Threat Database Trojans Trojan.Agent.DSS

Trojan.Agent.DSS

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.DSS
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 21eb255ab06f1b5baf22d3d474ee4ee5
SHA1: 5ad3d8bb2f6d72766da1e8142c41a1b4d223e616
File Size: 7.66 MB, 7657984 bytes
MD5: 22748214a2f493a16411fca1b30b93c0
SHA1: feb638e6fae77c1255f2a11bf13fd68ee5741359
SHA256: 91E9D4F5608417604E2C1A897EC1AAB0369DC0F791883CDD566D7B5177E12051
File Size: 9.37 MB, 9370624 bytes
MD5: 69348f68bbeab9716449ae7c443736df
SHA1: db5c7f4c5a3ba9120983288405ed4da5929ae248
SHA256: CE07A6D9BCB0E60703DE86C053961279A3C05EC42CEFEC75BEB941DF69DFE460
File Size: 8.86 MB, 8864687 bytes
MD5: 186df1186d39914862bab6758763f273
SHA1: 73d935a5f2329e9e35992c0ece14ab18af1b7501
SHA256: 343D8DC211FD8C581BE882706896E56993776186C3ADD92E525E1C3A4F3693D0
File Size: 6.79 MB, 6794752 bytes
MD5: 7ffd579e708a6a8be0328c9da9930e9e
SHA1: 54c06312b964917a19083220d53c174e95c295bc
SHA256: 19D5203A441D2116F89F1342D0150A99F36D4D066F810CC130B3535F5FB4FC95
File Size: 4.11 MB, 4108800 bytes
Show More
MD5: e5394c14d8c4b2500e886543202e021e
SHA1: e45db5907c96e0826e64425ea78990702fa49843
SHA256: 9633546ECE8F4708B43F477FBE614DD256CFE84F5C8B7482680C1D66ED811B29
File Size: 9.86 MB, 9855832 bytes
MD5: 9b9d35b4f7839a7f982f3f5fdc7e6b3d
SHA1: 1ddf87c0c88ec3dc1cd2399d9c26a16872c1ba83
SHA256: DA657DC130E83332C349C8EC1CE9229018376B7A687A62FB633C87B4BACD5885
File Size: 5.80 MB, 5804032 bytes
MD5: 7ce7334dfbea424a4a083cded28261d4
SHA1: b88774eac4715e7314b67911712cdbd4a6d7d0e0
SHA256: ABA5C3E945F1CCB53035B2CC1A67918C9A1FAC1022FC4C69002B4F0DDC77A5F7
File Size: 4.11 MB, 4113920 bytes
MD5: 3a78c9e4d0f38a134cadd279c31c91da
SHA1: c738012740c23533d38e89f7ec88323943b6a5e1
SHA256: 7705BE593BA309E60BD41011D323C7FD2FF078816BA14B9171B0750AF8700407
File Size: 6.70 MB, 6697984 bytes
MD5: 69b988603f45f341c6903299513899e6
SHA1: e65e7929cbeed5a07422eea3d86be683dfd6a18f
SHA256: 55D1068A99AD7880930C0B066FB77F94A6C212FD7E8A42C83496539F15896E44
File Size: 7.44 MB, 7444480 bytes
MD5: 4d82d70ec5e797469a96dadb8a439ec9
SHA1: e228c7c853b114d1c912d6d35431dc99cc63c19b
SHA256: 721098A936BA0666489B35693B4C3A3C69F512353D7DD567F0D3F62E5F87366C
File Size: 5.60 MB, 5604864 bytes
MD5: da1c6bcc88835e45000fc2aa0bdad090
SHA1: 2e1ed98474dcf1316d9d1c9c5279baa05cd633b2
SHA256: 8CA5F24D71AB5FBAE39488C74E58AE9EEEEB102B24B4F257F14BBFB955D78609
File Size: 3.28 MB, 3281408 bytes
MD5: 9b5c4a4f61efb142363915aa7211d551
SHA1: aa53dc5fa387e50b38f3557c67394d3984eba7d4
SHA256: EF378655170E3BB7682FD75D859EAC76F14BB008D79191AAA4205149CA45A3DC
File Size: 7.01 MB, 7007744 bytes
MD5: c4d5223f2785b7cb7544d430fcfeed01
SHA1: 30b78375b16ffc0effb0ec872e5aff9b3599af9a
SHA256: 96E81009132DE154AEC4E522658DB965580D39731D1C2FF93E48FCE20BC00630
File Size: 2.92 MB, 2919936 bytes
MD5: ed919957c7aa8680971ca38b0f75f62c
SHA1: 3d89b869e4b70f4b38c9b832c3160e3bb9759716
SHA256: 69659CD7C4EF897ED0F75498132C721470A6E0CBD736F9D57606426A43D632CE
File Size: 5.61 MB, 5605888 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • 2018001
  • This installation was built with Inno Setup.
Company Name
  • AssinaNFeA3 - Emissão de notas fiscais v1.2.5, Inc.
  • Gera3 Sistemas
  • GRDJ Informática - Sistema Frest
  • Max Scalla Informática Ltda
  • Overcom Sistemas
File Description
  • AssinaNFeA3 Setup
  • Atualiza_Tabela_IBPT
  • Balanca
  • ConsultaCNPJ
  • MaxFIS
  • QuickTouch
File Version
  • 2022.0.0.2
  • 21.4.1.1
  • 15.0.0.0
  • 4.7.0.0
  • 4.0.37.0
  • 1.4.2.201
  • 1.0.0.0
Internal Name
  • IBP
  • MaxFIS
Legal Copyright © 2017 by SoftDigi company. All rights reserved.
Original Filename Atualiza Tabela IBPT
Product Name
  • AssinaNFeA3
  • Atualiza_Tabela_IBPT
  • Balanca
  • ConsultaCNPJ
  • MaxFIS
  • QuickTouch
  • SoftDigi Easy GIF
Product Version
  • 21.4.1.1
  • 15.0.0.0
  • 4.6.0.0
  • 4.0.37.0
  • 1.2.5
  • 1.0.0.0
Program I D
  • com.embarcadero.
  • com.embarcadero.Atualiza_Tabela_IBPT
  • com.embarcadero.Balanca
  • com.embarcadero.ConsultaCNPJ
  • com.embarcadero.MaxFIS
  • com.embarcadero.QuickTouch

Digital Signatures

Signer Root Status
FIRE SISTEMAS FIRE SISTEMAS Self Signed

File Traits

  • .adata
  • .aspack
  • 2+ executable sections
  • ASPack v2.12
  • HighEntropy
  • packed
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 37,576
Potentially Malicious Blocks: 448
Whitelisted Blocks: 32,405
Unknown Blocks: 4,723

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.DSS
  • Banload.XH
  • Banload.XJ
  • Casbaneiro.A
  • Danabot.DI
Show More
  • Delf.OF
  • Gamehack.ODB
  • Injector.JDA
  • Injector.XN
  • Ulise.BE
  • Vadokrist.B

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-83o4l.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-phlk7.tmp\db5c7f4c5a3ba9120983288405ed4da5929ae248_0008864687.tmp Generic Write,Read Attributes

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Keyboard Access
  • GetKeyState
Process Shell Execute
  • CreateProcess

Shell Command Execution

"C:\Users\Vnceliyl\AppData\Local\Temp\is-PHLK7.tmp\db5c7f4c5a3ba9120983288405ed4da5929ae248_0008864687.tmp" /SL5="$10272,8162602,721408,c:\users\user\downloads\db5c7f4c5a3ba9120983288405ed4da5929ae248_0008864687"

Trending

Most Viewed

Loading...