Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Adload.A

Trojan.MSIL.Adload.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,105
Threat Level: 80 % (High)
Infected Computers: 88
First Seen: August 12, 2024
Last Seen: November 24, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Adload.A
Signature status: Self Signed

Known Samples

MD5: 6b74be474b6a059420a1c2d59a2017a8
SHA1: eadf1736be86725810b38ff9a3c8573110434ef2
SHA256: 3607E732F195DBBDFB971DB158C8046436813EE581327281259FD0850D3DA721
File Size: 632.26 KB, 632264 bytes
MD5: 77533b422b63627b2fbb4abba77bbdeb
SHA1: 94f2dac0c66d1847c4aa9e3640cb58359c464f3a
SHA256: CFD1D2A22A607E444C9A258477CE22140C9F96AE09BBF7CC970420C540A74FE0
File Size: 636.87 KB, 636872 bytes
MD5: 239a1e77170d682217ce78a501598aca
SHA1: 855ac13000f5cfa05868e04c2565cff7d2ca28d8
SHA256: F148E0A3850AE7AB26661400CD78D71EF933D986301C2659B26A9835EB8524AE
File Size: 624.58 KB, 624584 bytes
MD5: c6b3ea89549df84dc8fe60cbb1d7ad0b
SHA1: d1c2d05b1daa81d4e31445f8e637e0155958eabe
SHA256: A3EDA506271E9ACFBE03A8C826191C6A56285354415017A836961D16E17E7720
File Size: 618.95 KB, 618952 bytes
MD5: 19a6eaf01e12f917c1f0270b446b2785
SHA1: 34c893ccc13b96eee48d2073600297bcaf28eb26
SHA256: 03C1B02CE0F3334C06FFF1FBB8AF0ACEA954E5323BF0F7519C5F625DE06ED215
File Size: 255.94 KB, 255944 bytes
Show More
MD5: f27d0c97e72db61d06f9ed861db1ec2a
SHA1: d563d28c6209bbc07bf4ea8fd35a905058653535
SHA256: 3F345A33BE9653F0DC6919746E0F1D047F3492516AF0531EB41C425E94077146
File Size: 67.53 KB, 67528 bytes
MD5: 0552730d51d00ca37d66ba65c642cdc0
SHA1: deb777aa66c93b4cdf67e89d3b2a5beff978e597
SHA256: 7C8A1F57CB9482A9D728F377E1F104D1A4ADAF5F909E22079F48895174A0C219
File Size: 625.61 KB, 625608 bytes
MD5: b1653e58866e3b120721893b556d74f6
SHA1: 79529ded87e2f44b65ad215ad8afaa6531ef1c12
SHA256: 4FCA8793E19061F6FCF7493CBADB9C7734D29E6D126F202DCC2D70FF45AB1575
File Size: 676.30 KB, 676296 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.7.0.0
  • 1.6.6.0
  • 1.6.4.0
  • 1.6.3.0
  • 1.6.2.0
  • 1.5.3.0
  • 1.5.0.0
  • 1.0.0.0
Comments
  • Check update for select programs
  • Install any useful software with a single click
Company Name ROSTPAY LTD
File Description
  • installer
  • ZipSoft
  • ZipSoft update checker
File Version
  • 1.7.0.0
  • 1.6.6.0
  • 1.6.4.0
  • 1.6.3.0
  • 1.6.2.0
  • 1.5.3.0
  • 1.5.0.0
  • 1.0.0.0
Internal Name
  • installer.exe
  • ZipSoft.exe
  • ZipSoftUpdateChecker.exe
Legal Copyright
  • Copyright © 2024
  • © ROSTPAY LTD. All rights reserved.
Original Filename
  • installer.exe
  • ZipSoft.exe
  • ZipSoftUpdateChecker.exe
Product Name
  • installer
  • ZipSoft
Product Version
  • 1.7.0.0
  • 1.6.6.0
  • 1.6.4.0
  • 1.6.3.0
  • 1.6.2.0
  • 1.5.3.0
  • 1.5.0.0
  • 1.0.0.0

Digital Signatures

Signer Root Status
ROSTPAY LLC GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed

File Traits

  • .NET
  • HighEntropy
  • Installer Version
  • x86

Block Information

Total Blocks: 567
Potentially Malicious Blocks: 202
Whitelisted Blocks: 350
Unknown Blocks: 15

Visual Map

0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x 0 x 0 0 x x 0 x ? ? x ? x x 0 0 x x x x x x x x x 0 0 0 0 x x x x x 0 0 0 x 0 0 0 0 x x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 0 x x 0 0 x 0 x 0 x 0 x x x 0 0 x 0 0 x 0 0 0 0 0 x x x 0 0 0 0 0 0 ? x ? x 0 x 0 x x ? 0 x 0 0 0 0 0 x x x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 ? x x ? x x x x x x 0 x 0 0 0 0 0 0 0 0 x x x x x 0 x x x x 0 x 0 0 x x x x x x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 0 0 0 x x 0 x 0 0 0 x x 0 0 0 x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 x ? ? x 0 0 x x x x 0 x x x x 0 x x 0 x x x 0 x x x x x x x x x x 0 0 x x x 0 0 x x x 0 x x x x x x 0 ? 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x ? ? 0 0 0 0 x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 x 0 0 0 x x 0 0 x 0 0 0 x x 0 0 x x 0 x x 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 x 0 x 0 x 0 x 0 0 0 x 0 x 0 ? 0 x 0 0 0 x 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Adload.A

Registry Modifications

Key::Value Data API Name
HKCU\software\zipsoft::appid {a30c502e-6976-4743-b2ad-ac60ec003718} RegNtPreCreateKey
HKCU\software\zipsoft::arch 10.0/x64 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Network Winsock2
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • setsockopt
Network Winhttp
  • WinHttpOpen

Trending

Most Viewed

Loading...