Trojan.MSIL.Downloader.JPA

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Downloader.JPA
Signature status:	Modified signature

Known Samples

MD5: b43b9651ec352d9b16c64d859ac2decf

SHA1: be3335536c0169ce0ab43e4a1961412813d1db33

SHA256: 2DAB67B73DC0A2C042AED365F455ECAF11FFC51DA548F8A3B765E5ED470682BB

File Size: 4.15 MB, 4146336 bytes

MD5: 1fc92f20cca2d1a560f0f1b962445a53

SHA1: cdf502bba091d52eeedb626677027ddb1ee4fc1d

SHA256: 3E932257BA164731968961F12E59C8A65121BE8F2984368144358DF0665A9256

File Size: 5.29 MB, 5288712 bytes

MD5: 3d687b5cf3c062f13af5fd20a778d12f

SHA1: 3fec4ab7936c7414a0e2b62c35d46456bc118dcc

SHA256: B30127DA84D60831D9899FED80E431833A330243244B955E92624494438706DF

File Size: 5.35 MB, 5349136 bytes

MD5: 89c214d27ab5a2c0ce921b7c6794cbd8

SHA1: ed29064d8aeccf3e9fa8126e1399af732e015fbc

SHA256: 78D6CBE6DCDEF7BCA7F35D85930DC16047EB2C2769D68FADC6BD265DC1EB2AE1

File Size: 5.35 MB, 5347592 bytes

MD5: cc97fd6d0e83b09c8afdc53c3552304e

SHA1: 57ad4eedbaf3cce52ca133aa837fbe874ea1b4bd

SHA256: 8603B8D766DC8E45A9D08DACBF52362B60AEE143F2F449CBB7B4C39C76BB96AB

File Size: 5.30 MB, 5302536 bytes

MD5: 2f2c7a7d47819a896ba99f158c3550c6

SHA1: 8c0108a3c7cd07e751d5a4acbf5c47704ec49eaf

SHA256: 758D7E480CA9356726976C2B419DB1A8E6F6543F14ED54E72A095200A9EDF20A

File Size: 4.15 MB, 4152528 bytes

MD5: e75ac8a392d286a44ea4e5b7d68c3a6b

SHA1: 7f2760d08714461126f095dcc3fc9b2aeed1ddc9

SHA256: 8A587D39EE4C8A7FA39007764CB2D92D11117750461B6982BAE0298FF5B363B5

File Size: 4.15 MB, 4146848 bytes

MD5: 927750edb4334675233734a4d4da1546

SHA1: d3017114a310a12c75947b45e5b10fd31745d13a

SHA256: 9B23AC89E60C3362DE7926DBF933AAD5AC83D2C8E6DFBA80D1EF4DD6CE92FE03

File Size: 5.35 MB, 5347592 bytes

MD5: d0b2a36beb317b184e403b91521e49ba

SHA1: 876302a16dc6feef6bb718c05f9414609d0bbcba

SHA256: 34DCF8E44D17AE30A89C1FE82979939EC56B06142F310884FB4C23F02F462ED3

File Size: 4.18 MB, 4178080 bytes

MD5: e02f2a82e469eac74b2996377dad23b1

SHA1: 51fa453b3f47ad4fdcfb4dc23a035226257a1c29

SHA256: 218DC0175F0650CCF24AF6ECA42D843978D09589F427677E5390BDAA6DD20982

File Size: 5.35 MB, 5347592 bytes

MD5: 7efe6d9fd5f01cfc2fe6d752246e9b41

SHA1: 707241190d60383e29ad64691a2d0f225eeb0db4

SHA256: 038FFE77D32C65D460F6F1D022769E197AFED99345AB2B61D3B398020D339FD1

File Size: 4.19 MB, 4191392 bytes

MD5: 5464e6cfef02547be8baad4f7e4b6288

SHA1: dd7353015ddf4d25d6113b08bccaae415830d47f

SHA256: BA81AAAA922DCD6886DC0F5046D56014970AFCF92C2B69CC3853174F66931803

File Size: 5.26 MB, 5260560 bytes

MD5: c123df522047c677806f302c9e35f24a

SHA1: acdcda1dc0abac5ef7c6c3823b4fc7f1e8515a6a

SHA256: 6E7896AB373F0B95B8D376503878AA725F0376F01DD0AFE9ED110EE1502BD433

File Size: 4.19 MB, 4192600 bytes

MD5: c9cb9145caacfb251ae5f2f85fd497d7

SHA1: f45d8ed4cd5e6dfd6284c1fbdc6946f13c21afd6

SHA256: C34897E080BAAABFCF41866693B91F1F8173E8B9697B1BFD533E701E7B9087FF

File Size: 4.19 MB, 4186320 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

.NET
HighEntropy
Installer Version
x86

Block Information

Total Blocks:	3,136
Potentially Malicious Blocks:	571
Whitelisted Blocks:	2,564
Unknown Blocks:	1

Visual Map

x ? 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 1 0 1 1 1 1 0 0 x x x x x 0 x x 0 0 x 0 x x x x x x x x x x x x 0 x x x 0 x 0 0 x x x x x x x x x 0 x 0 x x x 0 x 0 0 x x x 0 x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x 0 x x 0 x 0 x x x x x x x x x x x x x 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x x x x 0 0 x x x 0 x x 0 x x x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x 0 x 0 0 0 x x x x x x 0 x x x x 0 x x x x x x x x x x x 0 x x x x x 0 x x x x x x x x 0 x x x x x x x 0 0 x x x x 0 0 x 0 x x x x 0 0 0 x x x 0 x x x x 0 0 x x 0 0 0 x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 0 0 x 0 x x 0 x 0 x x x x x 0 x x x x x x x 0 x x x x 0 0 x x x x x x x x x x x 0 0 x x x x x x 0 0 0 0 0 x 0 x 0 0 x x 0 x x x x 0 0 x x x 0 0 x x 0 0 x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x x 0 x x x x x x x x x x 0 x x x x x x x 0 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x 0 x x 0 0 x x x x x x x x 0 x 0 x x x 0 x x x 0 x 0 0 x x x 0 x x 0 0 x x 0 x 0 x x x x x x x x x x x x x x x 0 x 0 0 x x 0 1 1 1 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 2 2 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 x x 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

DarkKomet.PA

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\setup.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges
Process Manipulation Evasion	ReadProcessMemory

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Downloader.JPA

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.Rostpay

Malicious Packagist PHP Packages

Hotel Room Upgrade Malicious Emails

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen