Trojan.MSIL.Webshell.BD
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 2,670 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 841 |
| First Seen: | February 21, 2023 |
| Last Seen: | April 23, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Webshell.BD |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
09899ee637d215865088fb1561d4b5d5
SHA1:
662de5f8c186dc1d8989dfc890993cf2ca9ba64c
SHA256:
63C656342D40321F13AE68B7DEFFA7C4CA46252D63C0AAA284577639BDD93D9B
File Size:
225.79 KB, 225792 bytes
|
|
MD5:
71835aba53b22715d40b70ed2f2b8cf7
SHA1:
0d663e995d6c8fb125c88b4d1d5e0ca71017cf76
SHA256:
9CF2B884D572E8887AE8A31B7FF744A47ED7AC886070C0B28899FE3D15B338EC
File Size:
164.35 KB, 164352 bytes
|
|
MD5:
eac65a3eb61723718779dd4cddbc5456
SHA1:
9ccee7661d50e8ff0f53e4d0dbc2ec54764f09a2
SHA256:
8F7D080F48BDB6120596BEB987131BA82B576261210FB70A606B598988C3EAE1
File Size:
77.31 KB, 77312 bytes
|
|
MD5:
9d6030af959599cce0c5ee988a3cc1cb
SHA1:
1536f1b91ae608e2dbe0f7793c03133db84b44b3
SHA256:
92EC5567CF06AA2FD9671B309E2CD6D6AF3876057EF0004A993C0EC10B9DB09F
File Size:
318.98 KB, 318976 bytes
|
|
MD5:
4fb3bb837d16a590fc459127a759dede
SHA1:
11ab516f1b7a6996737727896aebe626dba2d01c
SHA256:
FCA3D2BA9B769DBE6465C89C94335A9848023C2C9EE63114FCB4750D58F066EA
File Size:
18.94 KB, 18944 bytes
|
Show More
|
MD5:
da818feae2eb9262eb23079fe3e47a96
SHA1:
9d45f535844a926c4c44290fea04dfa6011ad5ed
SHA256:
F921EAADC12CFDF314852EC0257CC9C93028F271AE5B25610B2A694EB50B4A12
File Size:
17.92 KB, 17920 bytes
|
|
MD5:
2faeb71cc0838691105259a62c9b78bf
SHA1:
aaef62378ec9c16298657686209842ff48701fc3
SHA256:
1C4F8F296CFA7350E429E4AF9E1694966C0E93C3B7AEDE448D8DA6543FF8C408
File Size:
92.67 KB, 92672 bytes
|
|
MD5:
d37d4c7a8cf75648e16ee8bc6751aad5
SHA1:
e4c71dc90788369c5ef974bbacc09e9e4896a660
SHA256:
9DEDC02F518F623364E016CB3928FFF60A6964CB73678124A7B8127066C4604F
File Size:
71.17 KB, 71168 bytes
|
|
MD5:
3f89c5a3de8218f8091dedc4912571b5
SHA1:
7f65400ff8f6c690f7d89ac0bd84883795b3b218
SHA256:
6F6DB1F1A645554B567D257F72A82D4BCAA01BD0FE6DE166C78273FB1ABC1DC5
File Size:
24.58 KB, 24576 bytes
|
|
MD5:
9d1caa782b598633029ec1cf4079988b
SHA1:
62a219dbfb02e3ac04b46e32f3c9e7ec44777690
SHA256:
7E79A284FF5C68F9BC4F531FBB19C36E2732D6658CE5C2869421531298589A84
File Size:
24.58 KB, 24576 bytes
|
|
MD5:
f85fe937889a9b3f973c2c9fef99f472
SHA1:
16945f7087925773e9187d0c0e361458ccf0c026
SHA256:
3F6ED1CA3FC76BE1B220BFD8C81E712DECCB67F57D7424845D21F2CD1E3ED7E8
File Size:
139.78 KB, 139776 bytes
|
|
MD5:
b83cc78e569a54ae623e7217cceacf27
SHA1:
5079c866dbd3728732a87b09cb01b784673055e3
SHA256:
DF78AA26F296DC7C6201A54C6B47ACF83571686C711A9CD5188B9B863593D517
File Size:
79.87 KB, 79872 bytes
|
|
MD5:
702cde79f4f8e98bd3c8b47904af63ea
SHA1:
7fa5ca3c90c691dbb76722b009fb79ff63a7d3f1
SHA256:
058CD5304E0903D42AA0DBD73B1AF16F4D8A4ABD47A294CC67BD35B282D8C22C
File Size:
282.11 KB, 282112 bytes
|
|
MD5:
9d82d2052ac2ed829c286f9ac627549b
SHA1:
a6d1117a827a8348262c90502e61573f194891b2
SHA256:
80FEB2D2E699E15E911DED5941E58B67A3D610FE6BB2B21A0C136100F3AD6D77
File Size:
13.31 KB, 13312 bytes
|
|
MD5:
9a66eea72ac87862cc4272e0a0053e6b
SHA1:
c335a3c97a59c19289757ff20f5c62b63069d354
SHA256:
485446C1A75B475D794385483297BBDB36D8072E45D213506CB2EC22F3768D19
File Size:
258.05 KB, 258048 bytes
|
|
MD5:
79944e30c1eab37afd8b7173c230b03e
SHA1:
ad11d785ca571f350983f7a6ed3aee8ea378f7ac
SHA256:
3D2A56C916E06B76E2E4701E1166C318C1D28AE60C7A9DD5026C7019D46DF59E
File Size:
13.82 KB, 13824 bytes
|
|
MD5:
276bb6704ce0e43a934699bdcf52f948
SHA1:
734a61195fa1053fabff4ef434232daf60b27c5e
SHA256:
659BE9553921F9A91E9E3701AA6536682A9B72EABEC5CCFC0AAADE4689E13F5B
File Size:
27.14 KB, 27136 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
|
| Original Filename |
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- dll
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 39 |
|---|---|
| Potentially Malicious Blocks: | 14 |
| Whitelisted Blocks: | 9 |
| Unknown Blocks: | 16 |
Visual Map
x
0
0
?
x
x
0
x
x
x
x
x
?
?
?
?
?
?
0
x
?
?
?
x
?
x
x
?
?
?
0
x
0
x
?
?
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Webshell.BC
- MSIL.Webshell.BV
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
