Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Dropper.ALA

Trojan.MSIL.Dropper.ALA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Dropper.ALA
Signature status: No Signature

Known Samples

MD5: fcfc3058376f7c4ef599f71ceae142f0
SHA1: 5e1f2522f6fcf904205773e375971418367672b9
SHA256: E53024C1E93E060D5633EA2BA17007652382CED787577F63DD40D04502B00912
File Size: 46.59 KB, 46592 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
File Description TomTamXInstaller
File Version 1.0.0.0
Internal Name TomTamXInstaller.exe
Legal Copyright Copyright © 2024
Original Filename TomTamXInstaller.exe
Product Name TomTamXInstaller
Product Version 1.0.0.0

File Traits

  • .NET
  • HighEntropy
  • Installer Version
  • x86

Block Information

Total Blocks: 6
Potentially Malicious Blocks: 5
Whitelisted Blocks: 1
Unknown Blocks: 0

Visual Map

x x x x x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Dropper.ALA

Files Modified

File Attributes
c:\users\user\downloads\tomtamx.zip Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAConnect
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...