Threat Database Trojans Trojan.MSIL.Downloader.BWC

Trojan.MSIL.Downloader.BWC

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Downloader.BWC
Signature status: No Signature

Known Samples

MD5: 4cc61e3edf915491903d8d5c1a00a006
SHA1: 40178649ac3caaffabf00961271b3c03fa4485e7
SHA256: 7C953DCAF7CBCAC144EB667965D068FFE6CB3530E1ED7031A5AEB59EC1E97A09
File Size: 66.05 KB, 66048 bytes
MD5: c349676a9ce48e0f184efae1db43bb7e
SHA1: c10d52e53ff4ad171afafe739dcc9b18e2db9c0f
SHA256: C5498081B6CF1AABEB5DD17F810C16FD032EE4EBE2419EB5CC63C2C98D614EE8
File Size: 7.46 MB, 7455232 bytes
MD5: a01f04a55d008fdd7004780e55650c61
SHA1: 340d989f5cf0907b696f4e54cef64e44f47fb668
SHA256: 7704B1653279055ECEAD23242B01918F611869E20080B7587802862EA7EE6529
File Size: 8.64 MB, 8642048 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version
  • 3.0.0.0
  • 1.0.0.0
Comments
  • Dynamic extension that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network. Dynamic extension that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network. jufa_4195 Dynamic extension that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network.
  • Innovative platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network. Innovative platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network. jufaj_2169 Innovative platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network.
Company Name
  • Dynamic extension that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network.
  • Innovative platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network.
File Description
  • ixeyu_7899
  • ixe_6110
  • SolaraUpdaterV3
File Version
  • 3.0.0.0
  • 1.0.0.0
Internal Name
  • jufaj_2169.exe
  • jufa_4195.exe
  • SolaraUpdaterV3.exe
Legal Copyright
  • Copyright © 2024
  • Copyright © 2025
Original Filename
  • jufaj_2169.exe
  • jufa_4195.exe
  • SolaraUpdaterV3.exe
Product Name
  • ixeyu_7899
  • ixe_6110
  • SolaraUpdaterV3
Product Version
  • 3.0.0.0
  • 1.0.0.0

File Traits

  • .NET
  • HighEntropy
  • x86

Block Information

Total Blocks: 135
Potentially Malicious Blocks: 39
Whitelisted Blocks: 68
Unknown Blocks: 28

Visual Map

x ? x x x 0 0 0 0 ? ? ? 0 x 0 0 ? x 0 ? ? 0 0 ? 0 0 x x 0 0 0 0 x 0 ? ? 0 x 0 0 0 ? 0 0 0 0 0 x 0 0 0 x 0 0 0 x 0 0 0 0 0 0 ? ? ? 0 x x 0 0 ? x 0 ? ? 0 0 ? x x x 0 0 x 0 ? 0 0 0 x 0 x 0 0 0 x x x 0 0 ? x 0 0 x ? 0 0 ? x 0 x 0 ? ? ? 0 0 x x ? x x x 0 0 x x x x x ? 0 ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...