Trojan.MSIL.Downloader.TKB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	7,603
Threat Level:	80 % (High)
Infected Computers:	245

First Seen:	March 20, 2023
Last Seen:	April 15, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Downloader.TKB
Signature status:	Self Signed

Known Samples

MD5: b81e11e838c2b9da613ab2ae4cee35a1

SHA1: efd1f61a8d777a7937656be0aa6b9cf6ef0acdf6

SHA256: E027E376F3EA2CAF426E3C411633C3992ADB8618DD0DE7E76A45BC2922679C9B

File Size: 3.47 MB, 3465312 bytes

MD5: bafb2cde80f391fb81167784c864a5b1

SHA1: 63df33ac18c231a5cd7362ab7713d5af8e58745d

SHA256: D193A2CBAEFBD88359EF34FFA7D64BBCB882ECDA2BC6B79B64428EF6E4A8651B

File Size: 587.69 KB, 587688 bytes

MD5: 13e0908cc284fd522feb8cab48fa2ab3

SHA1: c91fb01d85636097bedc4843065cefca5af74106

SHA256: 139A5BB6299E22FD1EF2DB0E8327860ED5FEF20D0C098A3EDBBF32547856987A

File Size: 2.92 MB, 2920448 bytes

MD5: e6727eadce0fa93da78c94532824ee69

SHA1: 388b278d95c5567cb97231bfd8119d7b436efc29

SHA256: F6911DB23277E688624F46BBAA232BC8B13B879ADA113D4B0BE385390169CAC8

File Size: 2.11 MB, 2112000 bytes

MD5: d535a63a1eeed2ebc5f641312d60d834

SHA1: 04e4a31ac4398447bf2286a8de7bfc32a35745e6

SHA256: 257D8EF9B0928B4629C3F6AF24EFE634CC345C2006A481540B9411EA49FF0562

File Size: 1.29 MB, 1290240 bytes

MD5: cc234e2509a76e3baabddd7fd10e351f

SHA1: 8ecaf386286af01f57f1385cfed5164e017ddb1a

SHA256: 51895D8056D4CCFDFADF1FDDC285617369C7D201B3B13D14CC1B3E8F8D39E084

File Size: 3.29 MB, 3294720 bytes

MD5: 76e2ee1161617b8661221e1a7e350b35

SHA1: 0405dd34dffeff468c9bb655edefd9448249d268

SHA256: 83FCBE2B97755FDAB7BBF841951544E669457827B384549CAD40BBD5BC7D857F

File Size: 709.71 KB, 709708 bytes

MD5: 90bf67689fa539a1bb8d5069d30ff997

SHA1: a5c7cd63e1d36335f769cc6cf4c92673b8547b17

SHA256: 792DBB31396BF01595C2BAC8AC0195DE618E7375A0F48647083822E8461B2C4F

File Size: 2.35 MB, 2353528 bytes

MD5: db57e5f364a6223d39cfc8250a904166

SHA1: 2b78b3c22ce583a6373a1d654a6ab962702579bc

SHA256: A579B5AFCE45E82364D9BEDFB8BD54161AD17CD86F06CFCCA97710EC579C8884

File Size: 1.50 MB, 1503608 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	2025.32.2.1188 2023.10.0.990 2016.26.5.120 8.0.4210.9 6.3.5.94 5.2.8.21 4.0.0.615 1.2.0.0
Comments	Geostru Loadcap Berating Capacity and Settlements Geostru Well TA Java Platform SE binary TableTextCompare
Company Name	Big Dutchman International GmbH GeoStru geostru Geostru NirSoft Oracle Corporation
File Description	F4C-GDI GeoStru Easy MASW Geostru Well TA IAN_Spy Java Platform SE binary Listary Loadcap TableTextCompare
File Version	2025.32.2.1188 2023.28.6.1010 2023.10.0.990 8.0.4210.9 6.3.5.94 5.2.8.21 4.0.0.615 1.2.0.0 1.00
Internal Name	EasyMASW.exe F4C-GDI.exe fingercoordinate_d.exe IAN_Spy.exe Listary.exe LoadCap.exe TJprojMain Truuyupb.exe WellTA.exe
Legal Copyright	Copyright © 2010-2023 Copyright © 2011 - 2015 Nir Sofer Copyright © 2017 Copyright © 2024 Copyright © Big Dutchman Int. GmbH 2024 Copyright © GeoStru GeoStru Geostru
Legal Trademarks	Geostru GeoStru
Original Filename	EasyMASW.exe F4C-GDI.exe fingercoordinate_d.exe IAN_Spy.exe Listary.exe LoadCap.exe TJprojMain.exe Truuyupb.exe WellTA.exe
Product Name	BigFarmNet Pig Easy MASW F4C-GDI Java Platform SE 8 U421 Listary LoadCap Project1 TableTextCompare WellTA
Product Version	2025.32.2.1188 2023.28.6.1010 2023.10.0.990 8.0.4210.9 6.3.5.94 5.2.8.21 4.0.0.615 1.2.0.0 1.00

Digital Signatures

Signer	Root	Status
Big Dutchman Service GmbH	BD-MANU-CA	Self Signed
DigiCert Global Root G1A	DigiCert Global Root G1A	Self Signed
Nir Sofer	UTN-USERFirst-Object	Hash Mismatch

File Traits

.NET
HighEntropy
NewLateBinding
ntdll
RijndaelManaged
x64
x86

Block Information

Total Blocks:	1,409
Potentially Malicious Blocks:	143
Whitelisted Blocks:	150
Unknown Blocks:	1,116

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? x ? ? ? ? ? ? x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x x ? ? ? ? x ? ? ? ? ? ? ? ? 0 ? ? x x ? x x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x ? ? ? ? ? ? ? ? ? ? ? x ? x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x ? ? x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? x x x x x x x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x ? x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x ? ? x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x ? x ? x x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x ? ? ? ? ? ? ? ? ? ? ? x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x ? ? ? ? ? ? ? ? 0 ? ? x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x ? x ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x x x ? x x x x ? x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Downloader.Agent.BTIF
MSIL.Agent.FFL
MSIL.Agent.HGF
MSIL.ArchSMS.A
MSIL.Downloader.Agent.AFU

MSIL.Downloader.FO
MSIL.Krypt.ABTPHE
MSIL.Krypt.ABTPHU
MSIL.Krypt.GBTB
MSIL.Krypt.ZSF
MSIL.Krypt.ZST
MSIL.Spy.Agent.GC
MSIL.Stealer.MA
MSIL.Stealer.XE
MSILZilla.VBA

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\kteqexwgrm.exe	Generic Write,Read Attributes

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose Show More ntdll.dll!NtCompareSigningLevels ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtResetWriteWatch ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtSuspendThread ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtYieldExecution UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Anti Debug	IsDebuggerPresent NtQuerySystemInformation

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Downloader.TKB

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Downloader.ConsCorr

Trojan.Vapsup

Trojan.Agent.aypy

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen