Trojan.Agent.FEA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	21,543
Threat Level:	80 % (High)
Infected Computers:	7

First Seen:	January 13, 2024
Last Seen:	February 5, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.FEA
Signature status:	No Signature

Known Samples

MD5: 2eaf87bf437925d13fc6596920d49819

SHA1: 0f7cfeeb356959d7336d15dcacbdd37eabb7333f

SHA256: F5848AC22A62541A4393C776D475F43B3FD5D9D6E007F93E505BDDB0C5FBCEE6

File Size: 2.98 MB, 2979410 bytes

MD5: bd8e4617cbb237672b304e60f2d855e2

SHA1: 5d2daff8864c047ef79bfcd9b878864caee71650

SHA256: FDD3395B8F205273C14668135612D5BCA6E47F54F81525B91EE7048152CC6EFF

File Size: 3.32 MB, 3320937 bytes

MD5: e8ae55976d3a8248a27be18b8347e430

SHA1: d9d811bd7beab7883dd58c9884c7b5e658bbddbc

SHA256: 1509E698C2ABB19AD734AE3FBCAAC7C0766B43897AD74E58E4F122261E1DF14D

File Size: 3.62 MB, 3619244 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	http://opencv.org/
Company Name	Kh_Team
File Description	Developed By Khaled Darweesh OpenCV module: High-level GUI
File Version	4.8.0 1.0
Internal Name	opencv_highgui480
Original Filename	opencv_highgui480.dll
Product Name	OpenCV library
Product Version	4.8.0

File Traits

big overlay
dll
No Version Info
x64

Block Information

Total Blocks:	16,090
Potentially Malicious Blocks:	2,465
Whitelisted Blocks:	13,293
Unknown Blocks:	332

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 x x ? 0 0 0 ? ? ? 0 0 0 ? 0 ? ? 0 0 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 ? ? 0 0 0 ? 0 ? 0 ? ? ? 0 0 0 ? 0 ? 0 0 0 ? ? ? ? 0 ? 0 0 ? ? ? 0 0 0 ? ? 0 ? 0 0 0 0 ? 0 0 0 0 x 0 0 ? ? 0 0 0 ? 0 0 0 0 0 ? ? 0 ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? ? 0 x ? 0 ? 0 ? 0 ? ? 0 0 0 ? 0 ? 0 ? ? ? ? 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 0 x 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x 0 0 0 x x x x x 0 0 0 0 x 0 0 0 x 0 x x x 0 0 x x x x 0 x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? 0 0 ? x 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? x ? ? 0 0 ? 0 0 0 0 0 ? 0 0 0 ? ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? ? ? 0 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 0 0 ? 0 0 ? 0 0 0 ? ? ? ? x 0 0 0 0 0 0 ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? ? 0 0 ? 0 0 ? 0 ? ? 0 0 ? ? 0 0 0 ? ? ? 0 ? ? ? 0 x ? ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 x x ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 ? ? 0 ? ? 0 ? ? 0 0 ? 0 ? ? 0 ? ? 0 0 ? ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? ? 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x x 0 0 0 0 0 0 ? 0 0 ? 0 ? x ? 0 0 0 0 ? 0 0 0 0 ? x 0 ? ? 0 0 x ? ? ? ? 0 ? 0 0 0 ? ? 0 ? x 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 x x 0 ? ? 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 x 0 x 0 0 x 0 x 0 0 0 0 0 x 0 x 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.FEA
Keylogger.AIU

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꋁ桑⛙ǜ	RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.FEA

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Win32.Autoit.aks

Trojan.Gatak.A

WowCoupon

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...