Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Spy.Agent.AB

Trojan.MSIL.Spy.Agent.AB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,817
Threat Level: 80 % (High)
Infected Computers: 61
First Seen: August 3, 2022
Last Seen: March 16, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Spy.Agent.AB
Signature status: No Signature

Known Samples

MD5: b99ccba4110af68f141691dc5e8e64f5
SHA1: e5816505e97d5d511677e95691410ca5b1a7ff2d
File Size: 5.08 MB, 5078016 bytes
MD5: 0ff90d543102a4f640b2833af6aec3d4
SHA1: 4979338944cc7caed4dcd9752c0978b78b01609d
File Size: 5.08 MB, 5078016 bytes
MD5: 21a4998b12fa314853eedd734432e619
SHA1: 9bcd11c825892358b49b537c8a0993ee9743b972
SHA256: 7C7E8C8518C0D9224CAD600BB0C3DAA7E4B937132EBECA1DFD0957E1B55DB041
File Size: 5.08 MB, 5078016 bytes
MD5: d0c15229d43b1f55941b9770ef599132
SHA1: 1c6afe2414954f57e37a8874704d8cd7312017f9
SHA256: D0D96038726CEE7DCA4DA31D577C0D27DD78DF5B23927C04F8E652E49D8B22E1
File Size: 5.08 MB, 5078016 bytes
MD5: 4e083c9ef12a78314b85197e2d90961e
SHA1: f44f6680909181ed1b65391b9c7b9b07a3ccdaac
SHA256: FC1DDCC7E83124C25827558A7FFCAA4CC881DAA36C9EA40C01E6B808588696F3
File Size: 5.08 MB, 5078016 bytes
Show More
MD5: 7fe45d4570b3bd1b3f037fe4203fe3f5
SHA1: a7f878bbf3f59490aa52bb87bb17edcba3884154
SHA256: 1D134E6EED3D50CB034962CFA66C2FAF617567791A3B1BC8A99F3844A286CAD9
File Size: 5.08 MB, 5078016 bytes
MD5: db4a122736f5365b8c3a3e190e4dbf2e
SHA1: f1b9b4ed23c0d428ef3e2be061ae121f03c3286f
SHA256: AE5402F95D457ECC8A67CA2384791D29E053F983600C475679F791ECD8AC85A3
File Size: 5.08 MB, 5078016 bytes
MD5: 57c3379c867ff87d18f2c259f62d37f2
SHA1: 9b0eb312e69b98368347d36cf95c9432d3b971fe
SHA256: BA669B7F5BA6AAE77445A8E4AE8C9DDCD07B48B8EB79CADE260F312FBCEFF19E
File Size: 5.06 MB, 5064704 bytes
MD5: 9089c26ced2e6d2c17f414c1344029af
SHA1: 818b4db4537cceb8f0c0e08d4f1729f8ccc24785
SHA256: 6E9BF5C23D200069ED57AB4242EECC230B7F02727AB0BAFC0BF179ADD3EB5404
File Size: 5.08 MB, 5078016 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.2.4.0
Company Name Hiper Software
File Description Hiper.Setup
File Version 1.2.4
Internal Name Hiper.Setup.exe
Legal Copyright Copyright 2019 © Hiper Software
Original Filename Hiper.Setup.exe
Product Name Hiper.Setup
Product Version 1.2.4

File Traits

  • .NET
  • Installer Version
  • x86

Block Information

Total Blocks: 14
Potentially Malicious Blocks: 0
Whitelisted Blocks: 3
Unknown Blocks: 11

Visual Map

0 ? 0 ? ? 0 ? ? ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\7z.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\7za.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\automapper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\commonservicelocator.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\configurationfile.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\fontawesome.wpf.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\hiper.setup.core.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\hiper.setup.core.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\microsoft.windowsapicodepack.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\hiperinstalador\microsoft.windowsapicodepack.shell.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\microsoft.windowsapicodepack.shellextensions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\newtonsoft.json.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\prism.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\prism.unity.wpf.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\prism.wpf.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\sevenzipsharp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\system.runtime.compilerservices.unsafe.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\system.threading.tasks.extensions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\system.valuetuple.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\system.windows.interactivity.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\unity.abstractions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\unity.container.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiperinstalador\wpfanimatedgif.dll Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes
c:\windows\appcompat\programs\amcache.hve.log1 Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2 Read Data,Write Data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data 隞̃㴁耀꧌Čʜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
Show More
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtLoadKeyEx
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair

10 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Other Suspicious
  • AdjustTokenPrivileges

Shell Command Execution

C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 724
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 700
(NULL) C:\Users\Swqfcnxr\AppData\Local\Temp\HiperInstalador\Hiper.Setup.Core.exe c:\users\user\downloads\
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 736
Show More
(NULL) C:\Users\Cpxmhpln\AppData\Local\Temp\HiperInstalador\Hiper.Setup.Core.exe c:\users\user\downloads\
(NULL) C:\Users\Udgadblv\AppData\Local\Temp\HiperInstalador\Hiper.Setup.Core.exe c:\users\user\downloads\

Trending

Most Viewed

Loading...