Backdoor.PSW.Agent.CHG
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.PSW.Agent.CHG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
bff6a91e5a9d65fe7576cb074c97ef56
SHA1:
2be336a6d1f23f60c9f04dc2ad8b590bfda64925
File Size:
89.09 KB, 89088 bytes
|
|
MD5:
8575d87d98978c5eb8e52939f9dbf424
SHA1:
46b44a0b9c2b91a3ec788d2edf4de3623426cfc1
SHA256:
B4C23721E4F2E746F4601814DF07A99145D5F54559FAE9D4B58D4727357183A7
File Size:
94.21 KB, 94208 bytes
|
|
MD5:
63e45a8330e446c14bc68f90e0654fc3
SHA1:
6d294f116dc885beb7e71709030bc789df5a64b2
SHA256:
7ABB23F1AF4DE43F9E04BED4E534F4D2367D83B38FDCF3F083551493D9361B4D
File Size:
89.09 KB, 89088 bytes
|
|
MD5:
fc7d98f8130d9a711e9a536309cc19d4
SHA1:
15eff1f3ea82ef85e647367189170350a32470ab
SHA256:
385B55AEC72B8C2DA8632B8B128C9DEC44DF8DC017A1730EDB99AAFE9CAD2792
File Size:
89.09 KB, 89088 bytes
|
|
MD5:
4bc9796527b80cbc9d7d31ebfa659601
SHA1:
4262216cbbe0300760382f385fa380e0c067bb9e
SHA256:
AA20F26BAE240FD10748B851C30B7D7BADAFF683915FC75AE67B2C36EC146C34
File Size:
94.21 KB, 94208 bytes
|
Show More
|
MD5:
6d57fad406a1563bc07bac2c7b523e3e
SHA1:
2cd5862d68a39d32f9cf834503639a8f96c0c8eb
SHA256:
FEB6E09D9C3E792766EA7E679130996F4E5FA5CFF9C87F48F06126B9933A3832
File Size:
94.21 KB, 94208 bytes
|
|
MD5:
166831125841c5e917b7563c5d5051dd
SHA1:
9707ffc9707b2489f00041b0aeeeb5745aa81722
SHA256:
E1B957A7AED574DE95BCAD77251FF30C1D80B10ED6248057B84078057E6F920D
File Size:
94.21 KB, 94208 bytes
|
|
MD5:
fcebdb2c568ba9e049efc4c134ef46cb
SHA1:
3ab18118f03ea8df5225da6e8b8b7672e0d193d5
SHA256:
5ED9C7CAA9D68D32A89E92737A6315C2F88E80F774F1A931576D676911695BBF
File Size:
94.21 KB, 94208 bytes
|
|
MD5:
822f9803788eb3be0d93974e50eee3da
SHA1:
07903b243d4b8cef387cf012aedae18034d2c333
SHA256:
292E2598D5C79058EABDA41F3604316D4820EB6922B9DE0186FDF676A3025D2A
File Size:
94.21 KB, 94208 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 203 |
|---|---|
| Potentially Malicious Blocks: | 26 |
| Whitelisted Blocks: | 177 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
0
x
0
0
x
x
x
x
0
0
x
x
x
x
0
x
x
0
0
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
1
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
1
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- PSW.Agent.CHG
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\downloads\error_log.txt | Generic Write,Read Attributes |
| c:\users\user\downloads\info_log.txt | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Other Suspicious |
|
