Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.AIUB

Trojan.Agent.AIUB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,321
Threat Level: 80 % (High)
Infected Computers: 78
First Seen: August 19, 2024
Last Seen: April 21, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.AIUB
Signature status: No Signature

Known Samples

MD5: 244d48544ef0637f81a8ab3620450321
SHA1: 25138afc217fddcfa58920e4c079ce78821ea9e5
SHA256: 497811B96925102D5536B5D9883901BAEBD19259FD58350E63F4B9AC9C62FEEC
File Size: 606.21 KB, 606208 bytes
MD5: e5b475870874c6eb44eb8eaa97b3f4c1
SHA1: c80cdb5dedc1f61e1705487625785506cb600fdd
SHA256: 140196CDFE4B7D87350AF22EFF055900D1FF0F421527A4FA3A5CD3B68D79F93C
File Size: 559.63 KB, 559634 bytes
MD5: 9a65661e2be8ce3914aed74b2e3c8dc5
SHA1: 5cd987b54e43b22d6a4f686a891f30f33fd4f8f3
SHA256: AB18B90B3B3251AB6AD4C0B9E808B1AE5950CC546EBBE4D8EC0A1BAD71F6533E
File Size: 238.59 KB, 238592 bytes
MD5: 81cc280480aa0b9d64bd61a356a1815e
SHA1: e85b7debc5140c491aef1fb870c8bf5ce3508965
SHA256: 67B3BBA54CA3963D84B829519CCDD63BBACC4458D0747CA6E82FCF28493B10CD
File Size: 538.11 KB, 538112 bytes
MD5: daacb3bf9ca62beb72b9594bbf8c8945
SHA1: 705e916741b0765fcc1707999794ea2ddb02be92
SHA256: 217BF3100AF52CAFD4C4D9B477DD5D6D61BC6CBA04EB997BA15D2DA554122A09
File Size: 453.63 KB, 453632 bytes
Show More
MD5: bbf9335df909f216b3b6bc395d6fad3c
SHA1: 8aad821658c003334fb264bea54cc35f1e08d6a0
SHA256: 8442D2BFC3D16EFF5158E64FA39793D7F4DE50E9ECAA42A91FBA78F166AC47B3
File Size: 450.56 KB, 450560 bytes
MD5: adbe205db313f183d0de83d03fab2837
SHA1: 2bb396be1bbe117f5157c7d49b2d1431e138ca11
SHA256: C63575DB675447C48BC4A39B94729DD747DBA792188B31A72CD9CA011F4E3608
File Size: 479.23 KB, 479232 bytes
MD5: 522ddec0029f5804591ed84a9076d61b
SHA1: 063e94c5ac4fd994004753a395dec4668c77a75a
SHA256: 5186DEACF361847F73FD2820A25896C6231E68324850B1D23D00314727601024
File Size: 415.74 KB, 415744 bytes
MD5: 67d3b3aa0fbd6771ebb634740fe4d1e5
SHA1: bb5a93794344cf022266e42210cf1acf47097851
SHA256: A17607F9334621CDD2851A53B5B86B7DB5D81B153A0FC4F7501D751F0E501F88
File Size: 493.57 KB, 493568 bytes
MD5: e6ce623e69b7b16635b6dc2603596ea5
SHA1: d49ce04dfcff73ba31c1b8c282f3c746e024ee5e
SHA256: B56F07A7ED9A5F2667FC6F2D9F6305ED44C08B128C770AE859BE85BBD6EBD827
File Size: 595.97 KB, 595968 bytes
MD5: 217e45309b9d789cb14e8288f1d9ebb4
SHA1: c1b9b168f7f6fe79444cf8144a4ace7b762677c8
SHA256: 50DE1116945A4CDDDB7777EF9E847E9BCC1734FCD56D5887C144029596514EA4
File Size: 520.70 KB, 520704 bytes
MD5: 05f38f79e9ece7814a3b74535b553a50
SHA1: 36a96563604af12ca525f7440b7f796d30a141a1
SHA256: B6D81889433A289E38AE004817013231175A3BA65DEDAFC880E304189ECC7381
File Size: 612.35 KB, 612352 bytes
MD5: c69855de2ea93bb19e8b3d9071a586fc
SHA1: 83612032af6f152c528d1117b7cf26eded1eb853
SHA256: C0A41EAEC5F6C397EADDECF77D9E29AAEC4116776122549F634D64061E631001
File Size: 649.73 KB, 649728 bytes
MD5: 211bd0d2670d371b63eeb584584d6277
SHA1: 4eac13dee773d1ad3b68c5a235c597b63475f4e9
SHA256: D0C05869CE1B27B08D58A47705DD1C34C6FBFBF20957D1442B2028B3F95AC8AB
File Size: 586.75 KB, 586752 bytes
MD5: 4bdd7c3a2c868c7e48684896c62e6161
SHA1: bffb0687387724a0896fc289990f44725638d435
SHA256: 46755397F1610E4FB786D600FF1BC181E0909D252BFC4ADE3018A6A9C31654BF
File Size: 478.72 KB, 478720 bytes
MD5: c79b80f9592c344343d5257d345eb287
SHA1: 340928d8107da41a7b1a3681b4167dce6d6395ff
SHA256: 61B71A301AAB0EFC760CD01EFA1780DF1387B8F78F1A8B78C840BD4CD6A23433
File Size: 487.94 KB, 487936 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • 2+ executable sections
  • big overlay
  • dll
  • HighEntropy
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 472
Potentially Malicious Blocks: 1
Whitelisted Blocks: 466
Unknown Blocks: 5

Visual Map

x ? ? ? ? ? 2 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 3 1 1 1 2 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.AN
  • Agent.ANH
  • Agent.IUH
  • Agent.KPG
  • Agent.OFGI
Show More
  • Farfli.ZI
  • GameHack.LPE
  • Korplug.P
  • Kryptik.ATAS
  • Kryptik.ATAX
  • Kryptik.PAH
  • Murphy.B
  • Spy.Agent.FG
  • TinyNuke.AA
  • Trojan.Agent.Gen.PW
  • Trojan.Agent.Gen.SX
  • Trojan.Downloader.Gen.BP
  • Trojan.Injector.Gen.FLI
  • Trojan.Krypt.Gen.PS
  • Trojan.Kryptik.Gen.DGK
  • Trojan.Kryptik.Gen.DHA
  • Trojan.Kryptik.Gen.EGV
  • Trojan.ShellcodeRunner.Gen.CL
  • Trojan.ShellcodeRunner.Gen.FF
  • Trojan.ShellcodeRunner.Gen.IC
  • Trojan.ShellcodeRunner.Gen.LT

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\25138afc217fddcfa58920e4c079ce78821ea9e5_0000606208.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c80cdb5dedc1f61e1705487625785506cb600fdd_0000559634.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5cd987b54e43b22d6a4f686a891f30f33fd4f8f3_0000238592.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e85b7debc5140c491aef1fb870c8bf5ce3508965_0000538112.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\705e916741b0765fcc1707999794ea2ddb02be92_0000453632.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8aad821658c003334fb264bea54cc35f1e08d6a0_0000450560.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2bb396be1bbe117f5157c7d49b2d1431e138ca11_0000479232.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\063e94c5ac4fd994004753a395dec4668c77a75a_0000415744.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bb5a93794344cf022266e42210cf1acf47097851_0000493568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d49ce04dfcff73ba31c1b8c282f3c746e024ee5e_0000595968.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c1b9b168f7f6fe79444cf8144a4ace7b762677c8_0000520704.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\36a96563604af12ca525f7440b7f796d30a141a1_0000612352.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\83612032af6f152c528d1117b7cf26eded1eb853_0000649728.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4eac13dee773d1ad3b68c5a235c597b63475f4e9_0000586752.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bffb0687387724a0896fc289990f44725638d435_0000478720.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\340928d8107da41a7b1a3681b4167dce6d6395ff_0000487936.,LiQMAxHB

Trending

Most Viewed

Loading...