Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.KillMBR.XB

Trojan.KillMBR.XB

By CagedTech in Trojans

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 17
First Seen: December 2, 2024
Last Seen: June 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.KillMBR.XB
Signature status: No Signature

Known Samples

MD5: 8708ae34abd3f25ea361433ecc007efd
SHA1: f612c9371817d6002b2078de4d8e2978544a6d2e
SHA256: F22D8A2297219101B806CE2F5190A3DA6CBFEFDE233EF3ED3D4FBF7B0F8B1621
File Size: 259.58 KB, 259584 bytes
MD5: 5a987e379ecabe4bc8dbf173b08e8817
SHA1: f65e4c1061c750cb6637aa06ed36f57b813bf24f
SHA256: 8CB0BDB77FA3226FB242BA593C5388D0A62A70D53ABD2A2DA23EDF26825F342F
File Size: 264.70 KB, 264704 bytes
MD5: b8e02395624309192141c7d596785e1d
SHA1: 700a55b92066a9786f1d55f452348232aeca483d
SHA256: 8CFC3DB6483EC68886A82012226A4359706D7332ADF9E41F63742A271AFF2B80
File Size: 2.11 MB, 2110976 bytes
MD5: 0b16c7232f7e4788de203cf333b8168e
SHA1: b36396de66da3c482ab2a94fab425f8ce9f2aa5c
SHA256: 461C26464C028893E8502DB044C554E93E31CAD9B26519DD79427121C910BD74
File Size: 1.71 MB, 1710729 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name Microsoft Corporation
File Description Scripted Diagnostics Native Host Setup
Product Name Scripted Diagnostics Native Host
Product Version 10.0.14393.0 (rs1_release.160715-1616)

File Traits

  • dll
  • fptable
  • HighEntropy
  • No Version Info
  • x86

Block Information

Similar Families

  • Chapak.HBK
  • Trojan.Agent.Gen.GS
  • Trojan.Kryptik.Gen.BQN

Files Modified

File Attributes
c:\users\user\appdata\local\is-cnbel.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ddp3d.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-r50c6.tmp\b36396de66da3c482ab2a94fab425f8ce9f2aa5c_0001710729.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\« Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\« Generic Write,Read Attributes
c:\users\user\appdata\local\temp\« Generic Write,Read Attributes,Delete,LEFT 262144
c:\users\user\appdata\local\temp\« Generic Write,Read Attributes,LEFT 262144
c:\users\user\appdata\local\temp\« Generic Write,Read Data,Read Attributes
Show More
c:\users\user\appdata\local\temp\« Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
c:\users\user\appdata\local\temp\« Generic Write,Read Data,Read Attributes,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �m�8�tX �� �v �Z ��T�������Bx�<#�#��$kF%�&� (�(X�)E*J*9*�"+�[1`1�1HO1�D9ߔ=�@V�A��G�IH[uH�pI��N$N�R20U_*Z^�_�z`�2a$b"hc�wc�zh�ri��j�bk`k�qk�8l(�lR o�q�XrnJr�B RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �m�8�tX �� �v �Z ��T�������Bx�<#�#��$kF%�&� (�(X�)E*J*9*�"+�[1`1�1HO1�D9ߔ=�@V�A��G�IH[uH�pI��N$N�R20U_*Z^�_�z`�2a$b"hc�wc�ze�vh�ri��j�bk`k�qk�8l(�lR o�q�XrnJ RegNtPreCreateKey
HKCU\software\microsoft\ctf\msutb::left RegNtPreCreateKey
HKCU\software\microsoft\ctf\msutb::top RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �m�8�tX �� �v �Z ��T�������Bx�<#�#��$kF%�&� (�(X�)E*J*9*�"+�[,=�1`1�1HO1�D9ߔ=�@V�A��G�IH[uH�pI��N$N�R20U_*Z^�_�z`�2a$b"hc�wc�ze�vh�ri��j�bk`k�qk�8l(�lR o�q�X RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �m�8�tX �� �v �Z ��T�������Bx�<#�#��$kF%�&� (�(X�)E*J*9*�"+�[,=�1`1�1HO1�D9ߔ=�@V�A��G�IH[uH�pI��N$N�R20U_*Z^�_�z`�2a$b"hc�wc�ze�vh�ri��j�bk`k�qk�8l(�lR o�q�X RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �m�8�tX �� �v �Z ��T�������Bx�<#�#��$kF%�&� (�(X�)E*J*9*�"+�[,=�1`1�1HO1�D9ߔ=�@V�A��G�IH[uH�pI��N$N�R20U_*Z^�_�z`�2a$b"hc�wc�ze��e�vh�ri��j�bk`k�qk�8l(�lR o� RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState

Shell Command Execution

"C:\Users\Veaoudbd\AppData\Local\Temp\is-R50C6.tmp\b36396de66da3c482ab2a94fab425f8ce9f2aa5c_0001710729.tmp" /SL5="$A0456,1015740,721408,c:\users\user\downloads\b36396de66da3c482ab2a94fab425f8ce9f2aa5c_0001710729"

Trending

Most Viewed

Loading...