Trojan.Agent.FGF

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.FGF
Signature status:	Root Not Trusted

Known Samples

MD5: 3e79fbbf801cea9ce071be39d4ccdb0c

SHA1: 8a6481b8c395eaf8db6c2b8f5e453bfc9326b4d6

SHA256: E9BE316E1F95633C50B895EAFE9E9844CFAEE0853FED412DD7750F60D90206D6

File Size: 7.33 MB, 7328352 bytes

MD5: f90290de716115eb2976c47bb3a75df5

SHA1: a748821dbdcbad95c96c383e7ff798d7a183c73d

SHA256: 95FFEEADC16833CEDF19650DC3061B630CD4B9B8087FB031A43E18A6FB86E4F8

File Size: 8.37 MB, 8372032 bytes

MD5: 2330935bce45c569234561b6e8015ff5

SHA1: 042ddff70ede54a89ef9b902acef1859cc8abca1

SHA256: 5FC3ED61D3F522255BF4F6A8F31C5A75A0DCD7F9D42081D8A7E04926EFCFA62E

File Size: 241.66 KB, 241664 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Build I D	2008051204
Comments	For additional details, visit PortableApps.com
Company Name	Mozilla Mozilla Foundation PortableApps.com
File Description	Firefox Firefox Software Updater Mozilla Firefox, Portable Edition (Test)
File Version	4.42 2.9.9.9 1.9
Internal Name	7zS.sfx Mozilla Firefox, Portable Edition (Test)
Legal Copyright	License: MPL 1.1/GPL 2.0/LGPL 2.1 Mozilla PortableApps.com and contributors
Legal Trademarks	Firefox is a Trademark of The Mozilla Foundation. PortableApps.com is a Trademark of Rare Ideas, LLC. Mozilla
Original Filename	7zS.sfx.exe Firefox_Portable_3.0_RC2_en-us.paf.exe updater.exe
Portable Apps.com Installer Version	0.9.9.0
Product Name	Firefox Mozilla Firefox, Portable Edition (Test)
Product Version	4.42 2.9.9.9 1.9

Digital Signatures

Signer	Root	Status
Rare Ideas, LLC	Rare Ideas, LLC	Self Signed
Mozilla Corporation	Thawte Premium Server CA	Root Not Trusted

File Traits

HighEntropy
x86

Block Information

Total Blocks:	461
Potentially Malicious Blocks:	21
Whitelisted Blocks:	440
Unknown Blocks:	0

Visual Map

0 0 0 0 x 0 x 0 0 0 0 x x x 0 0 x x 0 x x x x x x 0 x x 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 x 0 0 0 0 1 2 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\browserconfig.properties	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\browserconfig.properties	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\chrome	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\chrome\af.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\chrome\af.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\chrome\af.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\chrome\af.manifest	Synchronize,Write Attributes

c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\crashreporter-override.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\crashreporter-override.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\crashreporter.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\crashreporter.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\pref	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\pref\firefox-l10n.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\pref\firefox-l10n.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\bookmarks.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\bookmarks.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\chrome	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\chrome\userchrome-example.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\chrome\userchrome-example.css	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\chrome\usercontent-example.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\chrome\usercontent-example.css	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\localstore.rdf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\localstore.rdf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\mimetypes.rdf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\defaults\profile\mimetypes.rdf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\old-homepage-default.properties	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\old-homepage-default.properties	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\amazondotcom.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\amazondotcom.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\answers.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\answers.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\creativecommons.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\creativecommons.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\ebay.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\ebay.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\google.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\google.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\wikipedia-af.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\wikipedia-af.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\yahoo.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\searchplugins\yahoo.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\uninstall	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\uninstall\helper.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\uninstall\helper.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\updater.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\localized\updater.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\accessiblemarshal.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\accessiblemarshal.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\application.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\application.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\blocklist.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\blocklist.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\browser.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\browser.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\browser.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\browser.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\classic.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\classic.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\classic.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\classic.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\comm.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\comm.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\comm.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\comm.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\pippki.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\pippki.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\pippki.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\pippki.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\reporter.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\reporter.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\reporter.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\reporter.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\toolkit.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\toolkit.jar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\toolkit.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\chrome\toolkit.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\aboutrobots.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\aboutrobots.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\browser.xpt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\browser.xpt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\browserdirprovider.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\browserdirprovider.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\brwsrcmp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\brwsrcmp.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\feedconverter.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\feedconverter.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\feedprocessor.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\feedprocessor.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\feedwriter.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\feedwriter.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\fuelapplication.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\fuelapplication.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\jsconsole-clhandler.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\jsconsole-clhandler.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsaddonrepository.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsaddonrepository.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsblocklistservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsblocklistservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsbrowsercontenthandler.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsbrowsercontenthandler.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsbrowserglue.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsbrowserglue.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nscontentdispatchchooser.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nscontentdispatchchooser.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nscontentprefservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nscontentprefservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsdefaultclh.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsdefaultclh.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsdownloadmanagerui.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsdownloadmanagerui.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsextensionmanager.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsextensionmanager.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nshandlerservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nshandlerservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nshelperappdlg.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nshelperappdlg.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nslivemarkservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nslivemarkservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nslogininfo.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nslogininfo.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsloginmanager.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsloginmanager.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsloginmanagerprompter.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsloginmanagerprompter.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsmicrosummaryservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsmicrosummaryservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsplacestransactionsservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsplacestransactionsservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nspostupdatewin.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nspostupdatewin.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsproxyautoconfig.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsproxyautoconfig.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssafebrowsingapplication.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssafebrowsingapplication.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssearchservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssearchservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssearchsuggestions.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssearchsuggestions.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssessionstartup.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssessionstartup.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssessionstore.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssessionstore.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssetdefaultbrowser.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssetdefaultbrowser.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssidebar.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nssidebar.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nstaggingservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nstaggingservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nstrytoclose.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nstrytoclose.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsupdateservice.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsupdateservice.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsurlclassifierlib.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsurlclassifierlib.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsurlclassifierlistmanager.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsurlclassifierlistmanager.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsurlformatter.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nsurlformatter.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nswebhandlerapp.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\nswebhandlerapp.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\pluginglue.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\pluginglue.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\storage-legacy.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\storage-legacy.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\txexsltregexfunctions.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\txexsltregexfunctions.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\webcontentconverter.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\components\webcontentconverter.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\crashreporter-override.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\crashreporter-override.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\crashreporter.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\crashreporter.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\crashreporter.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\crashreporter.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\autoconfig	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\autoconfig\platform.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\autoconfig\platform.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\autoconfig\prefcalls.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\autoconfig\prefcalls.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\channel-prefs.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\channel-prefs.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\firefox-branding.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\firefox-branding.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\firefox.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\firefox.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\reporter.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs46aa.tmp\nonlocalized\defaults\pref\reporter.js	Synchronize,Write Attributes

218 additional files are not displayed above.

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation

Shell Command Execution


							.\setup.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.FGF

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Nextgeeker.com

Mr Beast Discord Scam

Bear Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen