Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.FGDY

Trojan.Agent.FGDY

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.FGDY
Signature status: No Signature

Known Samples

MD5: 9af8ea0ea23220f005a4d714f9241e9c
SHA1: 14e9290d1dc088591cc4ee848c2caea19525794b
SHA256: C9F5BC2CF8329BDEEF669F186100C053196249B5FA2FADBC630376AFB5999EE3
File Size: 251.90 KB, 251904 bytes
MD5: 4fe1fe06e45b3a4c0d36bf20cc5b5c67
SHA1: b04d511402523da313b390bc6b265b761edc0373
SHA256: E87A78BE77F3D3B1F281D3751435133DD098FB8349395951FDA4E66C65957845
File Size: 251.90 KB, 251904 bytes
MD5: 0650b7a47be3011740388b218e489cbe
SHA1: bd3d237ce71806fda89b997a50366ac1a5b6f849
SHA256: AC003199B87C131E4F9C7FC0E50C3FCE56C40A5788C3B71F3367B52C085E183D
File Size: 251.39 KB, 251392 bytes
MD5: f4d4a0d0e672388dffa46a8c0dcac938
SHA1: ed9fe6f9ca5a2b628f196d92c83fe41909e98680
SHA256: F8BF6AD18072C68BB61EA02A103E0798BFA27D16B2EAC39A43E9E396A202BA78
File Size: 251.39 KB, 251392 bytes
MD5: 168be846264d4b8dcc769306a026e6e8
SHA1: d12933de2e90c6521890e9fb9fb571a3b2ce9e09
SHA256: 0C30976591BE052679CA1806D78FEF528235BB7B2E8ECAD812705D6BD8019DFB
File Size: 251.39 KB, 251392 bytes
Show More
MD5: dc5e3626ed492ac99bc2c44c12a23570
SHA1: 6453fc1d87e5a888853ddc700cb97c3dd4a8228d
SHA256: A55587E3F5D2EAFD9FA169778E8BB983B2703464D6BE50E84F032E30B5236CCF
File Size: 251.39 KB, 251392 bytes
MD5: 0614e9c2a0346a07e37251ad4ae38129
SHA1: c40127decd43dc7f3d60eedf75569cbde0175da8
SHA256: 1DD1848BBB3155A22E56BBC77E1B640FE6FC29BC1DE4A5B0412D631E234B0589
File Size: 254.98 KB, 254976 bytes
MD5: aa0cef10662714d4066936dab8a99620
SHA1: 2e7e0e67ff9298a6d1fd2de77185bc21a295e00c
SHA256: CC1D19CC640CD95033EAAFE2F5ED81C3B519EEAD2C51151CA0F17D919C80818E
File Size: 252.93 KB, 252928 bytes
MD5: c2426194ee7a51d824bc91c97847c858
SHA1: 5f391202d65280559fdde55d5739a8c523703a10
SHA256: 2C885A4EE291EF3E38132CD073D9BDEB960E7433D3671092A059D44E871875F4
File Size: 252.93 KB, 252928 bytes
MD5: 0ed78dd7739fe62c27c2c1467503bae1
SHA1: 7e0ebac90dbea1739ef7ee1609a698eff6bdb85d
SHA256: C0106C2C10E499D1BCBA7F69517678217A2A3DF1E73C209ECD3A1DFC5C464688
File Size: 252.93 KB, 252928 bytes
MD5: 7c562e26747a28b8db176d7fa4af9767
SHA1: 82313d2a3f26384bd853935cd50f2daa4cad72d5
SHA256: 5EF106E0CB77FF121158918C9BEE29B79E9C1D65F8CBCBC44F4F25DB867E88D8
File Size: 254.98 KB, 254976 bytes
MD5: f2ba54403475b14b211b5f700f6680f2
SHA1: ddcdd1e76cc5e52aa6307826563dd3098925d65a
SHA256: 4B692F85D92C7C8A9BCB01D4E445BA2865A917379653033AB9022B7E5BFB7FCC
File Size: 254.98 KB, 254976 bytes
MD5: ebe184e152adc546e0ee992c0406ecf9
SHA1: 1a985140c775b2e9506beeab890c9d9d2383ac0a
SHA256: 64B2AC8DCCB2B192DCA24C6F19839CD4DA7740065A7433E8BCD6B21B973D90A4
File Size: 254.98 KB, 254976 bytes
MD5: 288c271a5582c9e495ea07e0f5d49839
SHA1: 49a06830f001c5666cdd32f31a109c9367350318
SHA256: A9D549090BA8A9987C866C15A1B58F8FD0566ACF015A4B0F77105CBABDBD798D
File Size: 252.93 KB, 252928 bytes
MD5: 0450f77ffb341e6967634fe4b91bc449
SHA1: 5a94eee62492be2b027e22505979343949ea3666
SHA256: 3367E3741CBE7E94D559B1799C2C37DF81970F18FB8B915E9926FF140429209E
File Size: 252.93 KB, 252928 bytes
MD5: b7c29a181cb4d4a419db53e0ec438499
SHA1: ff017dc3ecb39c68223a93e48a486ab6ce58d2a7
SHA256: 311F7724522790A5BBFF1AEEB7B769FD713FA7CCEF23EECF1D39B5D3210E3F7A
File Size: 252.93 KB, 252928 bytes
MD5: 5a0d980b5ff6b588fe5f537b5921babb
SHA1: a5d60f2275d225129179193061280f103147b25e
SHA256: 6A43D2C6F7FD550C9AF0740DAE66396FE65A11D36EEA6D3611398A35C68C24BE
File Size: 252.93 KB, 252928 bytes
MD5: 2c29e8bdfa844a1de98778c3b82f5e7a
SHA1: 60a9189a7f7de2d1336fa40d415e6286794624fd
SHA256: 8A3FC9FC67BF299801EDB95FD7BF5610EFC0C3D9218E0C524F2FA622A30F275D
File Size: 254.98 KB, 254976 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • fptable
  • No Version Info
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 845
Potentially Malicious Blocks: 71
Whitelisted Blocks: 774
Unknown Blocks: 0

Visual Map

x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FGDY
  • GameHack.LKT
  • LockScreen.AG
  • Marte.CP
  • PSW.Discord.M

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
Show More
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Trending

Most Viewed

Loading...