Trojan.Agent.ASC

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.ASC
Packers:	UPX x64
Signature status:	Modified signature

Known Samples

MD5: 09fae3005d51eabffe4c024e5e1ebea7

SHA1: 7eb1278341ddf979f4b69afa693f2cff41e6da04

SHA256: 91C8D8C630CD7778328E30C3545FAB4036B06ECC2D45082DF63B7FBA87697C81

File Size: 3.46 MB, 3460536 bytes

MD5: 1eec2ed374b147ca763ef9773fdad790

SHA1: 98a896e9a7ef6514afdb13dac955833a252a30bd

SHA256: 23986E890C8072EED0E2A53788D11A7746D861005193BFA1A4DC558E594BC6BC

File Size: 3.43 MB, 3426088 bytes

MD5: 6de7eaef52b2a84cae762458355e4585

SHA1: dc664fe0620522533f7b591549ff661924046894

SHA256: 23BB0A685DCCB9B782D720AC2A31C349EFF46F909EC9285D441CD8D85060B2DA

File Size: 3.43 MB, 3428760 bytes

MD5: 73820880d3e61dc808971b11608c06f0

SHA1: 57fea21e363b73947e8890351abad9f0bbc11485

SHA256: 7FAF3122988B262D5947B91A7B55CD253939BCE2C80F8EB4F3F1DC7461AC8D52

File Size: 7.33 MB, 7328256 bytes

MD5: 0eccc6d15f5f201a5992434052a24502

SHA1: d0d948fc7525981f0e6cc6e9eed7cc3a610b217e

SHA256: 91D52C1C9089BA54FC609769BACE8E8FB32C2B1971D788F8AD62F82911F2CC0E

File Size: 3.43 MB, 3426112 bytes

MD5: debba7805261d7a3683ee653f8498126

SHA1: 36439227331a5e1a8dd675a3ca28d6fe954e8a41

SHA256: A731BA3F9C4291647A149D9FC2F05D47D8D795FC5ECB36F7EFC16AEBFECCCB75

File Size: 3.51 MB, 3508736 bytes

MD5: f9cb4e2892af5b919190ad4de529d29c

SHA1: 1e8a1298118be5fb022e46da1302a035327b02ae

SHA256: 50FCB4DF1A1949ABD19B6A3C507C113BD08B40281EBBBFF176E3EA0A24FF5881

File Size: 3.43 MB, 3428840 bytes

MD5: 043588f122de000b49ee1bf31bac5c40

SHA1: b39bdf5d42799fcbbd0ea62a9719a20f67fe152c

SHA256: 1B936CD385D71977911D2B24867C2139A4B34838772C647821F9DEB05D2425B0

File Size: 3.39 MB, 3389832 bytes

MD5: ce678fadfd5acc4aae99753f51df5d62

SHA1: dc6fe6840fe1c6e9e15f3670a1cd88950a902ca3

SHA256: B938F4A1437C55CBE2BDC48FB805AA02EC17226D4A6B8A0F1140A822AC36DC69

File Size: 3.43 MB, 3428840 bytes

MD5: e1cb082bca8dcf07245c095c5eed27b8

SHA1: a3a9f15d62f7fcedda1a261dd91d944b945b2e94

SHA256: 1F0B149EA00E3F47470C7C4CDC1C3AAAF5BC1EBCFFB2B34C3089DDD7EC745B11

File Size: 3.42 MB, 3420984 bytes

MD5: 087e8046afc854de70731f8952954bf8

SHA1: b315300cfad73524b966ac9e03e09683755b889a

SHA256: 6911FA6979AAE1639B7E6FD2C70C25CED02F67D9C159FC3A97521387CB1748FE

File Size: 3.63 MB, 3629216 bytes

MD5: 3a0c7d6b576be0c0b130479f1be04efc

SHA1: 51dc22a7f1896df9d5dd8c7de52e5b481ffb26b5

SHA256: 36CFCCC84B21D9BB8B3EB93589870AEA0B146FD9BA649B785D44BB8DAFD82656

File Size: 307.71 KB, 307712 bytes

MD5: 1bf547b9afcb2d7be3d01d4d1d821d48

SHA1: 393bf87bc3298fe6a831c8f5e86cddf94c768b04

SHA256: 7779495DB8D4E4F10F71F7C27F7A537426D1CDCF2DB776C8AF4C1F2BD393BFF1

File Size: 3.43 MB, 3428824 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has TLS information
File is 64-bit executable
File is either console or GUI application

File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Opera Software
File Description	Opera Crypto developer Installer Opera Crypto Installer
File Version	93.0.4585.70 91.0.4516.78 88.0.4412.64 88.0.4412.37 88.0.4412.11 88.0.4396.0
Internal Name	Opera Crypto
Legal Copyright	Copyright Opera Software 2022
Product Name	Opera Crypto developer Installer Opera Crypto Installer
Product Version	93.0.4585.70 91.0.4516.78 88.0.4412.64 88.0.4412.37 88.0.4412.11 88.0.4396.0

File Traits

2+ executable sections
HighEntropy
imgui
Installer Version
No Version Info
ntdll
packed
upx
UPX!
UPX x64

Block Information

Total Blocks:	1,801
Potentially Malicious Blocks:	0
Whitelisted Blocks:	1,794
Unknown Blocks:	7

Visual Map

0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\crashpad_1048_qhpyvoygufxggsad	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_1048_qhpyvoygufxggsad	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_2520_pcteeoykznsmwgmt	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_2520_pcteeoykznsmwgmt	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4456_mgftrfzjrurdephl	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_4456_mgftrfzjrurdephl	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_5304_mbsawxjplwoajkzf	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5304_mbsawxjplwoajkzf	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_5936_mdvkgkdrhasxugvp	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5936_mdvkgkdrhasxugvp	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288

\device\namedpipe\crashpad_6932_ueldxbtgfobsdxhp	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_6932_ueldxbtgfobsdxhp	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_7332_dyqdfhanxgcyyhpd	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_7332_dyqdfhanxgcyyhpd	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_7468_gbvmuhjqunkwerxa	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_7468_gbvmuhjqunkwerxa	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_8164_yrsbfmbkwlldkjgr	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_8164_yrsbfmbkwlldkjgr	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_8652_ttnawqfsbwapnbgz	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_8652_ttnawqfsbwapnbgz	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.opera	Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\1e8a1298118be5fb022e46da1302a035327b02ae_0003428840	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\393bf87bc3298fe6a831c8f5e86cddf94c768b04_0003428824	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\7eb1278341ddf979f4b69afa693f2cff41e6da04_0003460536	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\98a896e9a7ef6514afdb13dac955833a252a30bd_0003426088	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\a3a9f15d62f7fcedda1a261dd91d944b945b2e94_0003420984	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\b315300cfad73524b966ac9e03e09683755b889a_0003629216	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\b39bdf5d42799fcbbd0ea62a9719a20f67fe152c_0003389832	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\d0d948fc7525981f0e6cc6e9eed7cc3a610b217e_0003426112	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\dc664fe0620522533f7b591549ff661924046894_0003428760	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer temp\dc6fe6840fe1c6e9e15f3670a1cd88950a902ca3_0003428840	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20251111030052768.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20251119172051158.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20251208170252351.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20251217045023783.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20260111140331964.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20260113061253921.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20260311150036516.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20260316222302935.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20260323231356142.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera crypto installer\opera_installer_20260415071658408.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\1048_37678447	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2520_720243507	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\4456_1498458677	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\5304_1708985998	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\5936_1073393345	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\6932_195508237	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7332_767236178	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7468_1175034636	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8164_797817642	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8652_631145338	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\opera_installer_2511111100522375936.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511111100525818084.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511111100533311052.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511200120505808652.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511200120509404452.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511200120517214844.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2512090102518045304.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2512090102521631452.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2512090102528826636.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2512171250231744456.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2512171250235333176.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2512171250244086392.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2601112203314957468.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2601112203317923412.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2601112203325111336.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2601131412534368164.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2601131412537493860.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2601131412544213452.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603112200360941048.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603112200363768156.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603112200370327132.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603170523023117332.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603170523027178816.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603170523035298388.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603240613556896932.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603240613559862748.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2603240613566573780.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2604151416578932520.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_260415141658221912.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2604151416589083428.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_ui.lck	Generic Write,Read Attributes,Delete
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\26c212d9399727259664bdfca073966e_b7ed31d77d311a56fdcb56a0083b3e0b	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\26c212d9399727259664bdfca073966e_b7ed31d77d311a56fdcb56a0083b3e0b	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera crypto developer\crash reports\metadata	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera crypto developer\crash reports\settings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera crypto stable\crash reports\metadata	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera crypto stable\crash reports\settings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage Show More ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThread ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRemoveIoCompletion ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetSecurityObject ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtTraceEvent ntdll.dll!NtUnlockFile ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnsubscribeWnfStateChange 8 additional items are not displayed above.
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerNameEx GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	SetWindowsHookEx
Network Winsock2	WSAStartup WSAttemptAutodialName
Network Winsock	accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname recv send Show More setsockopt socket

Shell Command Execution


							c:\users\user\downloads\7eb1278341ddf979f4b69afa693f2cff41e6da04_0003460536 c:\users\user\downloads\7eb1278341ddf979f4b69afa693f2cff41e6da04_0003460536 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Krsxkhsp\AppData\Roaming\Opera Software\Opera Crypto Stable\Crash Reports" "--crash-count-file=C:\Users\Krsxkhsp\AppData\Roaming\Opera Software\Opera Crypto Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=91.0.4516.78 --initial-client-data=0x2f8,0x2fc,0x300,0x2f4,0x304,0x7ffcd2e90dd0,0x7ffcd2e90de0,0x7ffcd2e90df0


							"C:\Users\Krsxkhsp\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\7eb1278341ddf979f4b69afa693f2cff41e6da04_0003460536" --version


							c:\users\user\downloads\98a896e9a7ef6514afdb13dac955833a252a30bd_0003426088 c:\users\user\downloads\98a896e9a7ef6514afdb13dac955833a252a30bd_0003426088 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Hfcopsks\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Hfcopsks\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.37 --initial-client-data=0x2f8,0x2fc,0x300,0x2f4,0x304,0x7ff8bc4ef550,0x7ff8bc4ef560,0x7ff8bc4ef570


							"C:\Users\Hfcopsks\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\98a896e9a7ef6514afdb13dac955833a252a30bd_0003426088" --version


							c:\users\user\downloads\dc664fe0620522533f7b591549ff661924046894_0003428760 c:\users\user\downloads\dc664fe0620522533f7b591549ff661924046894_0003428760 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Jayobvzg\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Jayobvzg\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.64 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x7ff8b3e9f550,0x7ff8b3e9f560,0x7ff8b3e9f570


									"C:\Users\Jayobvzg\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\dc664fe0620522533f7b591549ff661924046894_0003428760" --version


									c:\users\user\downloads\d0d948fc7525981f0e6cc6e9eed7cc3a610b217e_0003426112 c:\users\user\downloads\d0d948fc7525981f0e6cc6e9eed7cc3a610b217e_0003426112 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Tylsaihl\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Tylsaihl\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.37 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2a8,0x2fc,0x7ffa89d5f550,0x7ffa89d5f560,0x7ffa89d5f570


									"C:\Users\Tylsaihl\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\d0d948fc7525981f0e6cc6e9eed7cc3a610b217e_0003426112" --version


									c:\users\user\downloads\1e8a1298118be5fb022e46da1302a035327b02ae_0003428840 c:\users\user\downloads\1e8a1298118be5fb022e46da1302a035327b02ae_0003428840 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Riurkfvn\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Riurkfvn\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.64 --initial-client-data=0x300,0x304,0x308,0x2fc,0x30c,0x7ffc1682f550,0x7ffc1682f560,0x7ffc1682f570


									"C:\Users\Riurkfvn\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\1e8a1298118be5fb022e46da1302a035327b02ae_0003428840" --version


									c:\users\user\downloads\b39bdf5d42799fcbbd0ea62a9719a20f67fe152c_0003389832 c:\users\user\downloads\b39bdf5d42799fcbbd0ea62a9719a20f67fe152c_0003389832 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Kwidlcxn\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Kwidlcxn\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4396.0 --initial-client-data=0x2d8,0x2d4,0x300,0x2dc,0x304,0x7fff6cd84550,0x7fff6cd84560,0x7fff6cd84570


									"C:\Users\Kwidlcxn\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\b39bdf5d42799fcbbd0ea62a9719a20f67fe152c_0003389832" --version


									c:\users\user\downloads\dc6fe6840fe1c6e9e15f3670a1cd88950a902ca3_0003428840 c:\users\user\downloads\dc6fe6840fe1c6e9e15f3670a1cd88950a902ca3_0003428840 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Qihuagbh\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Qihuagbh\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.64 --initial-client-data=0x300,0x304,0x308,0x2d4,0x2d8,0x7fff7f06f550,0x7fff7f06f560,0x7fff7f06f570


									"C:\Users\Qihuagbh\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\dc6fe6840fe1c6e9e15f3670a1cd88950a902ca3_0003428840" --version


									c:\users\user\downloads\a3a9f15d62f7fcedda1a261dd91d944b945b2e94_0003420984 c:\users\user\downloads\a3a9f15d62f7fcedda1a261dd91d944b945b2e94_0003420984 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Jpddkcwf\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Jpddkcwf\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.11 --initial-client-data=0x2f8,0x2fc,0x300,0x2dc,0x304,0x7fff7efed510,0x7fff7efed520,0x7fff7efed530


									"C:\Users\Jpddkcwf\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\a3a9f15d62f7fcedda1a261dd91d944b945b2e94_0003420984" --version


									c:\users\user\downloads\b315300cfad73524b966ac9e03e09683755b889a_0003629216 c:\users\user\downloads\b315300cfad73524b966ac9e03e09683755b889a_0003629216 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Qkhfnvvj\AppData\Roaming\Opera Software\Opera Crypto Stable\Crash Reports" "--crash-count-file=C:\Users\Qkhfnvvj\AppData\Roaming\Opera Software\Opera Crypto Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=93.0.4585.70 --initial-client-data=0x2d8,0x2d4,0x300,0x2dc,0x304,0x7ffc0f7c0ce8,0x7ffc0f7c0cf8,0x7ffc0f7c0d08


									"C:\Users\Qkhfnvvj\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\b315300cfad73524b966ac9e03e09683755b889a_0003629216" --version


									c:\users\user\downloads\393bf87bc3298fe6a831c8f5e86cddf94c768b04_0003428824 c:\users\user\downloads\393bf87bc3298fe6a831c8f5e86cddf94c768b04_0003428824 --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Enljdzma\AppData\Roaming\Opera Software\Opera Crypto Developer\Crash Reports" "--crash-count-file=C:\Users\Enljdzma\AppData\Roaming\Opera Software\Opera Crypto Developer\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=developer --annotation=plat=Win64 --annotation=prod=OperaDesktopCrypto --annotation=ver=88.0.4412.64 --initial-client-data=0x310,0x314,0x318,0x30c,0x31c,0x7ffc0f7cf550,0x7ffc0f7cf560,0x7ffc0f7cf570


									"C:\Users\Enljdzma\AppData\Local\Temp\.opera\Opera Crypto Installer Temp\393bf87bc3298fe6a831c8f5e86cddf94c768b04_0003428824" --version

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.ASC

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Downloader.ConsCorr

Trojan.Vapsup

Trojan.Agent.aypy

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen