Trojan.Agent.Gen.AUE
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.Gen.AUE |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f5d86455dcf91c429deb679d58513293
SHA1:
ebf41ffd75c5963322eff9ce22972e1f77ee9fba
SHA256:
9C9E34B67D5A684E043E65B1955713E316592AA2E4E33214964661FE22463A51
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
e41e39625e8f508ae4a071c8c97de781
SHA1:
9e13a670cbc1027628b377da291953e802ad981c
SHA256:
93B10C153B784923C15D2BDC71AE764421EC70160CA993E65D63EB4F1F734333
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
2f02388b3bb5df7be3da1aeb3f68c325
SHA1:
eb6c19574ffdd6a68c4bd78842cc793264f2680d
SHA256:
E0A33382EF7CDC4E02AD68F4300701A49F36D47992E36DF13A555BC99B64D747
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
325681d0d01bf5eff17cd3b427db207a
SHA1:
a4f704b6336293ee896823d822a1b8d0f7fc9956
SHA256:
83D6367CC4B12E1E42C3EB71D767253D7BB3A5E4340FA00610865D702B406D2A
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
047d046b01fd76f56ad78f64403a15d0
SHA1:
656128b7cb88eb4bc15a61dba8d4598524dfaac6
SHA256:
BAFD7AE9A01C88FBE84643E25DECFEE3208C4E25CC91D82F513796285780D66C
File Size:
242.69 KB, 242688 bytes
|
Show More
|
MD5:
e8278701966e88f3fd5c82153c5d1be8
SHA1:
1600637ed1b31fd9e66b433a3ffcb1af0c0814c7
SHA256:
60CBFF9A253E91A57EE2EAA3E3FA4AF1BCF5D0C155518D7E3227B5BA3DA5B8A1
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
573dbd7100fd3ab33ac00132e457c39c
SHA1:
ce6ed8b11e6226a3e445264139d702e30f5280e4
SHA256:
8703E078277C3DEF6E976C61BA0477AAF0D464A7E6F338C5AE134A8FA7FB1E86
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
7951cf599bfa2bf4b76cf6fc49ca7ada
SHA1:
3216d63d1c124c10bc80a5a555bef2bb931b7634
SHA256:
CC6CC4991F78F54968DB7090E7CB0E489391EBA5031B4C72BDA74F5123097587
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
828942ebcdb4fa104944d8a3cac82d9c
SHA1:
206c71c220481af1bee194104efb5d3b9ac5c455
SHA256:
1028FDDDCC3CCFF85B76A4D44EE2B26C4879D7A8720B0B0D9D48A8EE50DF18FF
File Size:
21.50 KB, 21504 bytes
|
|
MD5:
2a576b8792d88ed1856ecb7839b3c25f
SHA1:
dfcfeb49c44fedf0e2544146e7288bcb3e99fc17
SHA256:
6C63C48C0BE7403DB955B14237448BB6103D55F1B00A7FF77C27EF147F509BC6
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
f0d6941621758aafe4e88866333dfd99
SHA1:
01c265fdbef57b5747b9048b740a91a9e1a1a45f
SHA256:
5A9844B73FEC4591BFB9E480700FF7AE30D2C6003A43EE2E632C5967B45C237D
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
2b607618180be4d10f28df62d450833a
SHA1:
6f1ec20121133ed7167e6df7da5a8a7b57dcd5fe
SHA256:
7546D14F9BD222CB9C89655C094D500A8A376A5CC329C3EB6FA19F131ACE5189
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
330bb54a30bc9b5c4600ba69844b3c6b
SHA1:
e221b5ffa690860eb9e5ac253316768fcc5e648f
SHA256:
E95EB2D1DBD3BE7EDFC13490EA7ED412D8327581004D58BDC59C39D21BDEA2AA
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
1679d467cf628d3db3e89c1154eefced
SHA1:
af2dc13fc7b99e74347ca60004d7d71ba88e14a0
SHA256:
CC488DC9813BE80A8A4903F005C40DA0ABB10D564796500EBA040345E202E260
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
0445c91b5bd6fa5cbfb25700cd985879
SHA1:
b585b606add9e539c8a30af09d17345c983e3e4d
SHA256:
C63EEDA99DFDBC0105832A825E95EB03278AC12D3BA461CD9CD982B4C755C49B
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
c626b6b999bdd0c932b7b550272125e5
SHA1:
eefb260b0d3e6453d71df4fd09c222db5a466508
SHA256:
794996E46DB91B2A97EE66E064C6A91963E8BE8F46EFE8305543D17DC4FBF815
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
7200082af704f1ab65f454433aeea374
SHA1:
b6608576cd2451cca7c358532921801970ae4c76
SHA256:
A5F6AF9A4499EA3A338DECF49A6D69B3B5F236DA095631CD6B60508C6332F8AB
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
ba813d891777f67931ec45cf91020f33
SHA1:
387b41850c6c8d105f421f4f5d2de69b48f81bac
SHA256:
25C77E1942CC8F4D8D20579A812CEF9CAEA31018DC44DDFC55F8ACDAF157CED5
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
b0e0dc4c5b8e38b6980b20f665cd3380
SHA1:
b1b0b8721b9906aef1167e548fef88a6f171910c
SHA256:
78E14AD82F1574A1D9833AC900E13B02C3CB0C5CF901CA28A05DCB52FADF3AFD
File Size:
19.46 KB, 19456 bytes
|
|
MD5:
8e0cce37ed54ff8262c4a967b06cfbdc
SHA1:
d697b88ab2b57aeded93436f75ce14aedcd51f08
SHA256:
CD0B665C65FD63A8C8C47D1C60FBD2D20316B455307DD774ECA5BE8D02CB0B22
File Size:
19.97 KB, 19968 bytes
|
|
MD5:
169b98c9dbe4d21f183f94502530fe88
SHA1:
41850b086ed43829fc9fee78ca2b6fea98bcef16
SHA256:
198DB6A7C5BC6959374C1E0089F3BB483FCDDA2CEC96D5A5A2D3DBF09B4141BA
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
6380a4688c5a62ff02b09e9ae1783d15
SHA1:
b7873831ce932c5c18a090ca4eda39737edf813b
SHA256:
61F6ACD636B727ED57828DE90BFACD2B6F849D792F961D88849F2A0955CFC532
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
9eea840d83132d8c070c37d9d0386654
SHA1:
f7b91fae101cbd9fd5b18da9fab8590ef30fbbd6
SHA256:
01A35020171721995A70EC5FB90D60F71423C157B9C0DCCBAF99BB0D9F0E5C13
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
8320c11e7923fa2df9de8f9521bac936
SHA1:
f6c64190bf91ef9b40258afbe30004652fc14517
SHA256:
6E955F0EA6D138392E8379CBDA795C227AB4BD72CC592E9E0C295E629951327A
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
3f532286daa5e80680af07da3f19ab23
SHA1:
bc2e210f087ba2f06e4242de0e6796ea8b49c9ea
SHA256:
0973CFDDC289DCFA0404D521E99AB2413E7BC1F51CB3DBA5F92039624D0F6041
File Size:
19.46 KB, 19456 bytes
|
|
MD5:
4ef6063306334ce4855d9df9185db78a
SHA1:
23f7cead1969c0f3b87b6bf86a48f2c232792c53
SHA256:
BD4E4FDB3DE89FF7563B74BC81A6A891193DFB01B32B8DAB3655742B108B75DC
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
b5260ce014e349615f9133dac13c3eaa
SHA1:
8f5170a9d9dcb0f8e6af6457db203af7e0fcade6
SHA256:
4F73C72CE357730676719BDDDF797D5AC1F74CF359962A067ADAEC8F490874D3
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
3112b979b102f6dc43a980542aa34682
SHA1:
37d01310f4bb2e8ca20280af8503ebb3ce731a75
SHA256:
1B31459A11E5314C7930152479E669F5719783CFB59AE3C90589AB99792D44C4
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
1251222d10b75fa0b40dc117a4f253ea
SHA1:
f90bcbf172e2ac3998eb29423a6c6af3f600e926
SHA256:
9353E66462DB10EBC91B19BB3FE77E261C122007D3DB7E648709BA9157A24726
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
a1f8a06289f298946eda6a8c691a5896
SHA1:
141715fe4840efda86907a9abaf18f14ca0177fa
SHA256:
6140307D56E1F9C81BEA99DDC1BA0E9692484D54439175A29E287FE08AC1CA48
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
3a78cb39240b9a9a4f1200a8e61be308
SHA1:
62cd3e959f4aa58e12c20006536b6e221be3ce7e
SHA256:
8799931C3A717083D7E06E85DAD51AEE9E5ED5A2F8F561657D398B235BA132EC
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
f7d1a5941cefbf5013c3197894b2e519
SHA1:
fdaea7103b483eba2269d6d26eb5337817397000
SHA256:
1A357948BF8B79684C0EAC028BFC01800AC5956B3CCF8746729C1C746DAA0623
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
43871e6948c35e3f710c322461e86065
SHA1:
d27fa67e884e428f75e2846bdecadfca53144f38
SHA256:
DDEF3236EEE5564DA2FE715AE5C4494634A75ECBF8C8267FBD0D2550A302518F
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
ddd47cbf1bbd649e5d9ea1749c401855
SHA1:
356f8fa453081dda712c9115f37a4318961aa61b
SHA256:
4315595A86A7B8098E06ADE214C23F9EA1710EA6A24BDC7B7A1B16559BF43392
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
e1dc12770cb453069f35d6380e96e45f
SHA1:
190d7d3241d5b75f656a1a0630080c33d9d3ad10
SHA256:
78F6D8FF5DB159B0C6D06BEFE930B58DB52D5AB67F23AC46AACAB776EDF83079
File Size:
242.69 KB, 242688 bytes
|
|
MD5:
6fd194bf08e22fff1a53724f69123ed3
SHA1:
a9d2d283b51c473018a7ea69f5689315b5a67e23
SHA256:
322EA1B90AD393EB8717C3DB7894A06A3FF4BA66109F8AF135FEE5C680D3809E
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
2b8302c577a912ff3791bd117bfa572f
SHA1:
af8757d4d9b8cec10bf762ad0b10fa9c1eeb6d3a
SHA256:
0DD7A73DC0C88B62C9737FED442566A6982330B267F46D02CC1AD90F38F978BF
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
7e2ba5d56b04261b5463de68a1e2b739
SHA1:
bbc330830e5c4b1b56b5071379bc466ec6895c9d
SHA256:
FE237EFD703D4EF1E6DB33CCAC5B69473B63B020EB91F0C0E0C33DECCFEE96DD
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
f4874a2fcc56fd3cdac00254821c865c
SHA1:
5f65e70cb7c345e07aa88417273cad30a0255951
SHA256:
0AD778EBA174AF90DBBC28A943F7EA9AB183CB42757A9EAFA8F25D3DC6CE6326
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
60aa7bf6e20ace1ebd959aa3761cb676
SHA1:
7f46f17298c8f46314d90dfdf6b6385f5cae543b
SHA256:
5E424E6D678B3FCC16B9A174B6388211506BF5D1AB3988C3D659A4E4CB725810
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
10a48aec9d454cd6fd1875bc4a08fba1
SHA1:
b3879f2767cea3d30e8c59537f0bb8a4ee9313b8
SHA256:
D1B581069FB2670A5A5DDACC240B318B91B4BB3DECEDC7198B5AB75F71CCFB83
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
61ea32a4daf4779adc7a1ed4d2f9b512
SHA1:
e203f8c9aeb43df7f5de9047435ce71724c9db70
SHA256:
487468E438DB719357961B34E5AEEDF04CB895C472A156FF35BBE3C6E001A3B6
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
d04d7437d1fcea76490ebede60869685
SHA1:
308faa9d4245b0dd6f147b2f90c07d26121b8bf5
SHA256:
E1E863F22B09D0EA4867950191D62C1CE8A687AC1878E523EAD650352A67D6AE
File Size:
19.46 KB, 19456 bytes
|
|
MD5:
c6325f5462c288e03a732ecf9f6590e9
SHA1:
71dc8fc16e8c74749dfe2b7a2b615c571c9514bb
SHA256:
41C809C4A2369E2C38154526F57F3CC78B86CD7F3E44F4BFC543D1B749B47C1D
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
7ce81d9c7fe3e8952e9cfe87c6728c9d
SHA1:
a94330e0438b8b26068d3e838e4e36cb2d9a8a2b
SHA256:
E47CFBC41FE69A1EB7A6F9065910BB125DC8BD5E9469333639B2B351C820DA03
File Size:
28.16 KB, 28160 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have security information
- File has been packed
- File has exports table
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 50 |
|---|---|
| Potentially Malicious Blocks: | 6 |
| Whitelisted Blocks: | 44 |
| Unknown Blocks: | 0 |
Visual Map
x
0
0
0
0
x
x
x
x
0
x
0
0
0
2
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- LockScreen.AG
- StrelaStealer.A
- StrelaStealer.B
- Trojan.Agent.Gen.AZD
- Trojan.Agent.Gen.BIA
Show More
- Trojan.Agent.Gen.BIK
- Trojan.Kryptik.Gen.DET
- Trojan.Kryptik.Gen.DQY
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\programdata\amdvirtualization\control.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prx7400.tmp\prx7400.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prx745b.tmp\prx745b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa17a.tmp\prxa17a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa207.tmp\prxa207.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa226.tmp\prxa226.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa265.tmp\prxa265.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa572.tmp\prxa572.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa582.tmp\prxa582.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxa69b.tmp\prxa69b.tmp | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\prxb6b2.tmp\prxb6b2.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxb701.tmp\prxb701.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxb7ac.tmp\prxb7ac.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxb80a.tmp\prxb80a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\prxbfb5.tmp\prxbfb5.tmp | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
