Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Marte.I

Trojan.MSIL.Marte.I

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,401
Threat Level: 80 % (High)
Infected Computers: 31
First Seen: November 15, 2023
Last Seen: October 6, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Marte.I
Signature status: Hash Mismatch

Known Samples

MD5: 3f9c8b3eec28ea2fb72729ff09cd9d1e
SHA1: 4895c53dac84963e5a28b7898e9bb27902afefce
SHA256: 8144B8A0C37FC6E0ECA30DB96F55C2B363A751C5873797C740202614EE76B75B
File Size: 2.44 MB, 2444056 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 1.0.2568.15165
File Description vnc26krip
File Version 1.0.6237.29072
Internal Name vnc26krip.exe
Legal Copyright Copyright © 2015
Original Filename vnc26krip.exe
Product Name vnc26krip
Product Version 1.0.6237.29072

Digital Signatures

Signer Root Status
Telegram FZ-LLC GlobalSign GCC R45 EV CodeSigning CA 2020 Hash Mismatch

File Traits

  • .NET
  • RijndaelManaged
  • x86

Block Information

Total Blocks: 6,430
Potentially Malicious Blocks: 216
Whitelisted Blocks: 4,834
Unknown Blocks: 1,380

Visual Map

x ? ? ? ? ? ? ? 0 ? 0 ? ? 0 0 x ? 0 ? ? x 0 ? 0 x ? x ? ? 0 0 ? 0 0 x x x x x x ? ? 0 0 ? 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? x x ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 0 ? ? 0 0 ? 0 0 ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? x 0 ? 0 0 0 0 0 0 x 0 0 ? 0 0 0 ? ? 0 ? ? ? ? x 0 0 ? ? ? ? 0 x 0 ? ? x 0 ? ? ? 0 ? 0 0 x 0 0 ? ? 0 ? 0 0 0 ? ? ? ? 0 x ? x x ? 0 x x 0 0 ? ? 0 ? x ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? x 0 0 ? 0 x ? ? ? ? ? x ? 0 ? ? ? ? ? ? ? ? ? 0 ? x x ? 0 ? ? 0 0 ? x 0 ? ? ? 0 ? ? 0 0 0 ? 0 0 0 0 x ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 0 0 ? ? ? 0 ? x 0 ? x x ? ? ? ? ? 0 ? ? ? ? ? x ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 ? ? 0 ? ? 0 x ? x ? 0 0 ? x ? ? ? ? 0 x 0 ? x ? 0 ? ? ? ? 0 ? x x 0 x 0 x 0 ? 0 0 0 0 ? ? ? 0 0 0 ? 0 ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? x 0 ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? x ? ? ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? x 0 x 0 0 x 0 0 ? ? x 0 ? 0 0 0 0 0 0 0 0 ? ? x x x 0 x ? x x x ? x 0 x x 0 0 ? ? 0 0 0 0 0 x x x x 0 0 0 ? ? ? 0 0 ? ? ? x x x x ? ? ? ? ? ? 0 0 ? x ? ? ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? x ? ? x x x x ? ? ? ? ? x x x x ? ? ? ? ? ? ? x ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 x ? ? x ? ? ? ? ? ? ? x x x x x ? ? x x ? ? x x ? ? x x x ? x x x x x x x ? x x x x x x x x x x ? ? ? ? x x x x ? ? ? ? ? ? ? ? x x x x 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? x ? ? ? ? ? ? ? ? ? x 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 x ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? x 0 0 x 0 ? ? 0 0 0 0 ? 0 ? 0 x 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? x x ? x ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Network Winsock2
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • setsockopt
Network Winhttp
  • WinHttpOpen

Trending

Most Viewed

Loading...