Trojan.MSIL.Marsilia.I

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	21,597
Threat Level:	80 % (High)
Infected Computers:	17

First Seen:	February 19, 2024
Last Seen:	March 10, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Marsilia.I
Signature status:	No Signature

Known Samples

MD5: d3d736edee00f609d97438a8e463765d

SHA1: 539d8ad0e4358c02360e2bcd0600e531b5b48bdc

SHA256: 3A0556288323FEB86440B0B51DFCB15454A9F1AFF7A42A035479FEB054D41C09

File Size: 9.12 MB, 9120328 bytes

MD5: e41208ab749e2c97cbc2184ee32de67b

SHA1: 2d888ab44afeea85b1835e8d1b61b9123a3798cf

SHA256: 855AEBFAF8B56FE216A3155EE0AE547DC24E6D8728D73CDE71223AFDFE216A49

File Size: 6.32 MB, 6318544 bytes

MD5: 93424278d68cc243fd35120b83aa6103

SHA1: 4f50d2dc1c6b18ca98ca6e0ced8f6808686febde

SHA256: 6FC13989F7A4398B5F52D3DBC9C08956D0A1BE569748704229E3C11F712252CD

File Size: 7.60 MB, 7597800 bytes

MD5: 590d8c094b2c46e51566fb7a301a2cef

SHA1: 25b47d22259ae15ae53bb557c01491d110504157

SHA256: BC1449979742533918737C0634B12B62AD4E734A2F3750A49ED96E770CF8CC90

File Size: 9.12 MB, 9119696 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
File Description	DestinyWars Prestarter
File Version	1.0.0.0
Internal Name	DestinyWars.exe Prestarter.exe
Legal Copyright	Copyright © 2023 DestinyWars © 2025
Original Filename	DestinyWars.exe Prestarter.exe
Product Name	DestinyWars Prestarter
Product Version	1.0.0.0

Digital Signatures

Signer	Root	Status
APservers Code Sign	APservers Root CA	Self Signed
DestinyWars Code Sign	DestinyWars Root CA	Self Signed

File Traits

.NET
HighEntropy
WinZip SFX
x86
ZIP (In Overlay)

Block Information

Total Blocks:	70
Potentially Malicious Blocks:	40
Whitelisted Blocks:	29
Unknown Blocks:	1

Visual Map

x 0 x 0 0 0 0 0 0 0 ? 0 x 0 x x x 0 0 0 0 x 0 x x 0 x x 0 0 x x 0 x x x x x x x x x x x x x x x x x x x x 0 0 0 0 x x 0 x 0 x 0 x x 0 0 0 x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Agent.FGI
MSIL.Marsilia.I

Files Modified

File	Attributes
c:\users\user\appdata\roaming\gravitlauncherstore\java\adoptium-lts-openjfx\java.zip	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Other Suspicious	AdjustTokenPrivileges
Network Winsock2	WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	bind closesocket freeaddrinfo getaddrinfo setsockopt
Network Winhttp	WinHttpOpen

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Marsilia.I

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Up-to-Date Method to Block Computer Viruses is Revealed

ExportMasters

Notifygear.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen