Trojan.Agent.DFD
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,219 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 287 |
| First Seen: | March 22, 2024 |
| Last Seen: | November 10, 2025 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.DFD |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3b61d4791faa4d96dc2ba7b2ca5c9a09
SHA1:
3ceca7b6a0232013fcd275ba48af5b72ae087519
SHA256:
C314057BE12F30DC4A8A14CF84F25175ADA5A2FB0C1F291FBDD44C7636468F87
File Size:
3.14 MB, 3143168 bytes
|
|
MD5:
90530e39f71402a8b76f6172e01da0c1
SHA1:
7caf35e2db8e3698aae8768f4e2ffe69114c2f22
SHA256:
884CF7E2CF927DF98F18A69674320A066074C6F806D54D8EEB4EC40B8D06DE0E
File Size:
3.68 MB, 3681792 bytes
|
|
MD5:
04b8337fefd9ad45a83315e290ddf52e
SHA1:
4a16e3618cc87071a2e446d39e532e7ed173731f
SHA256:
A611A833256B8A79C6F8401D1C71BC92AA0F6B70377F2CB7035CB19CB8267FDA
File Size:
2.72 MB, 2723328 bytes
|
|
MD5:
83d529362410487b95e6b830f3773603
SHA1:
295c1b3487d6638eede05bb002ddca2325f6ef64
SHA256:
B844E94E1F68B208C9B6B19AE7079350DB07668D1B75A64ECDDDE0BCDEC30DB8
File Size:
7.36 MB, 7358976 bytes
|
|
MD5:
b48a5465dfeee5e3f3c2cf413a3cb2a7
SHA1:
774e4427b05984dcf1b9d632db86d82eb2653271
SHA256:
B5B53ACFF512318BD0BDD8A4A4613675CA9EAE0EEE4E6F5DCAFBE2D8FCCC8A11
File Size:
4.92 MB, 4922880 bytes
|
Show More
|
MD5:
c75b0fb08944a559bb31af4c8aab947b
SHA1:
2552525c447ccae5be21bcbacea514402b85e9ab
SHA256:
3B58E15FEAE5B24DD5E67D1F42A903917A399EA07D9928764ADA95B194459978
File Size:
7.22 MB, 7216640 bytes
|
|
MD5:
a2ce907837066036f17dab856ec14a69
SHA1:
9219b16ad0c027709f31eecc494d649217bd99c6
SHA256:
92664BAF16F76663470CE2FDD455CD8D80B2ACFC828CA8E59FA13BCA54F88BD3
File Size:
5.94 MB, 5935616 bytes
|
|
MD5:
256c6bbc87408acadd5da47839b28336
SHA1:
16cca9579f5c7e045f9add0720c6bf5d7f551121
SHA256:
8C47C61263877BED53E12861E5E9E1CF1DA4F5D97D3F52CA09F5F6CDE67C18CC
File Size:
2.93 MB, 2925056 bytes
|
|
MD5:
84394a4a6686c86560c7be6387f67de2
SHA1:
e6eef5a8f15e537521509c5c3ad4b5326e3c81e2
SHA256:
9EB6590B1DB5AD7D2F987CA880CA701E77BE3AAAF32600DCBD464ADE9DCAEAAC
File Size:
5.91 MB, 5908610 bytes
|
|
MD5:
c2060d27c02cc9115601ad781645d361
SHA1:
b430a6f0c89d704fb0f35fafad26b9ff70b5d944
SHA256:
83B23428B521C645EC257720A6AC064107D452DB9FF54E8CF4760A55D3B9E4F8
File Size:
2.97 MB, 2970112 bytes
|
|
MD5:
16a987659af25e7b2155c392a091b719
SHA1:
26f5c544812f7be0774d1b24a4e96016eafc1241
SHA256:
AEE902CF8421FB339D6171C40CFFC4D23ED772EBF22D4333FD84A706FDCFE347
File Size:
2.97 MB, 2972672 bytes
|
|
MD5:
fa4613ae467ff64ad4c14def549eac1c
SHA1:
7adcd774bb32fb32f1d0609c7492ad4cace5fcd1
SHA256:
37599B38DCBE50DD01C413D2C5AECCC6582D640CF81AD4EB1F5877ED25C40D5D
File Size:
3.79 MB, 3787264 bytes
|
|
MD5:
89121d720668345b87db61f04eb607eb
SHA1:
9d18cc07305d6367c4ea8c831c56baa7aafd7d0f
SHA256:
A0FD70D5DE4C5F4906D802B40D34163FF35D60D261AAF8BB0F4197C699A7D8B5
File Size:
4.03 MB, 4027392 bytes
|
|
MD5:
4d7924766f5d88c627e57a35476caf31
SHA1:
f00e61318af03edbbd8e2d39e5cf127233b4b23d
SHA256:
664E90E815CE56B91D51E107D0BB76B4BC5E4AE3FF57DE6CE99635F6357771B5
File Size:
3.46 MB, 3456512 bytes
|
|
MD5:
19c2f688052a60db10ecb88eee9b49df
SHA1:
52653f7c98671506eb10934875b41821ce50c837
SHA256:
74A40D2F809116ABB9DA9D754950E8EF484C6344087718D6F12EE36DFF4DB768
File Size:
3.42 MB, 3420160 bytes
|
|
MD5:
0cd0a0c221cd63f486b3056fd1c8256c
SHA1:
c1248c88917ba28184f55c45bd2610f1a6afdde9
SHA256:
1A85F24DF8BB38BA1C9F2E2D9E8F9FF14590715AE8ED64A6416481C6857C97E8
File Size:
4.03 MB, 4033576 bytes
|
|
MD5:
59191bc5484b7552fd12e9e0625f1e63
SHA1:
aa93d5525e5d543d9161d1bad90d5b8de1c66a2a
SHA256:
AB07455ED33781C0B93C24A09B17B1F531E6EC200E5A56608A731DF459597810
File Size:
3.50 MB, 3500544 bytes
|
|
MD5:
aa1aab76174c9febeef1ff0c72d5b194
SHA1:
7db6bb0e46b5501e1803263c171e4aacdfbd219d
SHA256:
5FE92878D6295C44A4899E029BE7986EED40202BC7A1744B69BED72F2ABBB815
File Size:
4.23 MB, 4232704 bytes
|
|
MD5:
e00cfe72967df9f730058d97aa51026c
SHA1:
8dcb6085765895dc07d2c9b82ab5b82161746ee1
SHA256:
43E9C21955277B99734960070D02A94EF00F943D35C2B5931BAF75D28105F787
File Size:
3.91 MB, 3911168 bytes
|
|
MD5:
5d1e6a1cb3058eafd6f0467a6b8a03e3
SHA1:
d03937102e44c4e8f3ee9f5790e454ddc6982059
SHA256:
3CED467062A221A646CEB42BA46E83700AEFCEC630D3DDDE9409F222DB18529D
File Size:
2.15 MB, 2150400 bytes
|
|
MD5:
e381fde77a9949e75babdbf7c60cccce
SHA1:
51b09b8f9668623cb70991b1c6bb4b8c88280aec
SHA256:
5AA5F5A31530A3E5B6D4E2C835A4FC3B2D9B5492AD61F723A20E5D7F85CA8502
File Size:
5.60 MB, 5599324 bytes
|
|
MD5:
8963556b15add167e937fbdda4887f43
SHA1:
c44c89289747944f9010056a0b411ab3e4790d0f
SHA256:
4AE0CD72C979E0A867501F7C9A121A1FCBEED1C370B044E497F35EBE298B9F2A
File Size:
2.63 MB, 2632704 bytes
|
|
MD5:
1065df892f0b303a306587ad735b7474
SHA1:
df74039551316cdd95471a8c6c8b4f28466665d8
SHA256:
6AA59F9B6FF9485B467808A7612BD227A459F13BD067C18A1A73A99EF2AF49C4
File Size:
6.64 MB, 6640128 bytes
|
|
MD5:
905414540df4c7df085272becc6f5b7a
SHA1:
8632c2985ca4491bd421f219a441c7dd1065126b
SHA256:
9BE3EA1B442A95660275A20A076E412AFCE00B9555E1CDB81BF5CA6231FA6F41
File Size:
4.27 MB, 4269568 bytes
|
|
MD5:
bf25453360c1a57229513cffbc863afa
SHA1:
41a3e9978eeef3ce8ffb8874a2dc27fdddbc6062
SHA256:
9504BE11B7B2D20173DBC45FDFEC99DE2748A4EF70DBFE082151C0EC34268D0E
File Size:
2.10 MB, 2101760 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
Show More
|
| File Description |
Show More
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
Show More
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| NVIDIA Corporation | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
File Traits
- 2+ executable sections
- dll
- HighEntropy
- VirtualAllocExNuma
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 7,893 |
|---|---|
| Potentially Malicious Blocks: | 438 |
| Whitelisted Blocks: | 7,308 |
| Unknown Blocks: | 147 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
2
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.DFCF
- Agent.DFCG
- Agent.DFD
- Agent.DFDN
- Agent.DFE
Show More
- Agent.DFF
- Agent.DFV
- Agent.DFZA
- Agent.DGC
- Agent.FGDS
- AgentTesla.PC
- Filecoder.XI
- Filecoder.XJ
- Kryptik.OIA
- Kryptik.OIB
- Kryptik.OIC
- Kryptik.YKAC
- Rugmi.E
- Rugmi.EA
- SnakeLogger.A
- Stealer.DOA
- XLoader.A
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
2 additional items are not displayed above. |
