Trojan.Agent.KFO

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.KFO
Signature status:	No Signature

Known Samples

MD5: bdf80f82c6e4a00d35f24c68ab26f263

SHA1: a7728b832b13c2347006eb5f78048a07faecc334

SHA256: 3DC86D68EF70314FD915DC4F1F6C935FD6AE3117202B2F05E65AD63D1BF8BA51

File Size: 1.21 MB, 1207808 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File has TLS information
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
File Description	Discord Rich Presence Integration component for foobar2000
File Version	2.0.2
Internal Name	foo_discord_rich.dll
Legal Copyright	Copyright (C) 2018-2020 Yuri Shutenko
Original Filename	foo_discord_rich.dll
Product Name	Discord Rich Presence Integration
Product Version	2.0.2

File Traits

Block Information

Total Blocks:	3,952
Potentially Malicious Blocks:	25
Whitelisted Blocks:	3,572
Unknown Blocks:	355

Visual Map

0 ? ? 0 ? 0 ? ? ? ? 1 ? 0 0 ? 0 ? ? ? ? ? 0 0 ? 0 0 0 ? ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 x ? 0 0 ? 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 x ? ? 0 0 ? 0 ? 1 0 ? 0 0 ? 0 x 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 x 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 1 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 1 0 ? ? ? 0 0 0 0 x 0 0 ? 0 0 0 0 1 0 0 0 0 1 0 ? 1 ? 0 ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? x 0 x 0 0 1 0 0 1 0 0 0 0 0 0 0 x 0 0 ? 1 ? 0 0 ? ? ? ? 0 0 ? 0 ? ? ? 0 0 0 ? 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 x 0 0 0 0 x 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 0 ? 0 ? ? ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 ? 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? 0 ? 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? 0 0 0 0 1 0 0 ? 0 ? 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? 0 0 0 ? ? 0 0 ? ? 0 0 1 ? ? ? 0 0 0 0 0 0 0 0 0 ? ? ? 1 0 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 1 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 ? 0 ? ? ? 0 ? 0 ? 0 0 ? ? 0 ? ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.KFO

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Submit Comment

Trending

Fake "SunPerp" Website

Virus.Bamital.V

Reloadsusa.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen