Trojan.MSIL.Filecoder.BT

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Filecoder.BT
Signature status:	No Signature

Known Samples

MD5: e22c74604665bd91c132139d41a939b6

SHA1: 4b7e903fb54b3b711fb029dcd659c6a0e2df2f4d

SHA256: 258B0DC1C9E1DF289B2A0E971F0B49648F725C3B540B8F3AF42BE3403EE31239

File Size: 510.98 KB, 510976 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	6.6.6.6
File Description	Ransomware
File Version	2.0.7.7
Internal Name	Encryptor.exe
Legal Copyright	Ransomware @ 2026
Original Filename	Encryptor.exe
Product Version	2.0.7.7

File Traits

.NET
Agile.net
Fody
Run
x86

Block Information

Total Blocks:	63
Potentially Malicious Blocks:	43
Whitelisted Blocks:	20
Unknown Blocks:	0

Visual Map

x x 0 0 0 x x x x x x x 0 x x 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Filecoder.BT

Files Modified

File	Attributes
c:\users\public\desktop\encryptor.log	Generic Write,Read Attributes
c:\users\user\appdata\roaming\encryptor.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\encryptor.log	Generic Write,Read Attributes
c:\users\user\desktop\image.bmp	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\examplemutex::encryptor		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microsoftupdater	c:\users\user\downloads\4b7e903fb54b3b711fb029dcd659c6a0e2df2f4d_0000510976	RegNtPreCreateKey
HKCU\software\microsoftplugins::setwallpaper	1	RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Other Suspicious	AdjustTokenPrivileges
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket freeaddrinfo getaddrinfo recv send setsockopt
Network Winhttp	WinHttpOpen
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Encryption Used	BCryptOpenAlgorithmProvider

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Filecoder.BT

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Ads by Customer Promos

C-germany.com

STOX-C.Trojan

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen