Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.GenCBL.A

Trojan.GenCBL.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,303
Threat Level: 80 % (High)
Infected Computers: 376
First Seen: November 9, 2021
Last Seen: June 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.GenCBL.A
Signature status: Hash Mismatch

Known Samples

MD5: 24726441550f5b68db7d7c25a956980f
SHA1: 5711053c855447806561065e6ec48239288531cd
SHA256: CDE984E4C5851216FB06A2BD7EFB30DDE36C70E95D6B424374E158B1320DA5D8
File Size: 864.77 KB, 864768 bytes
MD5: b684be12db8abc72d7c5d9337137499b
SHA1: 3c548612d22d81b646492e2d2cda3fd8cc1ed642
SHA256: 5D0692C34511864E589EB865A838274E0F50B0E80533C24A275E5FFD647241AF
File Size: 1.21 MB, 1214976 bytes
MD5: 474a1512bea81bff6f45b9c811c4da93
SHA1: 789182366813b29c030741892fdb77488b4d04dd
SHA256: 09A5C04B70DAE618637219FFD126D58DE01BA97587AD02131A30C11237EF095F
File Size: 898.05 KB, 898048 bytes
MD5: db974ea2a410062c8bb64478e9ebbda7
SHA1: 8d84f701b7e1508f6cb7d1acc4e8eb5da1a06ec7
SHA256: 41951EB38C04D3A80D94E9B3EE6DC4B1EA562E15FD646538B42BC0CC5B5220B6
File Size: 1.16 MB, 1157120 bytes
MD5: fa1d5a675df0b5894034f3c9dd2fbcd6
SHA1: 471dd7ffe351326f8f81d5c7b16a79c52ee0d3e4
SHA256: A354228954AF54F86CFAAEB558F97D91E4C1A982C05336F2BAD5485B5A8565ED
File Size: 1.26 MB, 1261056 bytes
Show More
MD5: 1e43997231ce3581265ba03f95803122
SHA1: 61f1cccc53974fd04dd4d7759dc7061bbb045a5c
SHA256: 0807B1C8D92C67D76A8D02404073BE039D7230E5D2275182403057CCEFCCBDE7
File Size: 1.02 MB, 1021440 bytes
MD5: 4c62d50f520eee1be27d762100779fe6
SHA1: c692b67461d180d23af47b9dcdf732582d507ad3
SHA256: 2E2D49341D1A06B4ECCBBD7832C87DCCE2B1962F4A37E5D4E28ADEBF000EC3FD
File Size: 1.42 MB, 1421088 bytes
MD5: dfde2a890aececf3e7e1173f121e1fea
SHA1: b65f7a9c9aac5cf10b006f46dbaef9566bb7f3b9
SHA256: E8C929C3483AE157D6969CB65C902F70EBEA30AB71B59E7F62E64AA9107D3177
File Size: 1.40 MB, 1403680 bytes
MD5: 08a3dc798aa091a9437d7990f8629ec2
SHA1: 9133e42f538190a5e5016e86d2e8bc39a8db9c8a
SHA256: 2DC170392A2054A79D92A33DCCF5D06F2D5B67246E51A89C3B6062862062E191
File Size: 1.19 MB, 1186304 bytes
MD5: 62f37a08f420750623b450bdfded1c85
SHA1: 6e84b2f2a6a8079e86e02073488184be56a7aae0
SHA256: 6E5D8FB1D4A81080ACD011BD27B3CACD8762066DB19639A3A149D05E8F432675
File Size: 836.10 KB, 836096 bytes
MD5: 95ccfdeba8e532fdf6e1cc494a12de4d
SHA1: ea36129d1ffdf034203d4f3890c89a54cea7db64
SHA256: 322D312B2ABBB0DE17E13C2D7A940B8B0F5FBE99E98899521A6E0331DACE1CCE
File Size: 1.39 MB, 1385248 bytes
MD5: 572cb6c4165616776218386b831a1bbc
SHA1: ba8fd539f05be2b7829f246f30d2ef8ae69fe1d4
SHA256: 5757963CEE11C0698480A60291FA9CD8CBF0E2D60C39D1E9695EDF86C9A0C50C
File Size: 1.38 MB, 1376544 bytes
MD5: a3d8e01d5bde2e59df580065a28dc4b1
SHA1: 2f5cced4af8be7638161b1c1121ad9d45b219a9f
SHA256: A13741E36F47842FBE210DF2A6F25BBB5AF159FE98545AFE2779DC1EDAC77244
File Size: 1.20 MB, 1200128 bytes
MD5: 21bfd6224e3747ee578e65256915823e
SHA1: ba0d295ccd236e2ebf7c0f742b4f636b0852a5de
SHA256: 307CCDF5DDF086DBF17F17C7EE73540124946596DD301B53BA09DD3C93B61E89
File Size: 868.35 KB, 868352 bytes
MD5: ef0e776b36afd206950cb6c27a9773e3
SHA1: 76ecfb58b785bc2b4651088432e151d59f64bc75
SHA256: BFBBF94846BA624F09A80E0D858ECCC968420E0ECB4FBF3A95ED348BDFCF9433
File Size: 1.24 MB, 1242624 bytes
MD5: 61c644a3b0792959d570c7e43394dcd8
SHA1: 7c0b687d334d2594f6556757b8d75a19a353933b
SHA256: 4AB20DCE208EBCA2021A73475C3F35D4BB8507921BBEC205626B9F067895B97C
File Size: 1.10 MB, 1102848 bytes
MD5: ba3e969d8a68af32ac237b80032d6a66
SHA1: 832d4bc9ef87dd9d22d5656553cff3a6748ec972
SHA256: F1E0F3BA79BA53D5EE89E5D53F3A3A8124752BDF99705D4137242568CEFC0027
File Size: 1.33 MB, 1332736 bytes
MD5: f028cead1ccd4d94928a4c442df7a193
SHA1: fece035ad871918415f2c8b9c701072d9662e02f
SHA256: 7D93D59BE3CA30C7F031CD2DC64C2C955B0E0844BCEA2A408148E53FB31255F9
File Size: 1.34 MB, 1341440 bytes
MD5: 9774e43a34c78671a5e9a5f9fd53fcb3
SHA1: 256a47292795a6737b3923c7b1616ca3425a313a
SHA256: 3517BDE960C190D914396EA28E9EBEE972A0DBE050C929C046EF48CD974CB888
File Size: 1.21 MB, 1210368 bytes
MD5: 152fec83af40ce4dbdad4e3adcc38c4b
SHA1: 538e32860f0d0014fb40fd58531d9dee47c840b7
SHA256: 1704C6274FF146BB2C4E51DAB23BB223399670650A479B23AC307941D759DA1A
File Size: 1.34 MB, 1339904 bytes
MD5: 910658046e297995e47dd1d42d46f520
SHA1: 50ee2b65eff36e4ec4b52c894fbe59259f87438d
SHA256: 11AD8C1A04A914140E6F298002E8CF55CA50175EFDEDCE2FD8B64CB167E25E98
File Size: 1.34 MB, 1341440 bytes
MD5: 7947e9299b8ef8f39bd85481afb2bed9
SHA1: 4fe8303a74d65e726a373d87862a6c10ed79aeaa
SHA256: 839F9D8B30FFEE00AF86B550E099C777C8250D0EB94DCA9786BA82C431E74103
File Size: 1.28 MB, 1283584 bytes
MD5: 23849187b16c160ff2c50ee27f050fc0
SHA1: 83b3aa9eb58c64c7050a59db1caa688b77b0321a
SHA256: 987CB7027D334EF26E69E93670C4A821F3B590CBD4FBD80FA9F5846690629A66
File Size: 883.71 KB, 883712 bytes
MD5: 91bac2aae365cb11ed548183f65b2f9c
SHA1: fbe9b7e3d54e5fdc92613a955e0f6875e3eb950b
SHA256: BA90A1B3A1DEBDD51A422ABD69A0A2A94E61B1EAFE00AA6E580B6CF8D309BF0A
File Size: 1.18 MB, 1184256 bytes
MD5: e2430bb65a1291cbe68f2e44cb8c46cb
SHA1: 7fe72ceb27b7bf5daf46c25dc14fa6fc820b67d0
SHA256: AD861BAB957265B27BBD9B8F8FD9BD650AC9843ED0B05BE7F0D0B7ADB1A96F97
File Size: 1.42 MB, 1422624 bytes
MD5: ba410b9a332ee9e8e43a9ef94dc6b196
SHA1: a29bf1c2df800ef3447e996c7fae68470e95d0e4
SHA256: 1FDD76D59F30C92C328D47689E0F28931F8227819DD15058A96E61AEB584AA0A
File Size: 1.28 MB, 1280512 bytes
MD5: 3acf501e3f6b910ea42d62fffaca5176
SHA1: ecac53755ea1c6cda8009b121c92e08ff341363b
SHA256: 3E0D4C51B5C6F4C8B16D7F56F6DAF8556BD99FDCDC6B55B51BE40FE37675CD04
File Size: 1.40 MB, 1402696 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
OpenVPN Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Hugh Bailey DigiCert Trusted Root G4 Hash Mismatch

File Traits

  • dll
  • fptable
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 1,565
Potentially Malicious Blocks: 337
Whitelisted Blocks: 1,176
Unknown Blocks: 52

Visual Map

0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 ? 0 ? ? ? ? ? x ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? ? ? ? ? ? x ? ? ? ? 0 0 0 0 0 1 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x 0 0 0 0 0 x x x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x x x x x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x ? x x ? x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\btbfwbjkrkcooijeg.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fbbuwuucbindzfirmluyujt_fqrrjjzihjqurooxmjmojas.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\haoqgmkoutzdsxtctivtbiuzke.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hiuygehpsutiwgdhmicroemp.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hmolmdlihrzpfoqwgf_qofjqscwcunzpt.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ijvuohhsvocelyefsqmqr_rqmshuuozkynrxbtqaauu.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lscgujilvkzefejqvcrxc_cjrxwshwrbkkjiafestwucy.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\naclhrqqcvzqtfbrmsj.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nithcvwpsokntyefmqlmr.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ohpmmrlqkqlavxetmkbh.txt Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\test_11537.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_9614.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uezvmlomsnkljcxlmezk_zissjjhjglhkee.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uuebnoijkxhidlpe_ntuhqgdflrthkiqttzpxqop.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xfyioxchzigkevjnwaq.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\bpqggszqnktphbvapmotzl::wbmvombgtsgzlswtgjzy byoxDWkUglrjoEhY RegNtPreCreateKey
HKCU\software\eqlqfhmampqiargpp::dsjvis RegNtPreCreateKey
HKCU\software\ncxhhleigzxdaofxpog::dsjvis RegNtPreCreateKey
HKCU\software\vfsrhhmltgsmmtpvnnjzxm::dsjvis RegNtPreCreateKey
HKCU\software\amtghlpjqqqennqqafa::dsjvis RegNtPreCreateKey
HKCU\software\dbuvpqdakcbiyqiisfdzklhtii::dsjvis RegNtPreCreateKey
HKCU\software\lzgvpbstqbkayszvhjplabix::dsjvis RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...