Trojan.Agent

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	536
Threat Level:	90 % (High)
Infected Computers:	61,143

First Seen:	July 24, 2009
Last Seen:	May 15, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AntiVir	TR/Agent.376832.X
eSafe	Win32.TRAgent.X
McAfee	Artemis!34F4E7FDC6C7
Kaspersky	HEUR:Trojan-Downloader.Win32.Generic
Avast	NSIS:Downloader-LC
NOD32	NSIS/TrojanDownloader.Agent.NFS
Panda	Trj/Autorun.H
AVG	BackDoor.Agent.FEB
Fortinet	W32/Agent.ANI!tr.bdr
Ikarus	Win32.SuspectCrc
Antiy-AVL	Backdoor/Win32.Agent.gen
AntiVir	BDS/Agent.ani.3
Comodo	Backdoor.Win32.Agent.ani0
Sophos	Troj/Agent-FYG
Kaspersky	Backdoor.Win32.Agent.ani

File System Details

Trojan.Agent may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	~tmpa.exe	062d756070c4aa99845c08d0c1c27bb1	0
Name: ~tmpa.exe MD5: 062d756070c4aa99845c08d0c1c27bb1 Size: 93.69 KB (93696 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
2.	~tmpd.exe	0fe696aff9bec0b63d9b77e3d9413441	0
Name: ~tmpd.exe MD5: 0fe696aff9bec0b63d9b77e3d9413441 Size: 93.18 KB (93184 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
3.	unobi.dll	22003e73098e41f42e28e9eb93672f22	0
Name: unobi.dll MD5: 22003e73098e41f42e28e9eb93672f22 Size: 55.8 KB (55808 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
4.	9.tmp	cd1f1696515aaf21bf7ce38670aca395	0
Name: 9.tmp MD5: cd1f1696515aaf21bf7ce38670aca395 Size: 81.92 KB (81920 bytes) Detections: 0 Type: Temporary File Group: Malware file Last Updated: December 11, 2009
5.	2.tmp	bf2631140fea33acab46bb6da052b066	0
Name: 2.tmp MD5: bf2631140fea33acab46bb6da052b066 Size: 86.01 KB (86016 bytes) Detections: 0 Type: Temporary File Group: Malware file Last Updated: December 11, 2009
6.	mbssm32.exe	2d2c56f61320a5aacd2040be7faaccce	0
Name: mbssm32.exe MD5: 2d2c56f61320a5aacd2040be7faaccce Size: 576.51 KB (576512 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
7.	windmh32.dll	658af36153b0121bf252bb9dc87e9088	0
Name: windmh32.dll MD5: 658af36153b0121bf252bb9dc87e9088 Size: 12.16 KB (12167 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
8.	WMFMRNV.EXE	0f7851342bd02272fe349adc730ea9ee	0
Name: WMFMRNV.EXE MD5: 0f7851342bd02272fe349adc730ea9ee Size: 108.03 KB (108032 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
9.	cluhtj.exe	c5d1bd0c682106929f3fb2efbebc7f48	0
Name: cluhtj.exe MD5: c5d1bd0c682106929f3fb2efbebc7f48 Size: 36.35 KB (36352 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
10.	cdcw.exe	7ad7e338fdb7276dc788dca85b915052	0
Name: cdcw.exe MD5: 7ad7e338fdb7276dc788dca85b915052 Size: 274.43 KB (274432 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
11.	spools.exe	97645d946a25b774231cc30a1669a17a	0
Name: spools.exe MD5: 97645d946a25b774231cc30a1669a17a Size: 41.32 KB (41321 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
12.	XSBMON.EXE	bb541ce011fc9f24ac7c5c11ccdb1420	0
Name: XSBMON.EXE MD5: bb541ce011fc9f24ac7c5c11ccdb1420 Size: 192.51 KB (192512 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
13.	w32main2.exe	68c2a77f3a68555dbebed5aad2438315	0
Name: w32main2.exe MD5: 68c2a77f3a68555dbebed5aad2438315 Size: 263.68 KB (263680 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
14.	cftmon.exe	093d535d1f45f1ee9491c84da0d1ffc5	0
Name: cftmon.exe MD5: 093d535d1f45f1ee9491c84da0d1ffc5 Size: 73.42 KB (73426 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
15.	ipstdx.dll	d344469531dd32932b5d19a62b6956eb	0
Name: ipstdx.dll MD5: d344469531dd32932b5d19a62b6956eb Size: 376.83 KB (376832 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
16.	CNRN.dll	7634a4fd270d55c0bc53f7fb0c35711b	0
Name: CNRN.dll MD5: 7634a4fd270d55c0bc53f7fb0c35711b Size: 339.3 KB (339304 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
17.	Update.exe	7a1654db6c99b5132e9ca4b2ed453b43	0
Name: Update.exe MD5: 7a1654db6c99b5132e9ca4b2ed453b43 Size: 790.52 KB (790528 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
18.	clcl11.exe	13a2aadf0566f0a593e5e958d75226c4	0
Name: clcl11.exe MD5: 13a2aadf0566f0a593e5e958d75226c4 Size: 203.77 KB (203776 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
19.	iggr.exe	5252c59056a79ef53d590f7d2278cbdb	0
Name: iggr.exe MD5: 5252c59056a79ef53d590f7d2278cbdb Size: 61.95 KB (61952 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
20.	soundmix.exe	bddd7cc535a37b4ca123a554958070a9	0
Name: soundmix.exe MD5: bddd7cc535a37b4ca123a554958070a9 Size: 16.89 KB (16896 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
21.	Counter.exe	4cb73ca203f42bd1853a43d59521f96b	0
Name: Counter.exe MD5: 4cb73ca203f42bd1853a43d59521f96b Size: 53.24 KB (53248 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
22.	CLADD	71d2592cc8e2713eaa4f0ae757129c0b	0
Name: CLADD MD5: 71d2592cc8e2713eaa4f0ae757129c0b Size: 241.66 KB (241664 bytes) Detections: 0 Group: Malware file Last Updated: December 11, 2009
23.	754858da95c7e2436244c0a0fa5c1795	754858da95c7e2436244c0a0fa5c1795	0
Name: 754858da95c7e2436244c0a0fa5c1795 MD5: 754858da95c7e2436244c0a0fa5c1795 Size: 519.44 MB (519446528 bytes) Detections: 0 Group: Malware file

More files

Registry Details

Trojan.Agent may create the following registry entry or registry entries:

Regexp file mask

%allusersprofile%\svchost.txt

HKEY..\..\..\..{RegistryKeys}

Software\iwqggaa

Software\iwqggbb

Cookies

The following cookies may be associated with Trojan.Agent:

1085127072867823887

Analysis Report

General information

Family Name:	Trojan.Agent
Signature status:	No Signature

Known Samples

MD5: 034aeffe6d1b99d85c2471c1301ccc10

SHA1: 689ef15be29438e2b5c952e38006691e6df182ed

File Size: 3.17 MB, 3172985 bytes

MD5: 39105f8ac510efe7f5b7d6c67c2db0a7

SHA1: 52069a6f0f66c7f9192cba27899c728883f61eb7

File Size: 315.39 KB, 315392 bytes

MD5: a1bebca8b9618045a83ebf5f0dd25894

SHA1: 0bfd269195cbec4af7144009464410af04012bdf

File Size: 152.06 KB, 152064 bytes

MD5: 4e8bd96f56a7edc8e6e797ff1b2a8849

SHA1: 345bcf3ab1f384717a8829d07bfd45e96ba6c0c6

File Size: 712.70 KB, 712704 bytes

MD5: 79187c801cfeae8695908bda908ec6d2

SHA1: 4886e42d78068fdf0c81beffe41de0374d6cfee4

File Size: 3.17 MB, 3172985 bytes

MD5: 10eb5e49706f22a8deace0a2dbdc82c6

SHA1: 5b2f524fc0d7fe4fa7bf9d389ff2a8a6af51ac36

SHA256: 836AF134423747FED3A54E2F258D3C5165DDB010AEBE2DC88839988D1A733217

File Size: 259.07 KB, 259072 bytes

MD5: 982e02da0d1b4c14cf6514dfd6d8946c

SHA1: 79e005d1c8d12265766d41f989ad1c6b0175d3d1

SHA256: 51253A229E97D2BC8928021B690E5657937793E5A268B76CCA48E0AF7A0B4051

File Size: 4.32 MB, 4315648 bytes

MD5: 3fdd34dc0177d250c16ed3efdc807f0a

SHA1: f03ba3bc296375d6a7bf07fbdf37437d1bfa2e22

SHA256: A42F8140A82D6741B3A3D15A6215853AFA94E8FE8EEA27F7A134B0D00B934B5F

File Size: 5.46 MB, 5456384 bytes

MD5: df2e6b2e6960520c0f482741c79dc24a

SHA1: cb26843852dda20f03ab4998b6683f55ae2d3608

SHA256: 40AFEC8B1433B13EF1EF83579EAA332FAD5E1374319A68AF6DF7701E35397CBE

File Size: 5.43 MB, 5430784 bytes

MD5: e215575c3fee36bb0121f4db50257d7a

SHA1: 4423aacfad4fc1118c12cd66bf68aa4f236aa8a8

SHA256: 65E05A9375A7B380FB7D5015B473644EC879F418CAADE97F1808CBE6070D8EC6

File Size: 7.26 MB, 7264256 bytes

MD5: 400bd063c90795b3c746f56b20811552

SHA1: 1cf446bc8a5c1e1d06faeaedb7fe60f979ef8601

SHA256: FE45293CD5AE73720D20505E1706FF1E3A76A698CF9B5CC7F5319F27D888493A

File Size: 1.78 MB, 1782504 bytes

MD5: 91dfe7793d1ea3dea55f08435c4ea846

SHA1: 5bdb172a4954382270f8f028d02ce99e9f12c833

SHA256: 76320C125F0750F787868F351897BCE1F753FE7270D5361843CADCCD8419D71B

File Size: 84.48 KB, 84480 bytes

MD5: 80fbe78de0b2daca2c7d7713042c0647

SHA1: 0a28918f32111ab71bb3f37388d407056a54e6c7

SHA256: DEA17A69E716E42799EC824BD42D3C3438B76799792DD7AF92B82A10CD0BA972

File Size: 316.93 KB, 316928 bytes

MD5: 5ad3e10228e5e93cd23570ec095af782

SHA1: 36b07cc3f35c7250bfe20502a5825c16f399d30f

SHA256: 10CB893D05979F366FF7B5AB24D5882DD80998E1DA41226D1E171D4063935160

File Size: 9.64 MB, 9639936 bytes

MD5: ec3812058142c9ed90d7d86210d3a23d

SHA1: 61b90de3b1ecf016970ff127447087e7d6f10883

SHA256: F117BB2021A0D1B09ADB5CCA0788B41E5AFD9363B6A68255290721B89A862FA0

File Size: 3.56 MB, 3555840 bytes

MD5: 122b4555cb9cf6917f1878f66be1bd1c

SHA1: 8eaa3067768715e232067198fd96678f3641f476

SHA256: 83B17F02ED2989FD12F444F530903B12453BC39AB2056EFA501F1A6A21FC5ACE

File Size: 2.66 MB, 2657792 bytes

MD5: 5292c9e907ceb342aaefc84cea79bc17

SHA1: f37cedcb79a96452eefa5f1f4d147f1175c848de

SHA256: DBA129AFAFB0DC6FDBB679ACDDEA6913F6C634382181D492BB935A20FE41F0C8

File Size: 7.09 MB, 7089664 bytes

MD5: 540b2fe3233595acbb78b3727c44060c

SHA1: cd526ab1a8cac6534a246050d8dd777b01a88e44

SHA256: C485B5579657FF04723C13B5FEC610C64B232A0BEA58CCBF762235FE92104B6D

File Size: 6.16 MB, 6159650 bytes

MD5: aa63d45a59a56b52de7800435fdcd7c3

SHA1: 0f267739f02e29f12b1c4330cc8aebc229c8ed7c

SHA256: 2E74DD8170DA84126E8DFE0518DBF93BF885B749FCBBD4B082708C00CA6451C2

File Size: 5.81 MB, 5805056 bytes

MD5: 9feaebe9322d145f48db773922e1f13a

SHA1: 1d430da4ec12e9ca600297bcf96ae8ed83a6db63

SHA256: 530C43415B1051D4F78F42A78794D77CD1CF1396241C4483AA9F76A103E94121

File Size: 592.84 KB, 592840 bytes

MD5: 0fac71281a99eac04ff5a194e5eaa3bb

SHA1: 8bb11de30d5554f97cdb4b933eb0d9ddba01babf

SHA256: 0280C4EEBA7439BDCF880F013F7FE997CFAB2F0FC88D2C53BAE5DE097268ACF9

File Size: 3.17 MB, 3172985 bytes

MD5: 2a95bf1e1419bd4919291d32f7b4739e

SHA1: 25c7f86f6493491525428562b67480cb10ec6dbc

SHA256: 0BE31AAB41FB1740B176811377EEB2E59809C7A1D332F7F4C465BF7E9DAF406A

File Size: 9.28 MB, 9280512 bytes

MD5: 308c0dbf3bd27e1c9921c8d96811254b

SHA1: db536bf9ce28cb79c9635bd0e6e5cf1ac893a4b7

SHA256: B77B70F40D79362E0BE63822F3E7CFE36C645F884F0BB3A9FD4DB3BB2814D63F

File Size: 9.29 MB, 9293824 bytes

MD5: 663b423b5a1c8a4c4150a74c9676b486

SHA1: 430054e3e36424ea887a1d8af132f13d8e47c691

SHA256: FE854FFDE15094F31E014EC3EB93927D225D20A883D7904B02EDB2F4715BFC63

File Size: 1.08 MB, 1075712 bytes

MD5: 77ee84119fef893309aef2f157d9789c

SHA1: 72223e8d13eb9454937b92c7278c4d24baf34265

SHA256: A403109D774D94558BB54E75E17AA1597508C4AB79146959EDF772DEC6E9AAA8

File Size: 2.07 MB, 2068817 bytes

MD5: 2332a0042ad102248c279188ebd1d3e8

SHA1: 5f377fc164f033f1473b722f105a368f65aa1572

SHA256: 393DA7D18014A72BB26910EE6405496791B3120FB59938BE4AE6A99F039583AF

File Size: 5.57 MB, 5565952 bytes

MD5: caa990217afc5d7209fe3b38f0d42ca2

SHA1: 5518a09e6a9f5cd8005142191115bf3ae6747d52

SHA256: 94A6858FDA6E05E14155C2B853044EACD4CF486535834241123815975879459E

File Size: 1.96 MB, 1964032 bytes

MD5: d97fb3328da5d17b296eb97aff2362a0

SHA1: 9bca9d54cd4a898c044a8c8731ac5ea2bef7365c

SHA256: 7C907DE722EC80907F26E22DFA0FC8CDEDA170C4B557CA1BB08AF6DCF738FB96

File Size: 7.82 MB, 7818752 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	9.0.0.0 3.3.0.0 1.1.12.6 1.0.0.0 0.0.0.0
Comments	C#-Mnemonic ver.9.0.0 pre-release Control Panel for KetcauSoft' Application http://www.autoitscript.com/autoit3/ Launcher & Patcher This installation was built with Inno Setup.
Company Name	Audi AG ETH ticker Ethereum ticker GENERATION NT LTPTeam Microsoft NL-X The Classic PW - Genesis The Classic PW - Mar em Fúria TML Weapons of War New Generation Inc. Show More WEFLY Structure JSC www.kreo-tech.com XopMC Youxiland Co. Ltd.
File Description	C#-Mnemonic-hash160 Client Login Program Enigma Encryptor ETH ticker Ethereum ticker 1.0.0.0 GESTION DE POLYCLINIQUE Isaeva KCS Inside Laptop Battery Analyzer Macro X Evolution MuUpdater Show More NL-X pwprotector SD Creator Setup/Uninstall UNDERTALE Engine Weapons of War New Generation
File Version	51.1052.0.0 9.0.0 3.3.0.0 1.11W 1.4.0.0 1.1.12.6 1.0.0.0 1, 0, 0, 1 0.1.0.3 0.0.0.0
Internal Name	C#-Mnemonic-hash160.dll Isaeva.exe KCS Inside.exe Login.dat ModisEvolution.exe MuUpdater.exe NL-X.dll NLBA_LaptopBatteryAnalyzer.exe NL Hybrid.dll pwprotector.exe Show More SdUpdater2.exe setup WoWNewGen.exe
Legal Copyright	2018~2021 TML 2024 (c) ETH ticker Ethereum ticker Copyright (C) 2004 Youxiland Co. Ltd. All rights reserved. Copyright KetcauSoft © 2012 Copyright © 2015-2022 AUDI AG Copyright © 2020 Copyright © 2022 Instant, Inc. Copyright © 2023 Copyright © 2026 Copyright © 2026 Weapons of War New Generation. Show More Copyright © GENERATION NT 2008 Copyright © LTPTeam 2016 Copyright © Microsoft 2015 Diego Román t.me/brythbit by @XopMC
Legal Trademarks	KetcauSoft
Original Filename	C#-Mnemonic-hash160.dll Isaeva.exe KCS Inside.exe Login.dat ModisEvolution.exe monitor_prog.exe MuUpdater.exe NL-X.dll NLBA_LaptopBatteryAnalyzer.exe NL Hybrid.dll Show More pwprotector.exe SdUpdater2.exe setup-win32-bundle.exe WoWNewGen.exe
Private Build	01.00.00.00
Product Name	C#-Mnemonic-hash160 Client Login Program ETH ticker Ethereum ticker 1.0.0.0 GntMedDocteur Isaeva KCS Inside 2024 Laptop Battery Analyzer Launcher & Auto Update Macro X Evolution monitor_prog Show More MuUpdater NL-X pwprotector SD-Creator The Classic PW - Genesis The Classic PW - Mar em Fúria UNDERTALE Engine
Product Version	44 36 31 9.0.0 3.3.12.0 3.3.0.0 1.11W 1.1.12.6 1.0.0.0 1.0.0 Show More 1.0 1, 0, 0, 1 0.1.0.3 0.0.0.0
Version	1.11W
W D Version	27.0

File Traits

.NET
00 section
2+ executable sections
Agile.net
big overlay
CAB (In Overlay)
Confuser
Fody
GenKrypt
HighEntropy

Inno
InnoSetup Installer
Installer Manifest
Installer Version
NewLateBinding
No Version Info
ntdll
Reactor
Reflective
RijndaelManaged
VirtualQueryEx
Wix
WixToolset Installer
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	733
Potentially Malicious Blocks:	2
Whitelisted Blocks:	620
Unknown Blocks:	111

Visual Map

0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 0 ? ? ? ? ? ? 0 ? 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 ? 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 1 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Autoit
BadJoke.FH
DialupPass.A
Emotet.CDD
Injector.AK

Lumma.GFD
MSIL.Agent.GDE
MSIL.Agent.OAAR
MSIL.BadJoke.XF
MSIL.BlackGuardStealer.A
MSIL.Brute.BGF
MSIL.Brute.GFA
MSIL.DllInject.LE
MSIL.Filecoder.GG
MSIL.Gamehack.JS
MSIL.Heracles.IP
MSIL.Injector.FSA
MSIL.Tedy.F
MSIL.Tedy.NN
Remcos.AI
Rugmi.IA
Sheloader.A
Sheloader.C
Stealer.KF
Zenpak.C

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\972ae312b9b3458a8bb8df383a9fb2b1\webview2loader.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\a634fbb351864c07b1d9d3e2e2924438\webview2loader.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut7702.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-gde6n.tmp\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lroid.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\temp0.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\temp1.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~dffa55f81611a658c1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vmlgywd.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vmlgywd.jpg	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\94\shell::sniffedfoldertype	Downloads	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\pc soft\windev\27.0\appli\36b07cc3f35c7250bfe20502a5825c16f399d30f_0009639936::last_framework	270103j	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	143.0.3650.96	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext Show More ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetContextThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx 20 additional items are not displayed above.
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Network Winsock2	WSASend WSASocket WSAStartup
Network Winsock	connect gethostbyname inet_addr
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecute
Keyboard Access	GetAsyncKeyState GetKeyState

Shell Command Execution


							"C:\Users\Nztewlcq\AppData\Local\Temp\is-GDE6N.tmp\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650.tmp" /SL5="$60302,5666415,214528,c:\users\user\downloads\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650"


							jview.exe  /cp:p "C:\Users\Hxejqwsr\AppData\Local\Temp\temp0.jar


							open http://www.java.com


							"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.java.com/

Trojan.Agent

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Registry Details

Cookies

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed