Trojan.MSIL.Stealer.CCL

By CagedTech in Stealers, Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Stealer.CCL
Signature status:	No Signature

Known Samples

MD5: a1b6105739c58073918d3f559ff88a96

SHA1: 04defa51c107053f482d3ba0b6fc9d73e5226537

SHA256: A39B7DED7C3DF0FEE89B50673407CAFAE85883839977B7FD2CF0AD1339AFE2F7

File Size: 585.22 KB, 585216 bytes

MD5: 54000fa1aefc965e93dcf814c620c303

SHA1: 629ca0c6f3a4dae1df3b10da93896a381d50da77

SHA256: 7D79B160AEFE7B62014C43EC0EBB4674B3BBDFEA585E7FE3F7E0B9228238CF65

File Size: 585.73 KB, 585728 bytes

MD5: a4e498ab4f71af7c0708b4fab2f6670c

SHA1: 16cec88c7e314cfca4760f49ae6f6fa3f04ed0e6

SHA256: C62B3FECA68E8754DA3954701825D827AF0250F88EE50FFC274B4A913C3B2AEE

File Size: 692.74 KB, 692736 bytes

MD5: 2a01552f7b2901d4dfc7a0887a71d8a6

SHA1: f8eb34327d516d9869e5cdc8d6a29eb36755df99

SHA256: CC1795E94B7A592F90C07F15E9D99E7CE26FBF8CFDA04CBC1C89FD9CBB1E79C2

File Size: 693.76 KB, 693760 bytes

MD5: e076afcbaddd3a84bc4e67c257da24e0

SHA1: 05343d355261bafb6538f31fdb9cc0a3b5f581f7

SHA256: C74501164963D082EDC57D371561EFE46B77C3AEA0DBDB6B1B83EC6006C3BB78

File Size: 677.89 KB, 677888 bytes

MD5: cb70bb36a965e00f70cded8d2433a0ed

SHA1: 5f32020d8090287f3a29d550b281c055d39b943e

SHA256: 52DAED2C662738D939940A3113115E04C40452771C11CBE5C60AFFFA5FD15787

File Size: 326.66 KB, 326656 bytes

MD5: a092a0e98a30ad47155fcc77d4d57a1c

SHA1: 5b4bc2ca626386aa31d94eadeaadc49ab33ad3f5

SHA256: DA203CD0D0E9667443FF6B599E61271F6DBA891A4734DD1723AC2125B20EB1F9

File Size: 677.89 KB, 677888 bytes

MD5: f91b83db5af8159ad7abd21c551ecae6

SHA1: 881ae6f9a42ed4d0a8fa82119e743fcf4fc6238c

SHA256: 8221DAD2D648F49F5CD55A345C809FD7308E947046E690D34C0BD21DEBF5A8FA

File Size: 678.91 KB, 678912 bytes

MD5: 1424dc42804aad0e116db05c3c7d4c82

SHA1: e083ecc6076dedcf86df29f6f51aee747e1491d0

SHA256: 6BE324741F9183C744C4143227B64FCA5A5C74AA4937483AFCEF8E5AB9F9267D

File Size: 677.38 KB, 677376 bytes

MD5: 31153a8920555caef1a1bfd47ff4c1e3

SHA1: b124dc05f34f89e0c63e34cb0f554228f15d92dd

SHA256: 44304D4000E580524AFF6E4C0E8AE9F4D403C45917363894337F7EBE2C20A4BC

File Size: 677.38 KB, 677376 bytes

MD5: c1ef3b766f44b0ce7c30a42d2501000d

SHA1: b4ba5ae391ee896c674be3c2e6e29eab4368e038

SHA256: 2AB142A0661D48F93300F4317641141FC183DA6652EEAC7259A307971451FA1D

File Size: 747.52 KB, 747520 bytes

MD5: 1e960924c8ae6014ed70d31d5361bee2

SHA1: 63b904a265156c1bd65cb119911ec103ee68ea40

SHA256: 7AC7FBEDA501D855220677E0354CB63798400D3A010256011063AF63EECC09EB

File Size: 676.35 KB, 676352 bytes

MD5: 431b9a46134dd8f6326f4fbed18bb54e

SHA1: c6a9006e1a1342e6904760fc232676d1a74157ef

SHA256: 12D7C6555F5C95B43FDCC0089EA5A62A852B39036CD962914462D0FAB7AC4D60

File Size: 679.94 KB, 679936 bytes

MD5: 66765ff86f54a6da3e04ed04d33e7e4d

SHA1: bb35d49c134df0f509902baebb91e9ee368d8b2a

SHA256: 954612EDC607BA9FE7DEDAE23F10B1A8A6A794CC25BCD1DC6790B1971829C9EC

File Size: 677.89 KB, 677888 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
File Version	1.0.0.0
Internal Name	Cjakwqaqyib.exe Cntkb.exe Gdcsrlpz.exe Hfhccz.exe Jbburmf.exe Kwhpk.exe Pwfnlw.exe Tocqwyu.exe Ukbrm.exe Wjalgmcwabh.exe Show More Xsquotty.exe Yrdbjn.exe Zazcur.exe Zfdwe.exe
Original Filename	Cjakwqaqyib.exe Cntkb.exe Gdcsrlpz.exe Hfhccz.exe Jbburmf.exe Kwhpk.exe Pwfnlw.exe Tocqwyu.exe Ukbrm.exe Wjalgmcwabh.exe Show More Xsquotty.exe Yrdbjn.exe Zazcur.exe Zfdwe.exe
Product Version	1.0.0.0

File Traits

.NET
GenKrypt
HighEntropy
x64
x86

Block Information

Total Blocks:	10
Potentially Malicious Blocks:	4
Whitelisted Blocks:	1
Unknown Blocks:	5

Visual Map

x x ? ? x x ? ? 0 ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\pshost.134151569388416492.2760.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\users\user\appdata\local\temp\__psscriptpolicytest_lwplswrj.p0e.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_pkjirpjw.pjc.psm1	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	촥㽽騤ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent Show More ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResetWriteWatch ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtSuspendThread ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtYieldExecution UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges
Network Winsock2	WSAConnect WSASocket WSAStartup
Network Winsock	closesocket setsockopt
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Process Manipulation Evasion	NtUnmapViewOfSection

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Stealer.CCL

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

VENON Banking Malware

SHub Stealer

Threatcleaner.info

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen