Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Webshell.BC

Trojan.MSIL.Webshell.BC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,777
Threat Level: 80 % (High)
Infected Computers: 139
First Seen: February 8, 2023
Last Seen: March 27, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Webshell.BC
Signature status: No Signature

Known Samples

MD5: 450d9fd7f3dbf26650ea8db5e00db8a2
SHA1: 4bd21c60ac5ea1d41ca6074a0914debbe1fa1f9c
SHA256: B90FFD46A38085CE018E9184E580A4FB1846ED984CB7252A18A4C6106F4000D2
File Size: 53.25 KB, 53248 bytes
MD5: 2bf7122cda6c2bd95b80e79b96edb860
SHA1: b376caada91bf6e1a09baaf3fe4ce6c8a667da9e
SHA256: 69B683F58432E243F1E393395AD480BD874A2A1AE47A5491C90127B375841F33
File Size: 98.30 KB, 98304 bytes
MD5: 3e002fa6e550056ea8dfbc476aacd645
SHA1: 780389376448a61f8f98cfef401e7b028e58f0cd
SHA256: AE734A83C190238B73D5467C7E99517DD753A0AD31414B9C5DD26EB88ED6BD22
File Size: 132.61 KB, 132608 bytes
MD5: 985658559cb42a58cb15a310643e6124
SHA1: 1a58e9eec1709d026240620b7da9061c1c4cc9e5
SHA256: 4C86A9B6A9C2480EE033884B9F6C660428F44B9A431A40D7F551DB3D036083CF
File Size: 125.95 KB, 125952 bytes
MD5: 201962a1b0b2e8f532770a8b2dc043dd
SHA1: b492f516f657e6398b9fcfa13e131b2dcffaa11e
SHA256: 43E2BC4343AA1926435E6CEB32C3449EAB1C992FBB54E1CF48F22C251FEB5939
File Size: 71.68 KB, 71680 bytes
Show More
MD5: 2b7f69d8501d0e7949403a1656513594
SHA1: 2c03d23fcad03fc699a691a13a1acb5ae1cedbc9
SHA256: E123D505BDDABC4B47BEA06088457A89AB9A9B97125F5736797F2EA4E6491E04
File Size: 61.44 KB, 61440 bytes
MD5: e85dff2e26311d202fbc391da9370909
SHA1: 7b8949a685cc5ed34cdeff967a853a56bb32e552
SHA256: A84E10589E5E0E4B1BDDF8CC6C845FF380C5F4CEF14D5DD5179B5F7CF4C2816B
File Size: 100.86 KB, 100864 bytes
MD5: 6a3b19829557099b1a6f791653db7ca8
SHA1: 6e7206128f4b9e03f1dbcabd8dc439becebfb7bb
SHA256: 41AF149176A7E14A79C5F24D819965864A0B2125CFA4874DE2DB4D663C7D338F
File Size: 88.58 KB, 88576 bytes
MD5: dce9de3e610706ec69f6fe3f295f16c4
SHA1: 1e5cde1eda8b1132c95e946fb6ab886b2629cbfc
SHA256: 661EF3BEE086810E6CAFD3E8BCD999A3FA12169611DA4C8669B55FEB002ECAF1
File Size: 61.44 KB, 61440 bytes
MD5: a742adfe5d45b12bd6c55869367ed9dc
SHA1: 438f7a9793cec42b2c69bca38865003c0946c5e2
SHA256: 73B6566E2A766C373D345C1880B4398EED097299DD0C5C240316E66139AE5B90
File Size: 167.94 KB, 167936 bytes
MD5: b2df10dfd0b0882b5d1446ed7d59747c
SHA1: 41a33cf43213a78ce79d507876e1f2c65e20f45b
SHA256: 1510AAD310B57FCCC0781544018A5A94BD213FE12565A66C91F05520293D47B5
File Size: 190.98 KB, 190976 bytes
MD5: b271a6a28a11306aa8ac638658e23f3f
SHA1: 28f6f13ae22a165ce998610e3bba14d708489e5c
SHA256: 346BB35C71EA89E5EBF029AD17DF5714F8C05E582040D6109ED4F5DE8343FD0A
File Size: 131.07 KB, 131072 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • .NET
  • dll
  • x86

Block Information

Total Blocks: 491
Potentially Malicious Blocks: 251
Whitelisted Blocks: 61
Unknown Blocks: 179

Visual Map

x 0 0 0 x x x x ? x ? ? ? 0 x 0 ? x x ? x x ? x 0 x ? x ? ? 0 x x x ? x x ? x 0 x ? x ? 0 x ? x x ? x ? ? 0 x x x ? x 0 x ? x ? ? 0 x x x ? x x ? ? 0 x x x ? ? 0 x x x ? ? 0 x x x ? ? 0 x x x ? x ? ? 0 x x x ? ? 0 x x x ? ? 0 x x x ? x ? ? 0 x x x ? ? 0 x x x ? ? 0 x x x ? x ? ? x x x ? x ? ? 0 x x x ? x ? x 0 x ? x ? 0 x ? x x ? x ? x 0 x ? x ? 0 x ? x x ? x ? x ? ? x x x ? ? 0 x x x ? ? 0 x x ? x ? x 0 x ? x ? x x x x ? x ? x 0 x ? x ? x ? x 0 x ? x ? x ? x 0 x ? x ? x ? x 0 x ? x ? x ? x 0 x ? x ? x ? x 0 x ? x ? x ? x x ? x ? x ? x x ? x ? x ? ? 0 x x x ? 0 x x x ? 0 x x x ? 0 x x x ? 0 x x x ? 0 x x x ? 0 x x x ? ? ? ? ? x x ? ? ? x 0 x 0 0 0 ? x 0 x 0 0 0 x x x ? ? 0 ? x x ? 0 ? x ? ? x x ? x ? ? x ? x x x ? ? x x ? x ? ? x x ? x x x ? ? x x ? x ? ? x x ? x x x ? ? x ? x ? ? x ? x x x ? ? x ? x x x ? x x x ? x x x ? x x ? x x ? x x ? x ? 0 x x ? ? x ? x x x x ? 0 ? x ? ? 0 x x ? ? x ? ? x ? ? x ? ? x ? ? x ? x ? x ? x x ? x ? x ? x ? x x ? 0 x x x x x x 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetAncestor
  • win32u.dll!NtUserGetClassInfoEx
  • win32u.dll!NtUserGetClassName
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetIconInfo
  • win32u.dll!NtUserGetIconSize
  • win32u.dll!NtUserGetImeInfoEx
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadDesktop
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserGetWindowCompositionAttribute
  • win32u.dll!NtUserIsNonClientDpiScalingEnabled
  • win32u.dll!NtUserIsTopLevelWindow
  • win32u.dll!NtUserMessageCall
  • win32u.dll!NtUserRegisterClassExWOW
  • win32u.dll!NtUserRegisterWindowMessage
  • win32u.dll!NtUserReleaseDC
  • win32u.dll!NtUserRemoveProp
  • win32u.dll!NtUserSelectPalette
  • win32u.dll!NtUserSetCursorIconData
  • win32u.dll!NtUserSetWindowFNID
  • win32u.dll!NtUserSetWindowLongPtr
  • win32u.dll!NtUserSetWindowPos
  • win32u.dll!NtUserUpdateInputContext

Trending

Most Viewed

Loading...