Trojan.MSIL.Razy.QB
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Razy.QB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
69ae3e6ffd8be982a54a4357a676df84
SHA1:
41a2b80b588a29622499dbcc0f5af8db481a3b32
SHA256:
AAE0761281622EF3ED3EF80A487D8AE6A9B8CD4A815F118E1DE620D9A9D38932
File Size:
2.32 MB, 2323456 bytes
|
|
MD5:
822f8a27979dd9bd163e2140cd810016
SHA1:
211da910976019f911952c102bbc9d0fd5c52f7f
SHA256:
57C4E32A8F71BADB2AF82A58584390F94CEC7216B3727388F71387E059CBA847
File Size:
2.98 MB, 2979840 bytes
|
|
MD5:
da756a9bfdb494c8e68dfd136559b4a7
SHA1:
4426f61a31966c52c2014ac7fe0335aeab374387
SHA256:
656CA6881377C337129FF00C93A776600C6565ABF2361FD51C86F87B30C23002
File Size:
3.10 MB, 3096576 bytes
|
|
MD5:
167d7fdddb6c831c514a7af525767101
SHA1:
59554db09bb14d51ae8da328019393db416b7e56
SHA256:
89EB7B23353EA2DE8C102A5ED426BF29E88A35D16B48F9160C5BF8CAC53B2D68
File Size:
3.10 MB, 3096576 bytes
|
|
MD5:
6042c4cc40558f0bd83f2c258ff3819f
SHA1:
ddaf16fbf1e4637fca35f1be9204ce4d72c3fad2
SHA256:
2BA0A9F707751835C7B635056FC371B3B671B7FF937E75C53294C438DD6E51BC
File Size:
3.10 MB, 3096576 bytes
|
Show More
|
MD5:
2a34bbe1d5917f1fbc777ba1673691e3
SHA1:
15c536425aed7403d4629537bfaeb63299389ede
SHA256:
F1A761C44E5FCB5F394EBF5C741E56B0C25EC1B945B32080706DD658EDA71EAF
File Size:
3.10 MB, 3096576 bytes
|
|
MD5:
56c42ecffbe37e6f0844069aca1abdc3
SHA1:
f725810ece9e6498dc36cd1c2ef528ba06b760f6
SHA256:
56CC5446567A97C6D8D005ECD6F87143942D69F3E6A3035C5D7FAF572EBF3BFC
File Size:
2.65 MB, 2650112 bytes
|
|
MD5:
09d1566cf5bb7f507553540f87f029bb
SHA1:
66d58fd80873a0d04ee27a5611808e5baeeee7eb
SHA256:
4E14667274E200042DDE64268B59A3056781D4B41282D9FC6B760624E3B7983C
File Size:
3.08 MB, 3076096 bytes
|
|
MD5:
e3d575edac579a937a1a18dedb42fa8f
SHA1:
1a312275b5331747a00c7480d93eb120b2f967b2
SHA256:
63E6C2CA04D80CCEE6CE63F9F4254DCCE1E26087D064B60713EE5ECB6A3241E2
File Size:
2.99 MB, 2993664 bytes
|
|
MD5:
758d3bb295f0a570b3742cdb61461a48
SHA1:
c49c9195f8cb72d4ba82b3796cbaaaebed604b39
SHA256:
7EF9FD66A1E6649DC858688AF56CD2A0DE75CB7C59EA301C26931C51D5CC6730
File Size:
2.99 MB, 2993664 bytes
|
|
MD5:
23c860473ad65cb9aa89a2cf560a02a2
SHA1:
38443210c1fece153e054b50074df767724e5cbc
SHA256:
4A8315527F2CD7854C64E9B263B0B0D28E643131BE7806E4B8B8900760C6BB79
File Size:
2.78 MB, 2782720 bytes
|
|
MD5:
b20a9c3e7fedd8ad760a663fe8561743
SHA1:
3770a07fed8795273f581461e0f5fcb5ed506007
SHA256:
796535F18A219160CAA2ED022A6EAB23AC0C0064227C8F9CB55635DA5F5609DA
File Size:
2.81 MB, 2813952 bytes
|
|
MD5:
54aa854e34311fec6155a2f3936d4999
SHA1:
1d20f97c388580ffdf5f2646dd10afe07f940236
SHA256:
983CB3C417749C7345BE168E81ADCC7028C2CE2D9EE979062002CFE9228099F0
File Size:
3.05 MB, 3053568 bytes
|
|
MD5:
635c37fef798fef8ad84b786e8e06c7c
SHA1:
23708bb62afaea27a407bbe9b2958bdb9589a930
SHA256:
25F88DC9D497198279BE694BD7A5006B02C8703B518C2BC0E1689E24698E27D1
File Size:
3.05 MB, 3053568 bytes
|
|
MD5:
184a92041ab09e9bf485fae09aeff503
SHA1:
fbd5a82a43ed10b41af97148b90aa101a06b19ac
SHA256:
C1905AFB6970F045129EDFEEA9748E87D10FCB4EF7A0FC88BEB2BE5530036699
File Size:
2.44 MB, 2435584 bytes
|
|
MD5:
b07cfd143eb718da953def6e912a59fd
SHA1:
1e61ad1b094d8e29213c7e5d5ed9c2773888464f
SHA256:
31D3FB0762352DF8B2F5F00F9BCB36F3D41A5D257177E7B371C58FE214283CB9
File Size:
2.98 MB, 2978304 bytes
|
|
MD5:
d211f00afe60b74ccfe20054eeba4143
SHA1:
f22fc18143970bd5d643fa91f18f0ebbcb8a48bc
SHA256:
388D8A95DB2CF2BC8CEA0AF506BB85EB86D9EBCBEB0EFE7434998AD5F7D04B94
File Size:
3.05 MB, 3053568 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
Show More
|
| Original Filename |
Show More
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 0 |
Visual Map
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Razy.QB
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\tmp3bec.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa2e2.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa301.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa3dc.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa66c.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa766.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpb030.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpb7cc.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpb849.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpb9fe.tmp.exe | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\tmpbb94.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpbba3.tmp.exe | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Anti Debug |
|
