Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Ulise.AJ

Trojan.Ulise.AJ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 23,644
Threat Level: 80 % (High)
Infected Computers: 1
First Seen: September 16, 2021
Last Seen: November 26, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Ulise.AJ
Packers: UPX x64
Signature status: No Signature

Known Samples

MD5: 889206fb0b9c9471fc03ffcec7913577
SHA1: 80ab2dc6d33c9f9b2140312d4fdf65ee3aee083e
SHA256: A6DB3CD3CAA9C483EB8FB910D7E6D2513C84523B8170DAE17E5E4933ED736AA8
File Size: 46.94 KB, 46936 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Microsoft Corporation
File Description Microsoft Windows Spooler
File Version 4.0.0.0
Internal Name Server
Legal Copyright © Microsoft Corporation. All rights reserved.
Original Filename Server.exe
Product Version 4.0.0

File Traits

  • packed
  • x64

Block Information

Total Blocks: 441
Potentially Malicious Blocks: 62
Whitelisted Blocks: 379
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 1 0 x 0 0 0 0 1 x 0 0 0 0 0 1 x 0 0 1 0 x 0 0 0 0 0 1 x 0 0 0 0 x 0 0 1 x 0 1 x 0 1 x 0 0 0 0 x x 0 0 1 0 x 0 1 x x x 0 1 x x 0 0 0 x x x x x x 0 x 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x x x 0 0 0 x 0 x 0 x 0 x 0 x x 0 x x 0 x 0 x 0 x 0 1 0 x x x x x x x 0 x 0 0 0 0 0 x x x 0 0 x 0 x 0 x 0 0 x 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Ulise.AJ
  • Vemptik.A

Files Modified

File Attributes
c:\autorun.inf Generic Write,Read Attributes
c:\recycle.bin Synchronize,Write Attributes
c:\recycle.bin\rundll32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\recycle.bin\rundll32.exe Generic Write,Read Attributes
c:\recycle.bin\rundll32.exe Generic Write,Read Attributes,Delete,LEFT 262144
c:\recycle.bin\rundll32.exe Generic Write,Read Attributes,LEFT 262144
c:\recycle.bin\rundll32.exe Generic Write,Read Data,Read Attributes
c:\recycle.bin\rundll32.exe Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
c:\recycle.bin\rundll32.exe Generic Write,Read Data,Read Attributes,LEFT 262144
c:\recycle.bin\rundll32.exe Synchronize,Write Attributes
Show More
c:\users\winlogon.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\winlogon.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\system\currentcontrolset\control\terminal server::fdenytsconnections RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::explorer C:\Users\winlogon.exe RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
Show More
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
User Data Access
  • GetUserName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Service Control
  • OpenSCManager
  • OpenService
  • StartService
Network Winsock2
  • WSASocket
  • WSAStartup
Network Winsock
  • bind

Shell Command Execution

C:\Users\winlogon.exe
open net.exe user Wbcetesj Arashjeyjey

Trending

Most Viewed

Loading...