Backdoor.Agent.DEAB
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 3,589 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 205 |
| First Seen: | October 16, 2024 |
| Last Seen: | April 19, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.Agent.DEAB |
|---|---|
| Signature status: | Hash Mismatch |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
610eba23f7de9cd3cb901b0f5bb2eddd
SHA1:
7ecd3438292a2395055ef6a9d0c3fddd6739e852
File Size:
3.37 MB, 3368208 bytes
|
|
MD5:
cb750dd6759d5f992af1e2426a4c64c1
SHA1:
f8234fe3cb152e474ed181895b1606e414dc06b8
SHA256:
B123175D9B161FFEC0F13F633DD240405BB86A3A09C78E84289B959562892826
File Size:
2.66 MB, 2655744 bytes
|
|
MD5:
857ca1695bba5e7bf19c76fb1a90ef99
SHA1:
5071165c33f17f79a63accb7e7a0a027af64d425
SHA256:
6F3BA830B25AE1B9083B3E543AF1AA41EA85F4D544E08E052B87BB22D176F314
File Size:
2.86 MB, 2860032 bytes
|
|
MD5:
88abeb16603a5085a44395496534edbb
SHA1:
04bbab6c9ab16ebe0578d332c03aae8d871f9725
SHA256:
A7B40CD43C8D9AA6619F808DAE6C92282810AFAAAF2476FB3B3FBFE687E2385F
File Size:
2.67 MB, 2673104 bytes
|
|
MD5:
f2f03c7fea44dfa7f7f0973e49c6cf2d
SHA1:
af85be5191cfeb6f971d2499d435ba5df3ae46a4
SHA256:
27F77BDB4A617C5D110A22E4206C073F8C8512CEFB84B3805D4B16907A509AB5
File Size:
2.66 MB, 2658816 bytes
|
Show More
|
MD5:
904e824c0f2538d4c239aef891202342
SHA1:
f6bb6369a11520e0bcc8ff260b4032ccc6bda9e4
SHA256:
59E2A58B4D937AB86C9A5E2656E98BCFED0C065950A52319565F63D788288A51
File Size:
3.02 MB, 3019776 bytes
|
|
MD5:
84024b819dc53969ed871c9ca8c6cdd9
SHA1:
b6a37f37bf9e0358ab169484b7f6a9428353f42e
SHA256:
62278E95C15F64BC2B22E6667A5C413D40EDA16F2FE161EADD29B48AF20A5C26
File Size:
2.68 MB, 2678744 bytes
|
|
MD5:
3e3132222e4e2bf9b9a51a0ae54aed35
SHA1:
b2e74688f1bcd50117de8d23db4840627f9609d0
SHA256:
D0A4171468EE4F12D0FAB6428E0F850A3F77AF6DDD10843DCE593A79DB4BCDF1
File Size:
2.87 MB, 2871808 bytes
|
|
MD5:
8fd3dfda7c3568a7e7dedce7e716f75e
SHA1:
ddf7ac622b0743eef2c6bd25d8cb0fdf4d55c456
SHA256:
78AF330887770EA0EF4C274823AC16B9FCC185F23146C79F2BB683F95D3708E9
File Size:
2.70 MB, 2700744 bytes
|
|
MD5:
148d91783505a74bc32470efe1efd386
SHA1:
d714785e4a331afc6e1dae3c1f6b83afc7e4c2a4
SHA256:
213E1C6F0E6E6A2A42A54776D52446EDE9333196104ADD79871E3AD057CAB1BC
File Size:
2.69 MB, 2686104 bytes
|
|
MD5:
a9938f1a896384b4b51563d624893b65
SHA1:
790581ea0bfcd2b562e7fee4139e67efb6ed003f
SHA256:
3CC8D7250AA40CA36E876736AD9466B06900D7B821EEC9C48875A402FC7384F6
File Size:
2.68 MB, 2680400 bytes
|
|
MD5:
112b14e0e147edb46fc48e6b451a9d96
SHA1:
204997e2c14276e5424b32c5acfd4760b96fdbd0
SHA256:
F4DC060BF6149204D0F4917C7F24DF28BF3F4D647236DC17A7C28D98E8B5F800
File Size:
2.68 MB, 2679888 bytes
|
|
MD5:
496a9cab99d90994830f6195fd5acb14
SHA1:
b88bf927b77c9173a38c248d728a313d27c17f77
SHA256:
69CFEFF53D552FBCC40700B73462DCE7B0E02BEC97ECB965BC439ACC7E19D8F4
File Size:
2.68 MB, 2679888 bytes
|
|
MD5:
c51f2147a179f595ea85a8ce832a03d6
SHA1:
91aa50bea3be50bceeee837eb2745775ce7dc331
SHA256:
5568F7F7115799B818405A02C4DCAC2C40E2A13756EB4223C457F0529F85F4DC
File Size:
2.68 MB, 2679888 bytes
|
|
MD5:
5af0b4c6e3ce8c144370d19299194a19
SHA1:
a8ccd23232e7ef44e515a094a295b429e8efd5c8
SHA256:
934D978C8F65306927BE94CC05DC9F8BD4BA2551FF0B3B9E3850B51BD9C812A6
File Size:
2.67 MB, 2673232 bytes
|
|
MD5:
ee76b22a00f7e7de0ca6f7476bc83228
SHA1:
c52f35f3d54df7d5c06fad54848e5757e516b309
SHA256:
8C4A70892DC3BFD317FA356AC43235217A6EF5E5319F8A0402D016FD19AFD9AB
File Size:
2.69 MB, 2685560 bytes
|
|
MD5:
c34735210a1e68cb77eece3270cb5e89
SHA1:
386ab8935288f32a2791a62f22197fc63c386dff
SHA256:
2B996B195B7A5ACD775BAC6F9EA37E27471778B2CB33ED24BBFE6411BD13ABAB
File Size:
2.65 MB, 2649600 bytes
|
|
MD5:
cf655428124450421372a1483f68c04d
SHA1:
44cd56fabc2b02cf04df82d45ab2805387c3650f
SHA256:
610363145DBC3CF90A618DBE2CAB03010E6187BABEB502CC4CD099319C7625E9
File Size:
2.69 MB, 2693240 bytes
|
|
MD5:
690b553e50e6074c19ae699a2efd8078
SHA1:
6bf20227d69b708f4f55aaa7c10c59785bebcd90
SHA256:
091CD59E873E87277389DFFF57CE63D78C5FF20F4EB8815A9ABA0DCDB7EFA023
File Size:
2.87 MB, 2867712 bytes
|
|
MD5:
e0e3d80ea4dfca1749909dcc382f2629
SHA1:
8cdc6d239a249516351fe378a222b354bf06e9a9
SHA256:
B8F9B759640EFFBE4DAF49707912F6A19FBF5FB5399AA9FF6CDE2687B73A088F
File Size:
2.68 MB, 2681440 bytes
|
|
MD5:
40440dd3b2502787ae85ca70b2a37eb1
SHA1:
82b724b57fcd33b11aff296b5d5d10ee5ecd7999
SHA256:
A343B3A16C37C1E094A378D6557598C566294BE9B9E98514BE8F0D42CACD4D3F
File Size:
2.69 MB, 2691432 bytes
|
|
MD5:
56a8a92616aed196c936c0f16f9231f1
SHA1:
89d7e68c9caed3706e5ffd0af82727abea586955
SHA256:
0737641953A86E1BF9C0933577377C98E62808A307155821E126ABFD2349D228
File Size:
2.68 MB, 2677720 bytes
|
|
MD5:
c85d70577cb92850082a34ff31da7920
SHA1:
c71ee2b4f8b1098efa1e6531bc4b34fc39d29ba0
SHA256:
0BFDA1E615D230F01F3CB5844187250FA2ABA3D8118E927390775A5B7B286645
File Size:
2.88 MB, 2875904 bytes
|
|
MD5:
94886337ea1a67051de43671ba136e08
SHA1:
043df82a12a212944fcbb2d45635efecb1fe2e40
SHA256:
B1ED4FFBC85999E3421703B8597B12EF90F5FA70A9E95F91AD8F6F74ED6FF4D7
File Size:
2.88 MB, 2875904 bytes
|
|
MD5:
7fdee4758878587e7b6b6eef5434bda3
SHA1:
bea11c9e9ae933a8cb0412ee58b42053b4d04451
SHA256:
E0B478246B39C3A46D3D8A558FDC17B5618E616A53499A2219468BA496B898D6
File Size:
3.22 MB, 3218528 bytes
|
|
MD5:
9f13044946ca0fc856482d02ccbfdb96
SHA1:
8b304349a956d75f4b4c0bec5c5cb51e4b388d4a
SHA256:
5152B76C1D20CEF562479DF20BF3174DD50332E6EB1595E1BBDACEA0D8E16E0E
File Size:
3.02 MB, 3019776 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Title |
|
| File Version |
|
| Legal Copyright |
|
| Legal Trademark |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Figma, Inc. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| Rockstar Games, Inc. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| Swift Media Entertainment, Inc. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| Valve Corp. | DigiCert Trusted Root G4 | Hash Mismatch |
| Flipper Devices Inc. | Flipper Devices Inc. | Hash Mismatch |
Show More
| MICRO-STAR INTERNATIONAL CO., LTD. | GlobalSign GCC R45 EV CodeSigning CA 2020 | Hash Mismatch |
| Microsoft Corporation | Microsoft Code Signing PCA | Hash Mismatch |
| Microsoft Corporation | Microsoft Code Signing PCA 2011 | Hash Mismatch |
| SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO., LTD. | USERTrust RSA Certification Authority | Hash Mismatch |
File Traits
- HighEntropy
- Installer Version
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 109 |
|---|---|
| Potentially Malicious Blocks: | 44 |
| Whitelisted Blocks: | 65 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
x
x
0
x
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
x
0
x
x
0
x
x
0
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CobaltStrike.TQ
- Kryptik.UGB
- Spyloader.M
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
8 additional items are not displayed above. |
