Trojan.MSIL.Jalapeno.L
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Jalapeno.L |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
03a5882841ff6734eeab44cc6f90ff43
SHA1:
822b3e6fdff572c32ad818e2b567abdb28e45b1e
SHA256:
F685CCC90FDBE8AD1A8B80D237AA5076E217DF752CBAD84B4B045603148E16FB
File Size:
457.73 KB, 457728 bytes
|
|
MD5:
8a1671357ef54647b1a85ab31d026a80
SHA1:
4db90dc97126543080ed8286493ef4cc237a76a6
SHA256:
2BBDC41B870E31D30AA13E3106249A41D6CC4E00388FBBE7F59C36CB5BF1F731
File Size:
446.98 KB, 446976 bytes
|
|
MD5:
5d9c1017a9b5db7ca043990fe2c8ec4e
SHA1:
c54a921d7a9180054857e2527f4f99298c549334
SHA256:
C8D17576DEC438BD85A4F2AB26DE7E9B5FED5C92A1CD69F5B3A7AE7DC1191E12
File Size:
1.01 MB, 1011200 bytes
|
|
MD5:
f1f7875fba46020a1884fe8ee8099187
SHA1:
16c0136d9f7a769513374af5f81b11acbb6584aa
SHA256:
04C32BC267575716836B07B7E1C59DB2406E9517726209B9488852719080C850
File Size:
431.62 KB, 431616 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- .NET
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,803 |
|---|---|
| Potentially Malicious Blocks: | 1,597 |
| Whitelisted Blocks: | 5 |
| Unknown Blocks: | 201 |
Visual Map
0
0
0
x
0
0
?
?
?
?
?
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
?
x
x
?
?
?
?
x
x
x
?
x
x
x
?
x
?
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
?
x
x
?
x
x
x
x
x
x
x
x
x
x
x
?
?
?
?
?
?
x
?
x
?
x
x
x
x
x
x
?
?
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
?
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
?
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
?
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
?
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
?
x
x
x
x
?
x
x
x
?
x
x
x
x
x
?
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
x
?
x
x
x
x
x
x
x
?
x
x
x
x
x
x
?
x
x
?
x
x
x
x
?
x
x
x
x
x
?
x
x
x
x
x
x
x
x
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Jalapeno.J
- MSIL.Jalapeno.L
- MSIL.Krypt.YAGC
- MSIL.Krypt.YAGD
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Anti Debug |
|
| Other Suspicious |
|
