Virus.MSIL.Agent.JP

By CagedTech in Viruses

Threat Scorecard

Popularity Rank:	18,591
Threat Level:	80 % (High)
Infected Computers:	10

First Seen:	July 22, 2024
Last Seen:	September 27, 2025
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Virus.MSIL.Agent.JP
Packers:	UPX
Signature status:	No Signature

Known Samples

MD5: d50e28dca446dd95516c71626c3da44e

SHA1: 3b96ad3a1af6609a65c7336d9861f6c58b4bf046

SHA256: 106BF2DC8DAB8CA0B48603028E938C6BC27CB08EBF1F96877CD4DEFB116F33E5

File Size: 3.44 MB, 3442659 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	原创整合By→小鱼儿yr
File Description	小鱼儿yr系统www.yrxitong.com
File Version	1.1
Legal Copyright	©2018-2023 yrxitong.com 版权所有
Product Version	1.1

File Traits

.NET
CreateThread
Installer Version
x86

Files Modified

File	Attributes
\device\namedpipe\pecmd_exec_3735240864	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_462981959	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~3620761739353362040~	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~3620761739353362040~\7z.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~3620761739353362040~\lang\zh-cn.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~3620761739353362040~\lang\zh-tw.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~3620761739353362040~\sg.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\(&x}windows defender\1 síöý¤2á9ý¤ ®.bat	Generic Write,Read Attributes
c:\(&x}windows defender\2 (x}windows defender.exe	Generic Write,Read Attributes
c:\(&x}windows defender\2 (x}windows defender.exe	Synchronize,Write Attributes

c:\(&x}windows defender\defenderremover.exe	Generic Write,Read Attributes
c:\(&x}windows defender\defenderremover.exe	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	癊巖⿝ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	흵巘⿝ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap 64 additional items are not displayed above.
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Terminate	TerminateProcess
Keyboard Access	GetKeyboardState GetKeyState

Shell Command Execution


							cmd.exe /c set


							C:\Users\Ostbtijy\AppData\Local\Temp\~3620761739353362040~\sg.tmp 7zG_exe x "c:\users\user\downloads\3b96ad3a1af6609a65c7336d9861f6c58b4bf046_0003442659" -y -aoa -o"C:\禁用&卸载Windows Defender"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Virus.MSIL.Agent.JP

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

TechBrowser

Sns Ransomware

Acreed Stealer

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen