Trojan.MSIL.Lumma.T

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Lumma.T
Signature status:	No Signature

Known Samples

MD5: 66f6bd01c145d02b09c93580de5220b0

SHA1: af0f08015e4135c53f47559539e8e75952472ce1

SHA256: 37FEBF0A89C2E2F64EE9A0119BBF9ED5FB5C646C288F64C6E24BE2187D7A8236

File Size: 347.65 KB, 347648 bytes

MD5: fc82da3d952d3871540e724490c5de72

SHA1: e931f6114e9774a232b6283ebe59faf32371c4ad

SHA256: 0C78440775EB779699C10C68E1985F18AAB202263960B0DE16C7EB64E7765F03

File Size: 349.74 KB, 349736 bytes

MD5: 50d064ae5660cb0c793c1a24aa256e73

SHA1: aa5d5c0216336c72564645346bb8ac3387f065d0

SHA256: F2D672161A4DE76EA1E73CA678E88D293AB5628804554B79CCD3F6BD28B170AE

File Size: 257.54 KB, 257536 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
File Description	Brought Chamber Liberty
File Version	1.0.0.0
Internal Name	Brought.exe Chamber.exe Liberty.exe
Legal Copyright	Copyright © 2025
Original Filename	Brought.exe Chamber.exe Liberty.exe
Product Name	Brought Chamber Liberty
Product Version	1.0.0.0

Digital Signatures

Signer	Root	Status
NVIDIA Corporation	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch

File Traits

.NET
HighEntropy
x86

Block Information

Total Blocks:	5
Potentially Malicious Blocks:	4
Whitelisted Blocks:	1
Unknown Blocks:	0

Visual Map

x 0 x x x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Lumma.T

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetUserDefaultLocaleName GetUserObjectInformation
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Lumma.T

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Rugmi.FK

Backdoor.Bifrose.O

Adware.Search Safer

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen