ? ? ? ? ? x ? ? x ? ? x ? ? x ? ? ? ? 0 ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? 0 0 x 0 0 x 0 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...