Backdoor.Agent.RC2Gen
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 15,196 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 1,806 |
| First Seen: | August 15, 2012 |
| Last Seen: | February 2, 2026 |
| OS(es) Affected: | Windows |
Backdoor.Agent.RC2Gen is a dangerous backdoor Trojan that lawbreakers can use to obtain unauthorized access to a computer. These kinds of Trojans are typically distributed via malicious email attachments and embedded links leading to attack websites. Like most Trojans, Backdoor.Agent.RC2Gen usually needs the victims themselves to download and install this threat, which is usually disguised as a harmless file. One of the main dangers of a Backdoor.Agent.RC2Gen infection is that Backdoor.Agent.RC2Gen exhibits no symptoms. Because of this, Backdoor.Agent.RC2Gen may remain on an infected computer for a long time before the victim notices there is a problem. To make sure that you can stop a Backdoor.Agent.RC2Gen infection before criminals attack your computer further, ESG security researchers advise keeping your security software constantly updated and running full scans of your computer periodically.
Table of Contents
The Relationship Between Backdoor.Agent.RC2Gen and other Backdoor Trojans
Backdoor.Agent.RC2Gen is referred to as a backdoor Trojan because Backdoor.Agent.RC2Gen establishes an unauthorized opening in the infected computer's security protection. This opening actslike an unlocked, unguarded backdoor. Much like a burglar can gain unauthorized access to a building using this backdoor, a criminal can gain unauthorized access to a computer through this digital backdoor. Criminals can use this advantage to cause destruction on an infected computer. Backdoor.Agent.RC2Gen and other backdoor Trojans can be used to relay information on the infected computer to a third part as well as to steal information from the infected computer. More commonly, a criminal can use Backdoor.Agent.RC2Gen to install other malware on the infected computers. These malware threats can range from scamware and ransomware that try to coerce the victims directly in order to steal their money to other Trojans and rootkits that monitor the infected computer's activity and relay it to a third party.
Preventing a Backdoor.Agent.RC2Gen Infection
There are two things that computer security researchers should do in order to prevent Backdoor.Agent.RC2Gen infections:
- Make sure that your computer is protected with the best anti-malware and firewall available. Also make sure that your security software is updated periodically so that it will remain effective.
- Take extra care when browsing the Internet, especially clicking on unknown links or downloading unknown files. In general, it is recommended to stay away from websites that are unsafe (such as pornographic websites or web pages containing pirated media or software).
Analysis Report
General information
| Family Name: | Trojan.Renamer.D |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
ac672ab2f6765cc8ac330a828da54103
SHA1:
0b82685c52bad8aafec06ffdfafda28b91d7955c
File Size:
844.29 KB, 844288 bytes
|
|
MD5:
030e88808ee2ab534f910ae288af433a
SHA1:
52f91368ffab3093c050fd2becb5702cc075afcf
SHA256:
7E7DDCD7094EA3D1AA7668DF89F76D5A834761CD35B9EA2283240D0ADDC241A8
File Size:
844.29 KB, 844288 bytes
|
|
MD5:
6d82fd9923949900da6a34f8774592d0
SHA1:
d271eb8de690102d3a8edf8acd9617e191181dd2
SHA256:
48B9014E51F31B07DEB1DDAC6D4071BDF97925DED4ABDD4BF1EF92EF49EBFBDE
File Size:
844.29 KB, 844288 bytes
|
|
MD5:
950a808a934c0f0a6c6bf5e9b01ceb1e
SHA1:
8c0856ed369cbfa48826d766349339024bc05343
SHA256:
D399047A7DC49B15832CD7E3EA3A44F201B8C8744ADC804D0CC0B43DD3F417D1
File Size:
844.29 KB, 844288 bytes
|
|
MD5:
63afa479e7788e4f3453c2c5d4be9e15
SHA1:
2486f7980a1abc83304ffd198cd3f4177f20e4a5
SHA256:
FDAD86572C2D63E9FBE96D1C7FC02FA5D5972189068D267D896D90982A4A9F28
File Size:
844.29 KB, 844288 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- 2+ executable sections
- No Version Info
- VirtualQueryEx
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,697 |
|---|---|
| Potentially Malicious Blocks: | 28 |
| Whitelisted Blocks: | 2,669 |
| Unknown Blocks: | 0 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Gamehack.BSB
- Qhost.MA
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\roaming\paint.exe | Generic Read,Write Data,Write Attributes,Write extended,Append data |
