Trojan.Agent.DTD
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.DTD |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
dcc549e6f5b53a2cd3b233df2563338d
SHA1:
253ee356400c1b0d8c4373a5c65461d566ac5a40
SHA256:
B608E4E823AA36BFC9D511BAC860FA380961E2E93C319B4D880F1F830EAB7DC4
File Size:
219.65 KB, 219648 bytes
|
|
MD5:
ee35b4150faa1f183bc63241b7ffe983
SHA1:
5fd2835cb35411f07da2177388e18885533bcdb2
SHA256:
73B9162AACC3EFD45F86BF7B62367216E3B2FC235ACCAC867F13C527A26B874A
File Size:
228.35 KB, 228352 bytes
|
|
MD5:
69cb408cb7507e4dab71b005da0f7632
SHA1:
50aba58fa96abb6c9d47d9b835a29d8636fee725
SHA256:
0A682E9DF4A527BD38AEEC12D10C762EA040EAD677CC4B9566644005AD2C2151
File Size:
1.08 MB, 1076224 bytes
|
|
MD5:
46a7ab454c2f07b7bfa6e347e51a5b2c
SHA1:
4e9a38a24034573b67af40a5065ffac81c040cd7
SHA256:
BA9203D0F0507406B46F6E4D53384B3718E82BE0618D17289129AE82F67F9A13
File Size:
1.12 MB, 1117696 bytes
|
|
MD5:
12beeffdbc91de591fcc0d13f528b516
SHA1:
750355461873feadff8a6bd8667857518bd53339
SHA256:
DD742BA3FF01C7BD7DC4FE7389EFEEABD213D1442F6D6ABAF8A61321BE4E80B3
File Size:
1.10 MB, 1099264 bytes
|
Show More
|
MD5:
e00121ebed3b92365840d70f048365e2
SHA1:
b5f640b4c5cd2dcc9f4861405dba71245e827654
SHA256:
C1B25E91DBF905F6562049D47D6344D0AA4CAEE43672D7A0534CB32D71A74848
File Size:
1.10 MB, 1099264 bytes
|
|
MD5:
2321fbba2e734e602de6b097f2731f1b
SHA1:
f8cc0d5f6eb5f0e5f4b89a89c2ae8329da4c262d
SHA256:
5C6651876A50CD553709CA045D10240D5F829F18C7AAAD9CEFBDDBE03AC09878
File Size:
1.05 MB, 1049088 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- fptable
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 917 |
|---|---|
| Potentially Malicious Blocks: | 61 |
| Whitelisted Blocks: | 806 |
| Unknown Blocks: | 50 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
x
?
?
?
?
x
?
x
x
?
?
?
x
x
?
x
0
0
0
0
0
0
?
?
?
0
1
1
?
?
?
?
1
1
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
?
?
x
?
0
?
?
?
x
?
x
?
x
x
0
?
x
x
0
x
?
0
0
0
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
?
x
?
x
x
0
x
0
x
0
x
0
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
x
x
0
x
x
0
x
x
0
x
x
0
x
x
x
x
x
x
0
0
0
0
0
0
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
2
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
