Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.AIAB

Trojan.Agent.AIAB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,517
Threat Level: 80 % (High)
Infected Computers: 2,625
First Seen: June 20, 2023
Last Seen: January 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.AIAB
Signature status: No Signature

Known Samples

MD5: 74ec3eb57e776730d33132151ef5524e
SHA1: 4129967b45594dc6fee91fefb7b2e7c8792a250a
SHA256: 95A0429A1EC28B94606C02E4031B69058523496F15D02BB56267340A249FAC76
File Size: 1.32 MB, 1322040 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name CrystalDisk
File Description CrystalDiskInfo Setup
File Version 9.1.1.0
Internal Name CrystalDisk.exe
Legal Copyright Crystal Dew World
Original Filename Office.exe
Product Name CrystalDiskInfo 9.1.1
Product Version 9.1.1.0

File Traits

  • CryptUnprotectData
  • HighEntropy
  • Installer Version
  • No CryptProtectData
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 3,642
Potentially Malicious Blocks: 1,002
Whitelisted Blocks: 2,428
Unknown Blocks: 212

Visual Map

0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 x x x 0 x x 0 0 x 0 x x x x 0 0 x x x x 0 0 0 0 x 0 0 x x x 0 x 0 0 x 0 0 x 0 0 x x x 0 0 0 0 x x x 0 0 x 0 x 0 x x x x x 0 0 0 x x x x 0 0 0 x 0 0 x 0 0 x 0 x x 0 0 0 0 0 ? ? ? 0 x ? ? ? ? 0 ? ? 0 ? x x ? x x x x x x x 0 x 0 x x x ? ? 0 x x x ? ? ? ? ? ? ? 0 0 0 0 0 0 ? x ? x ? x 0 0 x 0 0 x 0 x x ? x ? ? ? ? ? 0 x x x x x x ? ? 0 ? 0 ? 0 0 0 ? 0 ? 0 ? ? ? 0 x x ? ? x ? ? ? ? ? ? ? 0 x x x x ? 0 ? ? 0 0 x 0 x ? ? 0 0 ? ? ? ? ? ? ? ? ? x 0 0 x x ? 0 ? ? x 0 ? x ? 0 ? 0 ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? x x ? ? 0 x x ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 0 x 0 0 0 ? x x ? ? 0 x x 0 ? 0 ? ? 0 ? ? ? x x x x x x x 0 x 0 ? 0 ? ? ? ? 0 0 0 x ? 0 ? x 0 ? ? ? ? 0 x x ? x x 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? x x x x ? ? ? x x 0 ? ? ? ? 0 ? 0 0 0 ? ? ? x x ? ? ? ? x x 0 0 x 0 0 x x ? 0 ? x 0 x ? ? x x 0 0 x ? x ? ? ? ? x ? x x ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? x 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? x x ? ? ? 0 0 0 0 x 0 0 0 0 x x 0 0 x 0 x 0 0 0 x x 0 0 0 x x 0 x 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? x 0 ? x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x ? x 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x 0 0 0 0 0 x x x x x x x x x 0 x 0 x x 0 0 x x x x x x x x 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 x x 0 x 0 x x x x x x 0 x 0 0 x x x x x 0 x x x x x x x x x x x 0 x x x 0 0 0 x x 0 x x 0 x x 0 0 1 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x 0 x x 0 x x 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 x x 0 x x x 0 ? x x x x x x 0 x x x 0 0 x x 0 0 0 x x x x x x x x 0 0 x x x x x x 0 0 0 0 x x 0 x 0 0 ? 0 0 0 0 0 0 0 0 x 0 x 0 x x 0 0 x 0 0 x 0 0 0 x 0 x x x x x x 0 x 0 0 x x x x x x x x 0 x 0 0 x 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x 0 0 0 x x 0 0 0 x x 0 x x 0 0 ? ? 0 x x x x x ? x x x x 0 x x 0 x x x x x x x x x 0 x x x x x 0 x 0 0 0 0 x 0 x 0 0 0 x x 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x 0 x x 0 x 0 x 0 0 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 x 1 0 0 x x x x 0 x x 0 0 x x x x x 0 0 x x 0 x 0 x 0 x x 0 x 0 x 0 x 0 x x 0 x x x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x x 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x x x 0 x 0 1 0 x x x x x x x x 0 x 1 0 0 x 0 0 0 x 0 0 x x 0 0 x 0 0 0 x 0 0 x 0 0 x x x x 0 0 0 0 x 0 0 x x x x 0 x x x x x 0 0 x x 0 x 0 0 x 0 x 0 0 x x 0 x 0 x x x x x 0 0 x 0 x 0 x x 0 x x x x x x x 0 0 x x x x x x x x x x x x x x 0 x 0 0 x x x x x 0 x x x x x x 0 x 0 0 0 x x 0 x 0 0 x 0 x x 0 x x x x x x 0 x x x 0 x 0 0 0 x 0 0 x 0 0 x 0 x 0 x x x x x 0 x x x x 0 0 x x 0 x 0 x 0 0 x x x x 0 x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x 0 x x x 0 x 0 x x 0 0 x 0 0 0 x 0 0 0 x x x x 0 0 x 0 x 0 x x 0 x x x 0 x x 0 x x 0 x x x 0 0 x 0 0 0 0 0 x 0 x x 0 0 0 0 1 0 x x x x x x x x x x x x x x x 0 x x x x x 0 0 x x 0 0 x 0 0 x x x 0 0 0 0 x 0 x x x 0 x 0 0 x x 0 0 0 0 x x x x x x x 0 x 0 0 0 x 0 x 0 x 0 x 0 x x 0 0 x x 0 x 0 x x 0 0 x x 0 0 0 0 x 0 x x x x x x x 0 0 x x 0 x x x 0 x 0 0 x x 0 x 0 0 0 x x x 0 0 0 x 0 0 x x 0 0 x x x x x 0 x 0 0 x 0 x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x x x 0 x x 0 0 x x 0 0 x x 0 x x 0 x 0 0 0 x 0 0 x 0 x 0 0 x 0 0 x 0 0 x 0 x x x x x x 0 x x x 0 x x x x x x x 0 x x x x x x x x x x 0 0 x 0 0 x x 0 x x x x 0 0 0 x x 0 x x 0 x x x 0 x x x x x 0 x 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.AIAF
  • Agent.AIAG

Files Modified

File Attributes
c:\users\user\appdata\local\maxloonafest131\maxloonafest131.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\fanbooster131\fanbooster131.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\run::maxloonafest131 C:\Users\Boihzors\AppData\Local\MaxLoonaFest131\MaxLoonaFest131.exe RegNtPreCreateKey

Trending

Most Viewed

Loading...