Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.KFL

Trojan.Agent.KFL

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.KFL
Signature status: No Signature

Known Samples

MD5: a4dbe239236dcad7843d40e9174d3a15
SHA1: c34dc910e8ca562479adc9d6e344b8d398a8465d
SHA256: B4FA2E455EA20F4FB4EC48ACE6DF5CBB0AD1A59F7F57CC84B4FD384D64E618E0
File Size: 768.00 KB, 768000 bytes
MD5: c87692f426cc5e6021dbac8f8cc5cf9c
SHA1: dc0fc0bb3a8419e67431269aac0f540c65f83ed5
SHA256: 99A65B1C388A69F4948DAC3C9A092E44864DED30EC58B0BB19F5FB77EEA41D6A
File Size: 773.63 KB, 773632 bytes
MD5: fdc17f8b1e142cb2c01864339b71725b
SHA1: 893ba3f55ff14da475ad18c66104d749d4bc93be
SHA256: D4D42165D70F9298A08C014E1D1324C758D46A8A4A54A18FEFFFA6221A54B374
File Size: 8.74 MB, 8744960 bytes
MD5: 8d18d12787e5282a169ece2445649b82
SHA1: ab77f8d5ea3fb04e190d78273f804b2e00399904
SHA256: E944FCBD1C47680AEA35C6BBDB358A054ACB99D28754DD373265FEB4BCC35871
File Size: 773.63 KB, 773632 bytes
MD5: 2a14a3055d14fa3a61888160a4435ccb
SHA1: 1e2d1a0e31b837f1c739f0a3f4d12f06ef575425
SHA256: 28ED70E780F3A85BB38F304B1A72E9B9842FE88ED9C6BD55ACD1BF51FC1BAB82
File Size: 772.61 KB, 772608 bytes
Show More
MD5: 376cd092a59202432186476babd6c0e4
SHA1: 5111f7d8d0250171024309c0ec9eed46355dce62
SHA256: 19584BF845BF95A631A8A2CEBCEAA8E26233B107F702F77ADE35E0990B735D6B
File Size: 772.10 KB, 772096 bytes
MD5: bd222165f6fd8723d76eb68ab2aa78c8
SHA1: 90cb38eb2c7ecc10f4b5488bdabe5b1902b2654c
SHA256: 8E0C1589E467BE70257E424CA4D4A9329236C688C10CFABCD60FAF068260F01B
File Size: 766.46 KB, 766464 bytes
MD5: f1cd0a28df5f890633b40e610f7b814f
SHA1: 5960b866f1eb522295d70edaceda590715020ca1
SHA256: 8C75DABB923369A5EE2C3081994A724C964063C190ADCF510D683DCE446B9743
File Size: 771.07 KB, 771072 bytes
MD5: ce3ed6c53c4eaf605ffdfefe17be2111
SHA1: e3b130ac37bd71ff7c1c293005039a87d059a969
SHA256: 0296786E9B26D6E6520187D532AEC392A6365C0C4BAB3A24C4F34CCE564F076C
File Size: 766.98 KB, 766976 bytes
MD5: ec210ab8dd246c1b4066c19b0af65e0f
SHA1: 6fcae2851b41f6786fa4b05d9f2de21e9220daa8
SHA256: 98E24B0F1FBFDBDBCAC183EF7CC5F144F60702F58340008BC70C63B7E9E31B4C
File Size: 770.05 KB, 770048 bytes
MD5: 11b6877ad3a2e452734c20671d83c32f
SHA1: 8436f6866e41d088ffb4ec754706a04e957a9268
SHA256: 82ECAC29EBE1B21CCA47C446B5A91C00B3F131CACDACD0D028C3C651209E971D
File Size: 773.63 KB, 773632 bytes
MD5: 106d329b4e8ebe3f6f776131ac6d7156
SHA1: 0cba9e882d8e33a436221f3ea2150451a17d355a
SHA256: 695D4CBAF62DF17B597ADF8BE302A91198557545B7BD30AB1E57120504A38F8A
File Size: 776.19 KB, 776192 bytes
MD5: 840806fd79e02e2f365bf42095a11c31
SHA1: 6db6280850c8bb45b0f3406d7318aa6a8d046fc8
SHA256: 799BB6232ED493E810B335FCFDBC9B3847C5B5534331A5559F974D77261D6709
File Size: 773.12 KB, 773120 bytes
MD5: 8781c6732dc7c001b8b37bffc6ef1908
SHA1: a3bcf8b536e61b478221769df83835977916dbf4
SHA256: 5B2069D9F25914C77661C6CB2B5D621F441C0A094D4142CD8409C3681D103C6A
File Size: 770.05 KB, 770048 bytes
MD5: 5ea856b016142ce22766423d5d95173b
SHA1: 7604c2d494d789cc3435e8e81dc60ddbdf073fd4
SHA256: 1CD16151CDB90D77FD576CA9E1F70FA8526653C7ED49DB18F784B756C8A2F1DB
File Size: 776.70 KB, 776704 bytes
MD5: 1df744905d9d7e1097529c4f0ef8cbb2
SHA1: 9f46d462e16bd7164cdea84021b668e221c0ce74
SHA256: DAA2BA22A4D1AD84AB5065BE4C000B2AA852D3CF5E2B99F43658FE6EDA4B0681
File Size: 771.58 KB, 771584 bytes
MD5: 6340f03350e544dca2e0b15a8c74689c
SHA1: 5c0317fc5e6678fd3c6d6e95aea201e59d6e0970
SHA256: AA67C2074591CA2FA37370BF329FBB591B6A0ADE25C3F48A20508FB0F6848EF7
File Size: 767.49 KB, 767488 bytes
MD5: ce81a76878530bcc376e0ee297f698c7
SHA1: 6c8b87fdd9a74edae519483e1bfb5ce39c36527b
SHA256: C58509FF3A8D9CBE918FD5E5F778A83439B9F6A2AFB0A35171C42DAF7DDC149F
File Size: 770.56 KB, 770560 bytes
MD5: a01e2cf077f5a9cbfaefd2abc00c448a
SHA1: 0326da9245cc9f2a08129a7a6b6b3bbf839eb1a1
SHA256: F98AAEFDA84DE9342BC70CE535BC9CC1BBDBA8C7AE21F524F870508D6263357B
File Size: 767.49 KB, 767488 bytes
MD5: 599fa10a3d6661a8d13788d8bdac6424
SHA1: daf4d4bb3cc49d35cd7a5291cfdb6d416ca93ef4
SHA256: 37DE738F638E13591D8E7DF763B8A3C9BFD46374824ADDDA5CEECDF5BC06FE38
File Size: 775.68 KB, 775680 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • dll
  • fptable
  • HighEntropy
  • No Version Info
  • VirtualQueryEx
  • x64

Block Information

Total Blocks: 595
Potentially Malicious Blocks: 13
Whitelisted Blocks: 577
Unknown Blocks: 5

Visual Map

0 0 0 0 0 0 0 0 0 0 0 x ? x 0 ? 0 ? ? 0 ? x x x x x x x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.ASC
  • Agent.ASE
  • Agent.AVA
  • Agent.AVBN
  • Agent.DFSM
Show More
  • Agent.GDSGA
  • Agent.IFRA
  • Agent.JOB
  • Agent.KFL
  • Agent.KFN
  • Agent.KFSF
  • Agent.KFSO
  • Agent.KPU
  • Agent.PSA
  • Agent.XRD
  • Agent.XSDA
  • Agent.XVI
  • BadIIS.GA
  • BadIIS.I
  • Dropper.Agent.GD
  • Filecoder.FR
  • GameHack.SD
  • KillAV.GA
  • Kryptik.GSF
  • Kryptik.KPE
  • Kryptik.KPO
  • LockScreen.RB
  • Nekark.L
  • Shellcode.AW
  • ShellcodeRunner.DK
  • ShellcodeRunner.KF
  • Trojan.Agent.Gen.ABM
  • Trojan.Agent.Gen.ADG
  • Trojan.Agent.Gen.AEF
  • Trojan.Agent.Gen.AFU
  • Trojan.Agent.Gen.BDG
  • Trojan.Agent.Gen.DZ
  • Trojan.Agent.Gen.EL
  • Trojan.Agent.Gen.GQ
  • Trojan.Agent.Gen.HO
  • Trojan.Agent.Gen.IG
  • Trojan.Agent.Gen.WA
  • Trojan.Kryptik.Gen.AVE
  • Trojan.Kryptik.Gen.DQV
  • Trojan.Kryptik.Gen.DQY
  • Zenloader.A

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe વ걙⛬ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiComputeXformCoefficients
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW

85 additional items are not displayed above.

Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c cls

Trending

Most Viewed

Loading...