Trojan.Starter

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	13,507
Threat Level:	80 % (High)
Infected Computers:	2,649

First Seen:	December 26, 2012
Last Seen:	January 22, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Generic5_c.BUGI
Ikarus	Trojan.Msil
Kaspersky	Trojan.MSIL.Inject.ahr
AVG	Generic30.CJIY
AhnLab-V3	Packed/Win32.Krap
Sophos	Mal/Steppa-A
AntiVir	TR/Spy.Ursnif.179
AhnLab-V3	Backdoor/Win32.ZAccess
Sophos	Mal/EncPk-ACO
Fortinet	Riskware/MultiPlug
Sophos	CNav
Avast	Win32:MultiPlug-K [PUP]
F-Prot	W32/Multiplug.A
K7AntiVirus	Adware
McAfee	Artemis!745397064717

SpyHunter Detects & Remove Trojan.Starter

File System Details

Trojan.Starter may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	audiodg.exe	737d1b59bc543833a30a4c6a4ccab6cb	623
Name: audiodg.exe MD5: 737d1b59bc543833a30a4c6a4ccab6cb Size: 1.17 MB (1173583 bytes) Detections: 623 Type: Executable File Path: %PROGRAMFILES%\MicrosoftCommon Group: Malware file Last Updated: August 5, 2016
2.	launch.exe	0e49c3f8d4b33e9afc98ab7b3ff207fc	137
Name: launch.exe MD5: 0e49c3f8d4b33e9afc98ab7b3ff207fc Size: 10.24 KB (10240 bytes) Detections: 137 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: July 29, 2016
3.	n.	5ff69a2f1d69a4cf760260dea0772d59	22
Name: n. MD5: 5ff69a2f1d69a4cf760260dea0772d59 Size: 60.92 KB (60928 bytes) Detections: 22 Path: %SystemDrive%\RECYCLER\S-1-5-21-2267124592-2548876506-1822121988-500\$a61c43844b1bc5e39b72432886d8f65c Group: Malware file Last Updated: January 5, 2013
4.	audiodgi.exe	e182d0f5381bd9dd6143fc43f3bca08c	19
Name: audiodgi.exe MD5: e182d0f5381bd9dd6143fc43f3bca08c Size: 8.7 KB (8704 bytes) Detections: 19 Type: Executable File Path: %TEMP%\Credentials Group: Malware file Last Updated: August 25, 2017
5.	mpk.exe	9789380e39d6ccf793db32decd365227	15
Name: mpk.exe MD5: 9789380e39d6ccf793db32decd365227 Size: 1.36 MB (1360152 bytes) Detections: 15 Type: Executable File Path: C:\windows\SysWOW64\MPK\mpk.exe Group: Malware file Last Updated: October 8, 2021
6.	spoolsc.exe	dd5bc40b3f34cc4732d67a20533884d3	8
Name: spoolsc.exe MD5: dd5bc40b3f34cc4732d67a20533884d3 Size: 8.7 KB (8704 bytes) Detections: 8 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: February 1, 2017
7.	d3dref9.exe	f19c8650145fb327f010c4a184ea925e	4
Name: d3dref9.exe MD5: f19c8650145fb327f010c4a184ea925e Size: 6.14 KB (6144 bytes) Detections: 4 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: March 21, 2013
8.	networkexplorer.exe	9437f7802453dfd98ff34779027ad4ea	3
Name: networkexplorer.exe MD5: 9437f7802453dfd98ff34779027ad4ea Size: 6.65 KB (6656 bytes) Detections: 3 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: December 26, 2012
9.	_prog.exe	484484a0bfb2b0c22102b51fb369a605	2
Name: _prog.exe MD5: 484484a0bfb2b0c22102b51fb369a605 Size: 5.6 MB (5604352 bytes) Detections: 2 Type: Executable File Path: C:\Archiv\Input-Programme\Perfect-Keyboard\(____) (23089_33824) - _Pitrinec Perfect (dArKwOLf\CRACK\_prog.exe Group: Malware file Last Updated: December 1, 2025
10.	usjgykyy.dll	c13b4bf1ccb3b3bfa363b30f9bf5c288	2
Name: usjgykyy.dll MD5: c13b4bf1ccb3b3bfa363b30f9bf5c288 Size: 326.65 KB (326656 bytes) Detections: 2 Type: Dynamic link library Path: %USERPROFILE%\Local Settings\Application Data\NCH Software Group: Malware file Last Updated: December 27, 2012
11.	usbnaw32.dll	dcddfccb55c670100212124c341fda52	1
Name: usbnaw32.dll MD5: dcddfccb55c670100212124c341fda52 Size: 156.67 KB (156672 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: December 27, 2012
12.	InfDions.dll	c31771c8827f120245f7aadce8712c58	1
Name: InfDions.dll MD5: c31771c8827f120245f7aadce8712c58 Size: 62.46 KB (62464 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR% Group: Malware file Last Updated: December 27, 2012

More files

Registry Details

Trojan.Starter may create the following registry entry or registry entries:

Regexp file mask

%APPDATA%\Microsoft assistencia e servicos do windows.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Servico de assistencia da microsoft.exe

%APPDATA%\sqlwriter32.exe

Analysis Report

General information

Family Name:	Trojan.Starter
Packers:	UPX
Signature status:	No Signature

Known Samples

MD5: 10e0616ea0357f6c8b6054b8dbbda3df

SHA1: 1fb242bfa481798b0468c35aa8b0f15423b768e3

SHA256: D8AFD14F6B9FBE489F9C77727E0443583E3D7C8729761DD7B019B928FDF6169D

File Size: 455.17 KB, 455168 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is Native application (NOT .NET application)

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

2+ executable sections
No Version Info
packed
x86

Block Information

Total Blocks:	164
Potentially Malicious Blocks:	0
Whitelisted Blocks:	164
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

HackKMS.TC
Lamer.CA
Lamer.CB
Lamer.E
St0rm.A

Wpakill.A

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\c44f.tmp\dropc.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey

HKCU\software\microsoft\edge\elfbeacon::version	144.0.3719.82	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeleteValueKey Show More ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetValueKey ntdll.dll!NtTestAlert ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWriteFile UNKNOWN

Shell Command Execution


							"\C44F.tmp\dropc.bat"


							"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://www.firetecnology.com/

Trojan.Starter

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan.Starter

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed