Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Scar.E

Trojan.Scar.E

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 23,036
Threat Level: 90 % (High)
Infected Computers: 69
First Seen: July 24, 2009
Last Seen: February 2, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Panda Trj/Pintxatore.AB
Fortinet Dial/258
eWido Downloader.Agent.mk
eTrust-Vet Win32/Bomod.A
CAT-QuickHeal TrojanDownloader.Agent.mk
BitDefender Trojan.Downloader.Agent.MK
AVG Downloader.Agent.RT
Authentium W32/Agent.NE
AntiVir TR/Dldr.Agent.MK
Symantec Dialer.DialPlatform
Sunbelt Trojan-Downloader.Agent.BHOmod
Sophos Troj/Ogom-A
Panda Dialer.AVV
Microsoft TrojanDownloader:Win32/Agent.BHOmod
McAfee potentially unwanted program Dialer-258

SpyHunter Detects & Remove Trojan.Scar.E

File System Details

Trojan.Scar.E may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. bhomod00.dll 27ef4a58c715efb8fc10702c48585f07 0
2. BHOmod.dll 53f7d8bd780de508d202185a441ef0c7 0

Analysis Report

General information

Family Name: Trojan.Scar.E
Signature status: No Signature

Known Samples

MD5: df4f82142f3b04ae56992876010e1980
SHA1: 7166dcc183500766f2d1669c505833f6bf2da025
SHA256: 755ACB1FB5A7B4DA141E0DF62E3ABBBD674F87F724731B0F59CCE33DF337B0FD
File Size: 16.38 KB, 16384 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • No Version Info
  • x86

Block Information

Total Blocks: 37
Potentially Malicious Blocks: 30
Whitelisted Blocks: 7
Unknown Blocks: 0

Visual Map

0 x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 x 2 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Scar.E

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\stddc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\stddc.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\run::{88b5ac7 C:\ProgramData\stddc.exe /r RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闵ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃龡^濖̃賬̃4獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeఆ엦1"¶i ꙥžr֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
  • OpenClipboard
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winhttp
  • WinHttpOpen

Trending

Most Viewed

Loading...