Threat Database Stealers Trojan.MSIL.Stealer.BDK

Trojan.MSIL.Stealer.BDK

By CagedTech in Stealers, Trojans

Threat Scorecard

Popularity Rank: 16,100
Threat Level: 80 % (High)
Infected Computers: 4
First Seen: January 2, 2024
Last Seen: December 6, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Stealer.BDK
Signature status: No Signature

Known Samples

MD5: 749972846707a0ec09276c2c19cb7932
SHA1: d35480a32bcd4d076dc0d39065d3244168bcc972
SHA256: 9C071FC2EDF16226D93494D7C17FD21B95EE9631AAAE1909670687B202DC4748
File Size: 129.54 KB, 129536 bytes
MD5: 1da1476ba28549e4eca7a9354d385f0c
SHA1: 005d8a606c93a8e30f387bbd47ba700c3037a41e
SHA256: CDE6DFEC04F2D5F040A2DC7F8B5D5E1408666F65C433F71D21540A07402F29C4
File Size: 312.83 KB, 312832 bytes
MD5: 4ddb1f1e91fc31ebedcd843fb7beaf50
SHA1: a75fedf509de9837dc816e5404cb8a00069cea1e
SHA256: 7CBDFED768D5440D757BDB39C1D31030841E48E2CA7977FE359B2B9E09BF0A95
File Size: 320.00 KB, 320000 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version
  • 1.2.36.0
  • 1.2.20.0
  • 1.0.0.0
Company Name MAXSUN
File Description
  • CustomWindowsForm
  • MAXSUN
File Version
  • 1.2.36
  • 1.2.20
  • 1.0.0.0
Internal Name
  • CustomWindowsForm.exe
  • MAXSUN_FanControl.exe
Legal Copyright
  • Copyright © 2016
  • Copyright © 2024
Original Filename
  • CustomWindowsForm.exe
  • MAXSUN_FanControl.exe
Product Name
  • CustomWindowsForm
  • FanControl
Product Version
  • 1.2.36
  • 1.2.20
  • 1.0.0.0

File Traits

  • .NET
  • HighEntropy
  • x86

Block Information

Total Blocks: 385
Potentially Malicious Blocks: 11
Whitelisted Blocks: 186
Unknown Blocks: 188

Visual Map

0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? 0 0 0 0 0 0 x x 0 0 0 0 ? x x ? x x x ? ? x ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? 0 ? ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? 0 ? ? x ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? 0 0 0 ? x ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...