Trojan.MSIL.Webshell.BV
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 2,702 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 360 |
| First Seen: | October 16, 2024 |
| Last Seen: | April 16, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Webshell.BV |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
5264e91c308f4acd6f2a036238f5731a
SHA1:
ecfbe2a300786abb6a8636c0c51fc31137f0b7d7
SHA256:
B3AC163E7A6B339602C0F90AB147F7251B6F14CC3FF060B7262A929B62CF270F
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
192be2150e45890a87e4ab71785e0beb
SHA1:
46d6450245c760772bd63b1739d36fbed7b3398d
SHA256:
1E37E05A6392DFD6B2EAE365BB22F22A803B1E3F9492F1BBDFC3F9665A8DFE2E
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
a1db2dcfcd169be52e73bff9f8b9de7c
SHA1:
bfca637f84343f282c6ac9dd20f6adef596f81f7
SHA256:
9C654902B1D006465D0C8C0BD7F3EBA3DBFC7FFAB31143F31179D71CBE8B5016
File Size:
117.25 KB, 117248 bytes
|
|
MD5:
1940f722e0cd0e2d6d8f21370b3cf737
SHA1:
174bee2c3b582c0d74374b5d23283d7ebd7ca84c
SHA256:
D54E53B1B001D35EFA1AD56CB05971E3A8807B6A86F5A948132C1A33E116BB74
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
29bb592b90577f42bcd265f84cf0a7a8
SHA1:
5f944c7f8e000f9efb3ab34c162ae1f29fc585c6
SHA256:
D13A123014D3266545274DE89A35086D664967641918DE382A0D5F2605D3A726
File Size:
263.17 KB, 263168 bytes
|
Show More
|
MD5:
15edf6d8f88ebb6727e045ab4e194b0b
SHA1:
82f6429021c2c07c37f87d13defd895705987120
SHA256:
1478AC889F747857CD25A040568F37C755384AE3765B141333389BDF065DEC6A
File Size:
8.19 KB, 8192 bytes
|
|
MD5:
31d43c4e5d4ae9fedea58cf70d700ee7
SHA1:
3049b8b477651dc4ca3db4a3c5a00d1077433bbe
SHA256:
E1C08B1FA5CE0F8E3CCC5ED1D5FC955A4AF7BBFBB1B2A9B6E7559CDF4C568437
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
c3e1d2cfb39d0101e06a50bcb213ebde
SHA1:
10cdab159146d25c8e6d7fd6f1ef24a15122fa9b
SHA256:
417FD72F503DE77AA629DED4C2CCE9986ADA2DD8112B6848C58C189D96E13608
File Size:
16.90 KB, 16896 bytes
|
|
MD5:
98a8a66bb9c7d3efef10447408ba5a76
SHA1:
818be9a0f009297622d0752923efdfde1ce323a1
SHA256:
5F768C9EC3FFD8CA242E2761AFF941E084E576796A55421287EF9201A3806C67
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
883274ccfbafaacb463f48b6503f52a8
SHA1:
fb5857e9670d048633b80f4341c977780e5d55b8
SHA256:
5CE5DC939D0FD99EDA87B40A74A41AADD3834ECB7A3B5B280CCFD0BDBAF04B8A
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
33010443678b8e9f2a2b8b03d7676ff1
SHA1:
a39f06f3fa7001f816715410e72dd5988953f5f2
SHA256:
EBE6AB1CDB93E2DB2E33B32FA83D07CBF60CC534F3D417FE3E350ABEB3EC951E
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
ca37849c907084e4d0af897251f38d51
SHA1:
c73600fb1ab182d81fe27224984a63a5ef9d605f
SHA256:
63ECA1C445C6FE8319C7E6A54E7BDC5C934233645D1C26F69F43D82D02E6706A
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
a619ae9e40e16a4e52d2fc8d08d348c0
SHA1:
93e7e82c5a44f7c39e259c70cf63584653f18b08
SHA256:
8FBD27F462288A92D17C28E2A3A6D344BA8F9488A3BACA8F6D8814DE4A4CCC71
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
dd44eff1f58322d3fcd255d895b79a73
SHA1:
2a9f8eebb6c810b875355ed2a35040af5f2c8055
SHA256:
DD325AD7F2706A996EAAB9A769D7506957137136B61AAFC49FC619F3B9863CD1
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
0df0968f5561fb95ecc525d897d138bb
SHA1:
a7457a894846888ee57aefbf555552b7d7298554
SHA256:
1CCF8C6B247E31D0B91EE66D4A49B9E5AE44B17C6F69C55F0D6A03E5707F2076
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
448141c3cef9c0d7f2942df9aa9955f8
SHA1:
1405f5b18c3617bb73e0ff9e74d487823f9dd705
SHA256:
B53A82808A763B066A042555AF382EF2D9FF0404B306957B61C2233BEA5D2715
File Size:
87.04 KB, 87040 bytes
|
|
MD5:
8a600b974d598dbeabf8e1e6c0caa558
SHA1:
be033e7bcb7eba9f22b816768342dbba1db2f6de
SHA256:
A77F1035AAC03A9366461117532ABFAE9F6B69CDC3F89E3978227C34E319F2B5
File Size:
10.24 KB, 10240 bytes
|
|
MD5:
6d58e7feee1b9a14b896fd13be48a33d
SHA1:
126f65d6d4555a3ffe47215e4f5c1219888d15ec
SHA256:
81A4A0383BA2E66C03FF503E6FCA3E1F2D46A5BE91119E7CB0D4E4C5A080B938
File Size:
208.90 KB, 208896 bytes
|
|
MD5:
bb6494ac89179fd310fc163e30b887da
SHA1:
e6690c8ac88d93ae7a90068d39ac0527081e1e34
SHA256:
1D5DC15BE2CA4F616C29F9B19AAF8FB0144C6F3884B7DF29B766E17A2EC62F65
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
6ba9c106bd4aa4281d55f97954c30194
SHA1:
6e977c4491e497fd9bd984284872aa5e154ce514
SHA256:
BC5A7053F285FD8832125C98CD43C220D11B4946622FDCE6ABA6DB7E68BBDEA8
File Size:
44.54 KB, 44544 bytes
|
|
MD5:
bf6ee3369db5ee983b2a61d490092d77
SHA1:
88fdf4a57d46937cddaaae7df3b9922b3ca5580f
SHA256:
8B78FC2434DF3813F9128A57223CD9FBCFE939D54F544E9BAB1E49CC872FA15D
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
5553d22953dc87c989159f60d022347b
SHA1:
53b793ec17c42129940fd97a89a23bafb4cdb73d
SHA256:
613D82D731D64AFEAB84C689C6BF59C9E51021450D79A93147A1863039891B36
File Size:
151.55 KB, 151552 bytes
|
|
MD5:
9db2448d66f6b710dd599d3dc748a854
SHA1:
c0941055dc345297e6de0903677b4db50c62f185
SHA256:
01BCD260E5DCD95410C0C7735B9D72D88E21873CA6DB2753F5B25F7B94F96FFD
File Size:
133.12 KB, 133120 bytes
|
|
MD5:
ecaccc5fce60033efb49ba0032180066
SHA1:
eabdd70f410ec2659fffdb0bf1fbfea82cd7d4ba
SHA256:
2FA1C28ED8B4FAFAEDA354451F8E5922C39A97470AC4F1F91D2926254EDB3A62
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
476fe0a378d6961b88b34e94b73ff46a
SHA1:
e3a881cbebc238b32a5f229c4c90cf6f453f42de
SHA256:
CF754705300B54384A2626945CB54EE2589DA5430F4ECBB7D8B68984ED58D713
File Size:
257.54 KB, 257536 bytes
|
|
MD5:
48eb7f64b43c1ad1877bdeedf2287cef
SHA1:
a095cd59d2695c0e77a8ff353532af8264f30a22
SHA256:
6D54A6CAF7E651E74F91720C7D01223EFF42B3B8E88DC2333412796DC6DFF99C
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
b5168fa740f4a0602c94cdaea3afe0a9
SHA1:
f28b52720002df1118c2a0c6e12064b78c5aecb2
SHA256:
1D67C10AB6034D9BA886D212C0D1A499660DBAAFF722B7B3290402D3F08A0865
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
2b0ca5a73eca95eb019afc2c573e0fed
SHA1:
dd3f61ffafc9a2c1aaee7f46de085d09c2fdfa79
SHA256:
00651CF8D1D83E149AA313980EF0F3EE28BD682528CBE3C1E7DE1C786D93182D
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
72b4daa1a5ac00aef46f0383ad9f3e1f
SHA1:
7d482204f63348b063e974cee55634f1290fe927
SHA256:
1B724027108E60583DC06F7D61D1FFE204DBC06B22CCEA1B0CE9FF3B7FE5760D
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
09d8c46ae886ddddcd0ca12045b59805
SHA1:
2dc03f3b970c2dd985d334535d4beda37501ab5e
SHA256:
CF71F63C49D1E947573CC4B0F306DD3F00EE7CCECB96343CF2D0EFF929F15B71
File Size:
258.56 KB, 258560 bytes
|
|
MD5:
2b4740399ab50a0a46ec05aba1caa9b6
SHA1:
53b665aeee450cf8f4b1f203b50c41e29d049265
SHA256:
6E59E9EE64FE4A169BD0C415226B2DF824FF7C4EB99F9CDFEC2B7F1988F4E81B
File Size:
13.31 KB, 13312 bytes
|
|
MD5:
cf19d52a1d7075097d1745e4b824308b
SHA1:
5c110e9248acbd18fdc7373218bf9c5426e66b29
SHA256:
5606F8FA4A9109BB98D29DA58C684A8D50D672716158A03398DA9260D05487B3
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
262644f29e36b451e7089870790eca6a
SHA1:
aa39451bf81e3317efffc084cc8557cb5f0cb22c
SHA256:
E1BDB7F350A655ACCFAF7007668A0030FAE1880F44BE2D9E58F5966DC8201625
File Size:
53.25 KB, 53248 bytes
|
|
MD5:
64a4844e091493dc5e596ef88c525d82
SHA1:
447db80b33afe195fbc28e3bd9febd5183bf8fea
SHA256:
04BF95FD8BE1BC717D69445B310F35027FEBC8E08682D147D1F42102CA445D16
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
094dfeb4380296815e5c6f8f7bd071d4
SHA1:
c477c0450dcf2a18708578ee19f49a5e4d4bb140
SHA256:
A4710409AB7E1FF1C30F7451E22E742113D1F4313CC5AD49059A203C873F4AC6
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
4e53e0f203eb117e0ae503601a950aa9
SHA1:
4ba9757ecafad7f0ba75315f655d78eeea211aa4
SHA256:
07DE8765E164ED76DDA289B439BC0D5ADDA1C7A95E282253D419F11EEE4711C0
File Size:
8.19 KB, 8192 bytes
|
|
MD5:
35e789244e2ee8aceb097c38eab8e18f
SHA1:
b1a1c475a7d921a2d2caf901fe050596218a2799
SHA256:
0E715471091734853F091A9519D1AFD71FEF1EE03B417841ADE88127548967E2
File Size:
6.14 KB, 6144 bytes
|
|
MD5:
46327d5cda56cca969332e135494e66c
SHA1:
ac017930bd39188c62364551efc5fdea87267456
SHA256:
35931E62A438D387207C1E0C158C3855561A2BE9E2D741522451A532450EFCEA
File Size:
36.86 KB, 36864 bytes
|
|
MD5:
584edf9902d36342edbc4d322f6a6a8a
SHA1:
4633dabae4d026d8a03acf203b407c599f98c422
SHA256:
A27F21F23AD0ED4BE7B6285BD419A4714F0FCFEB0005B7BB4C362F817E86EAFE
File Size:
47.62 KB, 47616 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
Show More
|
| Original Filename |
Show More
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- dll
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 44 |
|---|---|
| Potentially Malicious Blocks: | 28 |
| Whitelisted Blocks: | 15 |
| Unknown Blocks: | 1 |
Visual Map
x
0
0
x
x
x
x
x
?
x
x
0
0
x
0
0
x
x
x
x
x
x
x
x
x
x
0
0
x
0
0
x
x
x
x
x
x
x
x
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Agent.ASF
- MSIL.Webshell.AA
- MSIL.Webshell.BD
- MSIL.Webshell.BT
- MSIL.Webshell.BV
Show More
- MSIL.Webshell.CB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
