Trojan.Agent.CLAG
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,349 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 241 |
| First Seen: | January 22, 2024 |
| Last Seen: | April 21, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.CLAG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
24aa7e0c3975050615e60b105967dd58
SHA1:
ef8c821b39937544587b9f009068cc86ed000746
File Size:
4.00 MB, 3997386 bytes
|
|
MD5:
770e2aecc9b5b56faf84d677677b859b
SHA1:
3f5ed6d0b596ee936672e7e3b40dd40825c94355
File Size:
3.74 MB, 3742187 bytes
|
|
MD5:
d476a7033eaac9b7ed0c92702b4138ed
SHA1:
4e5136e5389bbd1d6324e27b70be0a05ca67dcbb
File Size:
3.94 MB, 3939510 bytes
|
|
MD5:
70a69c65df092cb8bd68ac8f7f10ab0b
SHA1:
580b7ab37eccaf37bcfd45569d19cbbf469f22c1
File Size:
3.85 MB, 3846127 bytes
|
|
MD5:
0cedc494cf8e43ec75a9028cf946b3e7
SHA1:
b26687b6542210f19c53687d0ba73d5109217484
File Size:
4.14 MB, 4136368 bytes
|
Show More
|
MD5:
52deae2d0b039f187e945ea947136294
SHA1:
11744edf933872cce0296d8ad4a7038ade0cac46
File Size:
4.96 MB, 4959662 bytes
|
|
MD5:
59314c4286b43f3a3592ca5fb8575a01
SHA1:
18d552f96c7353b378884011250ce755e38b32ff
File Size:
4.83 MB, 4828931 bytes
|
|
MD5:
102db2aaaa69da92da2fc7599b7e7151
SHA1:
5e00e6940169950e7e3f83e322bbd240067fa86e
File Size:
4.80 MB, 4798253 bytes
|
|
MD5:
da24991ae6e837426f6531082ac1493e
SHA1:
e5c31356cdba046b0d6efcfbeaeb16c3a754cf2b
File Size:
3.76 MB, 3764043 bytes
|
|
MD5:
b01ac6309f4a81e5ea92c17ae3eb52f7
SHA1:
dff42decef3fecbd4d95e24731d573ee188c3755
File Size:
4.34 MB, 4336245 bytes
|
|
MD5:
ff83fd5658b6f9d9a14e5bbb9b5bd267
SHA1:
0da934ae83db5793d7fb420179faa4a33cea4fb5
File Size:
4.21 MB, 4208620 bytes
|
|
MD5:
8ebe5f8ae7649d6a05e92ab1e9e6d240
SHA1:
4b6459fd07072cded20efb9b39a87198854f6830
File Size:
4.51 MB, 4508701 bytes
|
|
MD5:
97d23cc5f028c570d34612013557b97d
SHA1:
0eba882e3544ff6a71e1bf2f8d01cc965c356467
SHA256:
D840573AF7A54E5E2660A159185124A8E55E222F2ADBE73C2586CE3BDD0D3C87
File Size:
3.94 MB, 3936059 bytes
|
|
MD5:
8b5ca37b801c804deeeb1623933c78bf
SHA1:
4aa2d420847a80d1ac096d8089c1c20ad8279c87
SHA256:
AE7AA0D076D24528C3CAE823BF20E03289142F80FBB46C22C8FCA80434869120
File Size:
4.03 MB, 4030464 bytes
|
|
MD5:
89ac3d77bf57ec52dca39104337db142
SHA1:
8b715c11631c5f0902efeac5c9e066d6ed530dc7
SHA256:
1725F0A8DF71C407902A78284868AD5093317348F3A3ACD4BEF0143A4609087A
File Size:
4.28 MB, 4276027 bytes
|
|
MD5:
a16f5c2ecba0b6b920257007e803342d
SHA1:
86fbc89c6f7b60e2a3ec4bc71da0d32c6b6a8f11
SHA256:
23B8A0F02C7B315E40D2D8C1ADC86BFBA7D68253E42C3F12CE7BFE81849C5B22
File Size:
4.59 MB, 4593406 bytes
|
|
MD5:
2edd13b62c66499e2ec042e06871dde3
SHA1:
fb30bd44694fe5fa9e361668b5fb2023d8641fa4
SHA256:
D1B3EF1B4DD6EB0EBF5CEB1E1BC68E6442891DC4AB788385438B0771E1EFD677
File Size:
3.69 MB, 3687651 bytes
|
|
MD5:
cf571794730c9255de5bdbca96f89230
SHA1:
0a522252e3a21c30756908863dea0205b854ac23
SHA256:
925F6C9746EC85E909F017691B9FB5E142F440F6D55365899F43C086F1825AAD
File Size:
4.38 MB, 4378228 bytes
|
|
MD5:
482f95fc0b4f591e24373f505318989d
SHA1:
3a308a4863c722b76a4662a174a013f95f6fa681
SHA256:
050B7B5894DBC9B9D245899D039A67940180EAC63C0741EE6EB9AA2F483F5DEE
File Size:
4.25 MB, 4246903 bytes
|
|
MD5:
de1f7bfd6452d9f80abbaaf959190701
SHA1:
d268fae49f7a4583f1836558b35bd76b5c10d248
SHA256:
26CB4A5044C58DB55E27448185F27300DFFB29F8B66A7C0714A64500EBB64676
File Size:
4.15 MB, 4146583 bytes
|
|
MD5:
9314ed573d975f3fdc65606f5d760deb
SHA1:
48ae7023211d0ae1612887cd3bfdddbf974326c1
SHA256:
656D8E29D5C175A2727F0498D5E2205FB1616C24B03FC5400106D3BD85CDABE5
File Size:
3.78 MB, 3783437 bytes
|
|
MD5:
18e78f2187ccdcf1f904a7c6717037e8
SHA1:
74bf71a62f6173c04496bd9ff4105ec69bc68118
SHA256:
1E9C0DFD9FC73FB09E77EF27F9751B618CD8F325394811D59E164467F4C47904
File Size:
3.87 MB, 3865207 bytes
|
|
MD5:
10f9dff63939de5469fdc7f2c597766c
SHA1:
ada4cc1ee2037199dd1add1be9a1cc7cd17adb7b
SHA256:
759E8B4133FD548437F4EB995092ECA5A6D7EF369E1D16BD69B3101C7D62C96D
File Size:
4.01 MB, 4009703 bytes
|
|
MD5:
29028806846b2b9d46817d4d78d59a5d
SHA1:
71d83cb203b400f5c39650db68c035861802b188
SHA256:
FAF4B111DA202BBC27BDB6DFFAC3833038C72B504AACE555454EB9303490DBB2
File Size:
4.03 MB, 4031498 bytes
|
|
MD5:
3285ad1a3f58094c3f835c390cbe2fbf
SHA1:
f1e221a7dbb8591f50fc9c21adf1756d5b87f54f
SHA256:
D42257437E097DFDE158553F02D372313A74038D0760B7F7DB984B623BF57D8D
File Size:
3.92 MB, 3917954 bytes
|
|
MD5:
9d7c0ccdd05e8ca84eb653e5c0440006
SHA1:
a3f54f0f1e0dfd543d637d9fc3654943d07d519d
SHA256:
0BDCB8FF3B76FE927F5199BE257BCD6F63ECF1DAF01C30CCAF686DCAB9DDD22D
File Size:
3.65 MB, 3653619 bytes
|
|
MD5:
e8998eed3faac2f324fc298480ff546b
SHA1:
a225b9310a546cfbb99c9b5ccc02476e66c853ce
SHA256:
19088B036765F0E27AA53FDFFE44D46A6C5CB8617E44F33E0129CF8923D8AC21
File Size:
3.69 MB, 3691846 bytes
|
|
MD5:
c64e1951d75ca4b963c00f296adbfb9b
SHA1:
fbb5ba0c9b578869df896c7e5f74f83af608aa65
SHA256:
253E4F0D95A756D710BE8B0ADADB8547307B647AEC60ECFB33BE4711A6B4AA06
File Size:
4.42 MB, 4418427 bytes
|
|
MD5:
783468fc5e14edd5ce84817cadb12ee8
SHA1:
f4757d80d43c30391ac012aa8a44a034376e5179
SHA256:
EA760F31F9F57E1CE23913E649328B0CA95FF4B3F1C7F31C93D71ABC134A30D5
File Size:
4.76 MB, 4762520 bytes
|
|
MD5:
227feac5b58943e154c1a96f43a8cf39
SHA1:
8a1a28947fc3aa2c024d05be72f424454f0301f2
SHA256:
3376EC09552034893FD9F001653C22260B4285371B39605DD648EEF09FD65F2F
File Size:
4.23 MB, 4226306 bytes
|
|
MD5:
abd4e080d51602c21d0bc662b9965920
SHA1:
21019ceb54a8f1f07e3e463d0d3d0695f2087cee
SHA256:
6050CD7B61953ECEBC0F55843530B983DAD769154AECDBB4F010BA97B835278D
File Size:
4.25 MB, 4249507 bytes
|
|
MD5:
5620a6670620b48e764f3848bf74b26d
SHA1:
0d2130642b91c4db6c08449a8add2b95fb1d3e08
SHA256:
9EE05862B3A625DC3D36443F1CCB9F5ADD3D2E395EE5D966922EBDAD87CEDC18
File Size:
3.83 MB, 3825186 bytes
|
|
MD5:
a623d8522463ac13b989748e1235f8ea
SHA1:
93f49c6ce8ad2e244b229bfc2a12dea146b1339b
SHA256:
DD9587CA3C44FE6750E18064F21EA265F2CBDC8671D031EB0F7BA896495BB5A0
File Size:
3.67 MB, 3670698 bytes
|
|
MD5:
6d3780e342a0930cd37165a0f40bd220
SHA1:
810a1cc7ba8f301c1581d5f49916fd9057ef53ea
SHA256:
299DA58D5F9F091E8D5A9BB15E998A32EFBBCABAA578A3A38D7EB50F7204C098
File Size:
4.00 MB, 4001265 bytes
|
|
MD5:
428c6dbe4a9ed04b1b46c420fa3bade9
SHA1:
66359356453eb720c67445f60d6072ecacc60d12
SHA256:
9EFC7A32F3296F3C392D77E7F365197F83C1FD2DB22EA9A68F81DC7D75EC7C17
File Size:
3.83 MB, 3829604 bytes
|
|
MD5:
961918f4be8df627850c3c0516ea73ab
SHA1:
ffa56181f9761b335ba576b9f8e39ee175109248
SHA256:
B6517331B3EA177334B0AEF6E5FF3B69801FCF09A45CA4C2B8269AC48CC688E5
File Size:
3.74 MB, 3738477 bytes
|
|
MD5:
46249d347b8bdf24c2bb4279ec6a4a4f
SHA1:
e9544967733bfae4817059fe36f513ca8c3d5b3f
SHA256:
3699AE0DB91B251058F124FDE9A16FE9BEC73861F4E71A5997EE669C2E6C837B
File Size:
3.77 MB, 3771794 bytes
|
|
MD5:
329f23e5c69323e7b033356341b98b3e
SHA1:
8cf583957e3f02e38b9b44dbe9875b3cf03d4978
SHA256:
89C26D41396FF2B7F87076F070C35D4C1DC8780D84D51D7704F43C72DA1F9377
File Size:
3.98 MB, 3979913 bytes
|
|
MD5:
3d9b0704e5c9bf8e312a3b733d7cec36
SHA1:
927461bfac2982b9e1da3ec4a05feb7b75774f9b
SHA256:
571FA793C49BDCA61642ED03154746389589A13A4254D0361DF5D2A2B5B388FD
File Size:
3.67 MB, 3668234 bytes
|
|
MD5:
8a031cc250fba73d79dbaf95bae1f213
SHA1:
1f6192f61a565eb800a7bffd96abb97d3d9832fa
SHA256:
91C9B88324196C15968276023D36FA6E0055C818DAF9F5B8A0A7B0751682DF90
File Size:
3.68 MB, 3681872 bytes
|
|
MD5:
b1afd351171012a1848b7cc652787d08
SHA1:
a04d18037c6e6223f3725461ccb76b851278704f
SHA256:
C9D8A30A557FFC3C5249EC90FD4D8665E7CD95D157522BECDF9DF2F9339DE824
File Size:
3.82 MB, 3817146 bytes
|
|
MD5:
c017acbae49204f8b6a02ab0f3c8dc42
SHA1:
cf32f70b7605a799eae560b14d217bfb7da954d9
SHA256:
626ADE6004E7CB5B188259AC89DA40E958CC613BB06BE2E5467583DDCBB9C1F6
File Size:
3.67 MB, 3666109 bytes
|
|
MD5:
c740584ebfa0c6b54ad72b46258964b9
SHA1:
07f2c05bc83f8b48059f290e3bfd523625c5bb1a
SHA256:
5C7766E06482601810B45A8A606793A47B99D0F4C460A6939A193AB8CD9F492B
File Size:
3.72 MB, 3724115 bytes
|
|
MD5:
fb54deb393da0777e527d468a3393687
SHA1:
47d09f5d39b5c35ab81e43b6a9e299ce30c1ad54
SHA256:
6B0EE31568FE8E418F4A6105B29A870B21E4B97ED082C4E93ED859639571FCAB
File Size:
4.18 MB, 4177232 bytes
|
|
MD5:
fb934f20e550089fe49d03cf35b10d94
SHA1:
064dd97409c5154ddd2cf025faad7a8afd9d7329
SHA256:
EB60D6D0DF2F242DD2CCB14D4CFFCFFBFD325FE620296C04B472E6E987969D0B
File Size:
4.17 MB, 4167948 bytes
|
|
MD5:
3603c42a858929d6fe5e86adc215c01e
SHA1:
7886c036bccb3956c9a484191ba9715a65563de6
SHA256:
2A38D4F845E3C45E5D8A9895E30A2CC58DB8E8283B8C3D6764BB4DB94D3122E8
File Size:
3.85 MB, 3847279 bytes
|
|
MD5:
90858acb951f25dfda5605a13b7d3ef2
SHA1:
a0f5aa1486229d5cf927ff11e33798f17b20402a
SHA256:
A3FFAF7CA3E9E64A07058B4EBC27E9C39C852BA1BF352146E4D12E4BC9BA7FE7
File Size:
3.69 MB, 3687489 bytes
|
|
MD5:
0527cd32bc1129cbb974f9b488a541c2
SHA1:
817a5a45d8f21d1240ec3833ae909dcb3aae512a
SHA256:
93658EC3826DDE5C369BEA404B89D914006FE4652C02C190BC2FA6F2C4AB4923
File Size:
4.24 MB, 4235673 bytes
|
|
MD5:
225c968b60747e4052977e34069ff44c
SHA1:
19879449e358aaa558643621a0f5800a73bdbc2d
SHA256:
2805DC259A125B5B4A89421AAB5D1554F0F1178631D680D0738F91C14D241C01
File Size:
3.86 MB, 3861347 bytes
|
|
MD5:
3858109836627023038a3be99980f1f6
SHA1:
d1040e4d3d52c051c8df292e21508642ab13b337
SHA256:
FA45624B5F5E332DB3631AC65EC427B8D2BC23409EDF9D22B12AD50FEE0BDDE4
File Size:
4.34 MB, 4342173 bytes
|
|
MD5:
7e252689698ac25a906e5960ace28895
SHA1:
69fb10d7a4211c8c9b7527c54cf9cbaa453a0065
SHA256:
B1531E6EC4511ECC838BB37D191D18BC6822078D975BC10070273AE502A51D4B
File Size:
3.79 MB, 3788813 bytes
|
|
MD5:
dc93e9f84ef7e3d7e8af59bd167a26cd
SHA1:
6350d9e3aba4cc47a1736ea72b4b84dd14bd32fd
SHA256:
7BE057ABD922559AB2A74D9F328B4623CAC481D8C3BDC8CE33ADE8C145C2438B
File Size:
3.99 MB, 3989461 bytes
|
|
MD5:
fe5a80e880c1121de99c64ece1599e9d
SHA1:
c30704d9158d75a80395cda5795102c87a9f662c
SHA256:
B6A3BB8AF4697ACF82564B1DEF365148AB425857DAF2DED0242CF4F483FD22AE
File Size:
4.71 MB, 4708108 bytes
|
|
MD5:
860e3946c4a7eba8ebf0e55d5b23af22
SHA1:
4d2f2d346e51d581e0f6dd9ad25cd58f549d8e02
SHA256:
6CEA1E5DFF4583961E7CD8F52BC24A729B34ED40D8CDF3F934E0FC6AD30FD4F4
File Size:
4.24 MB, 4240784 bytes
|
|
MD5:
37897346b7f1447fe0d7bb254e198896
SHA1:
9a43f94591806a30f02fcc6448cccded56416633
SHA256:
5112E49C5D84DC6E7BA69B3508BCEDAB500736BE95B2E14A07FD7010CA27A4FD
File Size:
4.25 MB, 4251307 bytes
|
|
MD5:
b4a6736eada4158c385803d45dc04fd5
SHA1:
4ed18728f7a83881586e0d3cf223212643b8dac6
SHA256:
FEFA1ED41008C7BB10DD84CED6DCFA434DB85EED77CEAD5A724EBE8F2DD8CE7B
File Size:
4.27 MB, 4271565 bytes
|
|
MD5:
84714780b38ea4aa99494c87cffa45e5
SHA1:
0a33bacd1830b528f0e87fb83e5c9d54dc3e1db6
SHA256:
FBE5D948C0905C3D5CB7917EE009FAB3A7C4396558871FBB4E21EAED967623D2
File Size:
4.70 MB, 4695022 bytes
|
|
MD5:
48b93d92b6bc3fc39a15c0766cd02dcb
SHA1:
c544c148f78e4de2692141ffad31fcfba87dd5d1
SHA256:
8CC0D96526ED129A29FD4BD66C38DB23137F972B8D10896E341AC9FC1835F2F5
File Size:
4.07 MB, 4073403 bytes
|
|
MD5:
879582527f160d293ae88c9eec1b4f86
SHA1:
abfc212c338bf7238cb35545f741782cb333ac90
SHA256:
300AFD7166542A3F6921F8ADA0166ACFDD98D8C4F097D82A9AE7E4409C6D7BB6
File Size:
4.32 MB, 4322012 bytes
|
|
MD5:
a70c4b1d0ed576f818c9464f275c8e44
SHA1:
599cb0109b85e5e167be12ee808c54548515ec28
SHA256:
FD1C7777F6B5DC907C5642B12F2F02F32FDEF558FB84409CE8827270B7FF1CF6
File Size:
5.39 MB, 5385355 bytes
|
|
MD5:
21f248c4d9bb680fa41ee2ff8143b1d8
SHA1:
4b174ff69b59dc9976d0b356103807dd97ef2b3e
SHA256:
90A61367E22BB80AD0A5CC0DB55D7383A0441A1FE4F14D0162EB2322AF81A5B7
File Size:
3.73 MB, 3725322 bytes
|
|
MD5:
78d360c81f11a32f11fbe509d6a79aae
SHA1:
15331835c2ca92d02fccc9bccdcc3da2e756926e
SHA256:
B6E628B41BAFBA6A514BDFFB23EB2DCF7DDC57A83C0223B345E0DF44D5C9B021
File Size:
3.79 MB, 3788581 bytes
|
|
MD5:
071e645b6b0c27b2c64247074d42c2ef
SHA1:
a8d7f6e26c2038ba8fe5530ef714a6142d9493a8
SHA256:
B55BB248A91BC8CC29B77D480DC0D8FBE6986A060C153B4EB86987BAE6F610BF
File Size:
5.07 MB, 5071571 bytes
|
|
MD5:
af997f53372b82228f20ab943596d0e5
SHA1:
cda9ab1272c5ee8ed0ead98e180fc95f8bc83e19
SHA256:
5B51345D1BFD2EB1AFBEBA7D5532661092934D11C2847A66FC27D67C8523BBED
File Size:
5.56 MB, 5558263 bytes
|
|
MD5:
b632142f7dffa6c0baaa0d10402438c8
SHA1:
9b9668047089783930cc9e26e1ffaa2cc140d4be
SHA256:
304740EBDBB4B088ED6F137473265D787C4FB6085E775069FFBE7BEA04E79EC1
File Size:
4.16 MB, 4157362 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
366 additional icons are not displayed above.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Version |
Show More
|
| Product Name | Backup Assist Library |
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- HighEntropy
- imgui
- No Version Info
- VirtualQueryEx
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 4,669 |
|---|---|
| Potentially Malicious Blocks: | 315 |
| Whitelisted Blocks: | 1,945 |
| Unknown Blocks: | 2,409 |
Visual Map
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
x
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
?
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.CLAG
- Kryptik.CLAU
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Keyboard Access |
|
| Service Control |
|
| Other Suspicious |
|
