Trojan.Agent.BKU
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 15,573 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 106 |
| First Seen: | January 7, 2023 |
| Last Seen: | February 23, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.BKU |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
838ea4c3427c2840f5200e40459c5d44
SHA1:
87f2973441e76ac51a91d5ce054e7a8ba3ffae9d
File Size:
9.23 MB, 9232096 bytes
|
|
MD5:
eafc2fcd8417aeaf99d1c91f046b0058
SHA1:
373d2e8f3729d123ddce3df4093e71ac06175132
SHA256:
B56CC7F687E8A27B6192C5B063A0DA2308A1F97438A06CCDD66250B7B387C540
File Size:
9.23 MB, 9232096 bytes
|
|
MD5:
1956df991b39b6b25aa27c83c9dc2300
SHA1:
58bd08c5a88dd6af2f8f4d50477834050f339728
SHA256:
8435CA1C9B28F2B7564BA54B8C5CA60D7CBA8AC350C579842285379950B649E8
File Size:
4.19 MB, 4187904 bytes
|
|
MD5:
ff80b07a0dfd29e72acb3629c5f8b661
SHA1:
c4387ac61e6637958479e6a7c0bff1a45a30c705
SHA256:
BABEBFEE3B478FF470E5FAC8DDE8F8C320F9768E1BEF10F09A02BF2D1607CA0D
File Size:
4.24 MB, 4239616 bytes
|
|
MD5:
44c4f25bab0808abbd2ef733d4d38f73
SHA1:
d1cef4d910f2533712d64e04ca22a67c9a48a1a3
SHA256:
210BDC68552821D8207637AB12B481DEB41C454D0B961E70B4CC1C0BC038F8EF
File Size:
425.50 KB, 425504 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename | robot_demo..exe |
| Product Name |
|
| Product Version |
|
File Traits
- big overlay
- HighEntropy
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 143 |
|---|---|
| Potentially Malicious Blocks: | 9 |
| Whitelisted Blocks: | 124 |
| Unknown Blocks: | 10 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.BKU
