Trojan.MSIL.Webshell.BL
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 7,369 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 83 |
| First Seen: | January 2, 2024 |
| Last Seen: | April 22, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Webshell.BL |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f76412ffe1bbeeeb775ec1139cf29e94
SHA1:
0b45cc831f41c876483346bf72582d286d5062f5
SHA256:
8E4B8D133A9A5A6A8951A8A64B2E01ABA3473FAEA876980458972FA3F154A492
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
0437cd335feb6843444b1438e25f852e
SHA1:
c707e1c06612ca86371d8e5c79a36c0d701cd303
SHA256:
742D74D87BFE1B9EAACC748EB30FD415BCF6B0150650C74DC3767C734E677102
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
1fdb075326bb0fdec64f8e91938b24d3
SHA1:
cf8a916dfe01f5e6b9ccbcb592232be2c0f67fec
SHA256:
5C57F6BB1B2645805632E0E83E040E605F61B871B7DE7A25B74309163FE44054
File Size:
59.90 KB, 59904 bytes
|
|
MD5:
20edd6a46ecda1155e2897aa410dd78e
SHA1:
2777c01e024bbf2e414a053355f1cdb3d58620f2
SHA256:
6D90B6481F73B6BE7AC1FBDBF10B4F51BD4BEA46DF6FCBFCAA1EA8D64CDE3305
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
46c4b38c8a3c0eb167dd07ab11af049e
SHA1:
c3c54cf7b3134894a2a8d95f516016843fac55ee
SHA256:
42D00C54647EDC03AF4D047B769AF85732EB86FD8BB81BF132CF3F27544D06C5
File Size:
19.97 KB, 19968 bytes
|
Show More
|
MD5:
5411b2cff204522ece8b62ef3974f42f
SHA1:
12eaad8b248149f6307bb8da68805fa0f879c021
SHA256:
6FB0A80B5B3F3600B05613DB8657F7A4438054FF747C89384B07B4329D4F23AF
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
33bb6db5458245b3f41c488a5ea13f10
SHA1:
f29119eafa93f415b36385c4a6dcb09ee8588c74
SHA256:
AEC67E91AB46070A20F16A6851AE120988F043345110CA848FFF1DCB6C1C62A1
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
a8c834f4094425abac324ed4a8bde893
SHA1:
79266415e1f4310e304cf915ecdf32043a5309ed
SHA256:
9465B4A5538BF6D1BC9158CED861EEB9BA32CCC3FD2840FC18E06E5800DB2F19
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
4d06510bb231b5ea0e63b3442970d8d1
SHA1:
4f706700f636ee8963699993cc7c40e24a469c97
SHA256:
562E98B4C97DB840FE36468A83B61BF3D0F3B4160FC76D5E627188EF6A4D5C62
File Size:
29.18 KB, 29184 bytes
|
|
MD5:
ee9c57dfdf55c4c96d405090eab917f8
SHA1:
e44a28d40444f91bff270a1adafc3e150888a30f
SHA256:
69A75BE90A216945EACFA9590F929F67F6F22F5C9C3E2E06012BF4845C98231C
File Size:
133.63 KB, 133632 bytes
|
|
MD5:
23225c48f8befc9dc464951f758adb15
SHA1:
63fcfa9e9e269ed651fa45d860fc08343bc10954
SHA256:
C1F6B1ADAC04D634FB28F9AF242B3E545B230C7FEA18E85A6E0A3C44FE4DE164
File Size:
8.19 KB, 8192 bytes
|
|
MD5:
8c3ca4cd3797652aa36f50b688d2e268
SHA1:
a12b13eabe445fa0ce91324c7551c70975e3a2d9
SHA256:
D17B1843352DC9E07F81C7F12C5BB6E474D700A9B47FA004F8B1A53D77AEFED0
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
4d14b0d39b73e5dbc620cd170cd1a2ef
SHA1:
1b1caf02945291f2931766df57d453453611d74a
SHA256:
DFF530CD4C8BA84883BCA20F93FC4DC9ECD0B32A4AB4C680E4C48A5F6870FF17
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
d4beb355c632108768a6307b62a9a682
SHA1:
c4c2900d920309bea9ddaf5362ce196e52ca22b3
SHA256:
83C6150D06141CB613969005A7DF686D9441FD2B178163504204A2AB4530C309
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
2d58a04ba7a565abe523d03da03c17bc
SHA1:
49bbffac3e703bf38f85f9b315cddcdff5a5be19
SHA256:
850821E3A226E10B239702448684685FA3DC7918CE01F5C0D211728D5F70C3D1
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
1f845393a2b7c6304ab38d036a4752b4
SHA1:
f8cc34229d5936ce043b60cb7d28c9ba345ce454
SHA256:
48708C34661DC4E4936E67F0259800AC08FFB339671B73338EAE85384793CD6A
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
7a365d153152bccd984c295a37eb8402
SHA1:
fe7dbcfac5bad3ca03fc3580201c6eba421168ac
SHA256:
93A47C8269A428FE30D6591693ABFE150CEAD915773652ACDA7EA39E836AC88E
File Size:
70.66 KB, 70656 bytes
|
|
MD5:
22a564ad93e2eca7bd47a3bb2d7ba1f8
SHA1:
2e6d546f06dce68e7159d5492bd0b55c9f9856af
SHA256:
3F7929B4D731A052C799E6A0CDC0892F594C789D0A30F2F169CC3320FCA856D2
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
7a25662ee5570fd982b7698ee495e8c2
SHA1:
a8460f59e15d5b06f58bb9299672f62ef8d7d5d9
SHA256:
67130958F9AA555122628400AF8AF8F1B426ADC9B735A09565F8463E08797D53
File Size:
118.78 KB, 118784 bytes
|
|
MD5:
8b97bd5edc17376f37f16fe6c1cfadda
SHA1:
d479e5595a8734e6e5f034e00bcf6b793de0db2b
SHA256:
84CF25161630D6D98438BC94482F446B75E45809777E329A2E397A29A7AF3E74
File Size:
78.85 KB, 78848 bytes
|
|
MD5:
00386e9d249e742fe5d683da38336e14
SHA1:
3dd2f7519661bcb162eb6c02caf353af6f83486b
SHA256:
1309612BDC101A22E6517E2A56EB16E9EBB696CF91929F018715F3B6F3B093E6
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
e584479145720be4f7e119502f2b0073
SHA1:
2c767f1aca907e34632d04f8621f556d554936de
SHA256:
8B931D16CDD807E95CB1E50361EE280C5088308771D6C305718208F8F39D4C36
File Size:
22.53 KB, 22528 bytes
|
|
MD5:
9d42998ca6c793be60d1e7cc664c4763
SHA1:
ba38d5a70ec5460e5e8d32fffb0f9026cefafa72
SHA256:
5456388DC5684C60FECDD3C26F1025C61FEC0B36818CF9164EC2A7322EBCCDCC
File Size:
20.48 KB, 20480 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name | App_Web_g1d3cdad.dll |
| Original Filename | App_Web_g1d3cdad.dll |
| Product Version | 0.0.0.0 |
File Traits
- .NET
- dll
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 40 |
|---|---|
| Potentially Malicious Blocks: | 14 |
| Whitelisted Blocks: | 19 |
| Unknown Blocks: | 7 |
Visual Map
0
0
0
0
x
?
x
0
x
0
0
0
0
x
0
x
0
0
x
x
x
x
?
?
x
?
0
0
0
0
0
0
0
x
x
?
x
?
?
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Agent.JKA
- MSIL.Webshell.BB
- MSIL.Webshell.BE
- MSIL.Webshell.BL
- MSIL.Webshell.BW
Show More
- MSIL.Webshell.DD
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
