Threat Database Trojans Trojan.MSIL.Tiny.C

Trojan.MSIL.Tiny.C

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 16,424
Threat Level: 80 % (High)
Infected Computers: 109
First Seen: January 7, 2013
Last Seen: February 12, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Tiny.C
Signature status: No Signature

Known Samples

MD5: cdee5a7d8ccb1899034ceb49b3385ef7
SHA1: 22a20a92f05aea8c65aa13a3b4fe21a97ff1ffe7
SHA256: ADD7AE796E0B2240F9D7DEA87E2877BE2D88A2E7B3699EE8059442073ED5C464
File Size: 6.66 KB, 6656 bytes
MD5: e23f9cca11ead7dab090eb26f94fe9a3
SHA1: ba9da867c5140ca85c3535f2eb685ef986f8fd2b
SHA256: 52EED9751951DE52A3F1252AF0B7A97DC7E3CA854B31E81CCC5FEFE067DF49D1
File Size: 130.56 KB, 130560 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.0.0.0
  • 0.0.0.0
File Description Cliente.TrendReparaCertificado
File Version
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • Cliente.TrendReparaCertificado.exe
  • ok.exe
Legal Copyright Copyright © 2022
Original Filename
  • Cliente.TrendReparaCertificado.exe
  • ok.exe
Product Name Cliente.TrendReparaCertificado
Product Version
  • 1.0.0.0
  • 0.0.0.0

File Traits

  • .NET
  • .sdata
  • NewLateBinding
  • x86

Block Information

Total Blocks: 263
Potentially Malicious Blocks: 1
Whitelisted Blocks: 48
Unknown Blocks: 214

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 x ? ? ? ? ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files (x86)\harmoniti\politicas\logs\configura-trendreparacert.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\829d9fdd.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\erro.log Generic Write,Read Attributes
vmp-harmoniti01\logs_politica_scripts\configura-trendreparacert.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • CryptAcquireContext
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • inet_addr
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Other Suspicious
  • AdjustTokenPrivileges

Related Posts

Trending

Most Viewed

Loading...