Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Downloader.FD

Trojan.MSIL.Downloader.FD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 14,551
Threat Level: 80 % (High)
Infected Computers: 790
First Seen: November 25, 2021
Last Seen: January 18, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Downloader.FD
Signature status: No Signature

Known Samples

MD5: f4adfd7fd8aecaabe06eed52260654d0
SHA1: 16852daf1c2a4cfdaadf4a8249f543b879bc70a2
SHA256: 8E0F5D724813D8B9853DA96DA3CBD681EAA6D2A7F489F9C779389C556D45C997
File Size: 584.19 KB, 584192 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.1.0.0
Comments Greeter
Company Name M_D
File Description Greeter
File Version 1.1.0.0
Internal Name Greeter.exe
Legal Copyright Copyright © 2014
Legal Trademarks VietPAL
Original Filename Greeter.exe
Product Name Greeter
Product Version 1.1.0.0

File Traits

  • .NET
  • CryptoObfus
  • HighEntropy
  • NewLateBinding
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 516
Potentially Malicious Blocks: 69
Whitelisted Blocks: 255
Unknown Blocks: 192

Visual Map

? 0 ? x ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? x ? x x x ? 0 0 0 0 0 ? ? 0 0 0 0 x 0 0 0 ? 0 ? x ? 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? 0 0 x 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? 0 x 0 0 ? 0 0 ? 0 0 0 0 x 0 0 0 x 0 x 0 x 0 x 0 0 0 x 0 x 0 x 0 x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 x ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 x 0 x ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 x 0 x 0 0 0 x 0 x 0 0 ? 0 ? 0 x 0 x 0 0 x 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 ? 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 x ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? 0 0 ? ? x ? 0 x 0 0 0 x 0 0 0 ? ? ? ? 0 ? ? ? 0 0 0 x 0 x 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 x 0 x 0 0 x 0 x 0 x 0 0 x 0 x 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 x 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 x 0 0 ? ? 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data 鐄ȴ 鲱槛峟ʏ耀氅歿浟켜ʚ꺇뺶켜ʚ꺇뺶켜ʚ꺇뺶켜ʚ릵犱洎ʫ赲荓涜픋˹耀뫹躧픋˹➇ⵌ㭔꘷˿耀뱝鴡揷↑̀ā耀惟탌 RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 848

Trending

Most Viewed

Loading...