Trojan.Nitol.BE

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Nitol.BE
Packers:	UPX
Signature status:	No Signature

Known Samples

MD5: a5c6d07497c14179c5613f6c3fcff382

SHA1: 3d217385352d09ea7e91f6830d6b34ed77408e91

SHA256: E8BA043E63E49E7D41CE2BE7E6C7B017BE7AA93AC07471043EB5A7858B7542BA

File Size: 143.32 KB, 143324 bytes

MD5: ff6c1c3d0bd64e9c6041c1edaeedf5d2

SHA1: 2cfd51c47f0e128cacf61b019a71a75975461b31

SHA256: BF0D704EFD2F5F18BECF8BE5A4C37A56FDA538612CF64D2E9B7358C21F4C4430

File Size: 27.56 KB, 27560 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Company ''Moevot''
File Description	IcoFX 2.10 Rus (x86)
File Version	1.3.0.7100
Internal Name	IcoFX Rus
Legal Copyright	Copyright © 2015 Moevot T.E.A.M
Original Filename	IcoFX.v.2.10.rus.exe
Private Build	13 January, 2015
Product Name	7-Zip SFX
Product Version	1.4.0.3800

File Traits

No Version Info
packed
x86

Block Information

Total Blocks:	32
Potentially Malicious Blocks:	22
Whitelisted Blocks:	10
Unknown Blocks:	0

Visual Map

x x x x x x x 0 x x x x x x x x x x x 0 x x 0 x 0 x 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.BKJ
Agent.KD
Nitol.BE
Startun.B

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\icofx.v.2.10_rus_x64	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\icofx.v.2.10_rus_x64\icofx_rus.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\icofx.v.2.10_rus_x64\icofx_rus.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\icofx.v.2.10_rus_x86	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\icofx.v.2.10_rus_x86\icofx_rus.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\icofx.v.2.10_rus_x86\icofx_rus.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pwaa274.tmp\language.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pwaa274.tmp\update.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pwaec2.tmp\language.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pwaec2.tmp\update.ini	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation

Shell Command Execution


							(NULL) IcoFX.v.2.10_rus_x64\IcoFX_rus.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Nitol.BE

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Win32.Autoit.aks

Traffic-media.co

Hacktool.MSIL.TelegramHack.S

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...