Trojan.Agent.DFDO
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.DFDO |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
cff8b65a7c74b171ad3653966bee6e10
SHA1:
4e3e33b2875a1d9923af99c34209f3454af0e750
SHA256:
BE3486640D8AEEF938A2FB38F8BBC8CA2C16EF19A5C816B81A70139EDD0F1DB7
File Size:
95.23 KB, 95232 bytes
|
|
MD5:
2748dddca30939e423881861d257d956
SHA1:
e9f0e203a0078d61605d64acaed695ac27239601
SHA256:
2BAD83F0D8238F6F1EF217D5C9384A007D954BDDFC71B9869571B8997F0EA697
File Size:
95.23 KB, 95232 bytes
|
|
MD5:
49d19251f954fc89cbc96381bdcf45cd
SHA1:
42ba89038725cb31506e27bf77a174de5d9d6488
SHA256:
84797CCF8F8FCD1B0AAA5478BAE5A656693AD6D8E9DD9C1A61CB650220E092E3
File Size:
95.23 KB, 95232 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Steam Tools |
| File Description | Steam Account Switcher |
| File Version | 1.0.0.0 |
| Internal Name | SteamAccountSwitcher |
| Legal Copyright | Copyright (C) 2026 |
| Original Filename | SteamAccountSwitcher.exe |
| Product Name | Steam Account Switcher |
| Product Version | 1.0.0.0 |
File Traits
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 785 |
|---|---|
| Potentially Malicious Blocks: | 5 |
| Whitelisted Blocks: | 657 |
| Unknown Blocks: | 123 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
?
?
0
?
?
0
?
0
?
0
?
?
?
?
0
?
?
?
?
?
0
?
0
0
0
0
?
0
0
0
?
?
?
?
0
0
0
0
0
?
0
?
0
?
0
?
?
?
?
?
?
?
?
0
?
?
x
0
0
?
0
?
?
0
0
?
0
0
0
?
0
?
0
?
?
0
?
?
0
?
?
0
0
0
0
?
0
0
?
0
0
0
0
0
0
?
?
0
0
0
?
0
?
0
?
0
x
x
0
0
0
0
0
?
0
0
?
?
?
0
?
0
0
?
0
?
0
0
0
?
?
?
0
?
?
?
?
?
0
?
?
0
0
0
0
0
0
?
?
?
0
?
0
?
?
0
x
?
?
0
?
0
?
0
?
0
0
?
?
?
?
?
0
?
0
?
?
?
0
?
?
?
?
0
0
0
?
?
?
?
?
0
?
?
0
?
0
?
?
?
?
0
?
?
?
?
?
?
?
1
?
0
?
?
?
?
?
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
