Trojan.Agent.KGFA

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.KGFA
Signature status:	No Signature

Known Samples

MD5: 286d6f70404d743e412c93f093cdc6fd

SHA1: e837af78b9be11cac1d51d18155b882205bd383b

SHA256: F852B732E895AD567AE8852D11ED4E1652DAE9B242E91F71CB4F65ED02F724BA

File Size: 735.23 KB, 735232 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Gunther Gerben Boxhammer
File Description	Superstar Racing Installer
File Version	2.0.0.0
Internal Name	SSR
Legal Copyright	Copyright (C) 2018- Gunther-Gerben Boxhammer
Original Filename	Superstar Racing.exe
Product Name	Superstar Racing
Product Version	2.0.0.0

File Traits

HighEntropy
Installer Version
x86

Block Information

Total Blocks:	2,501
Potentially Malicious Blocks:	815
Whitelisted Blocks:	1,686
Unknown Blocks:	0

Visual Map

x x x x x x x x x x 0 x x x x x 0 0 x 0 0 x 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 x 0 0 x x 0 0 0 0 0 0 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 x x 0 0 x x x 0 0 x x x 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 x x x x 0 x 0 x 0 x x x x 0 x 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 x 0 x x 0 x 0 x x 0 x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 x 0 x x x x 0 x x x x 0 0 x 0 x x x 0 0 x 0 x 0 0 0 x 0 0 x x x x 0 0 x x x x x x x x x x x x x 0 x x 0 0 x 0 x x 0 x x x x x x x x x x 0 0 0 x x 0 x x x 0 0 0 x x x x x x x x x x x 0 0 x 0 0 x 0 0 x x 0 0 x x 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x x 0 0 x x 0 0 0 x x x x x 0 0 x x x x x x x x x 0 0 0 x x x x 0 x 0 x 0 x 0 x x x x x x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x 0 x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x x x x x x x 0 x x 0 0 x x x 0 x x 0 0 x x x x 0 x x x x x x x x 0 x x x x x x x x 0 0 0 0 0 0 x x 0 0 0 0 x x x x x x x x x x 0 0 0 x 0 0 0 0 0 x x x x x x x x x x x x x x x x x x 0 x x x 0 0 0 0 0 0 0 x 0 x 0 x x 0 0 x x x x x x 0 x x x x x 0 x x 0 x x 0 0 x x x x 0 x x x x x 0 x x x x x x x x x x x x x 0 x x x x x x 0 x x x x x x x 0 x x x 0 x x x x x 0 0 x x x x x x 0 x x x x x x x x x 0 x 0 x x x x x x x x x x x x x 0 x 0 0 x x x x x 0 x x 0 x 0 0 0 0 x 0 x x 0 x x 0 0 0 0 0 x x x x x 0 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 x 0 x x 0 x x x x 0 0 x x 0 x x x x x x x x x x x x 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x 0 0 x x x x 0 x x x x x x 0 x x x x x x x 0 0 x x x x x x 0 x x x x x x 0 x x 0 x x 0 0 0 0 0 x x x 0 x 0 x x x x x x x x x x x x x 0 0 x x x x x x x x x x 0 x x x x 0 x x x x x x 0 x x x x x x x x x x x x x x 0 x x 0 0 0 x 0 0 0 x x 0 0 x x x x x x 0 x x x x x x x x 0 x x x 0 x x x x x 0 x 0 0 0 x x 0 x x x x x x x x x 0 x x x x x x x x x x x x x 0 x x x x x x x x 0 x 0 0 x x x 0 0 0 0 x x 0 x x x 0 x 0 x 0 x x x x x x x x 0 x x x 0 x 0 x x x x x x 0 x x x x 0 x x 0 x x x x x 0 x x x 0 0 x 0 x x x x 0 x x x x x 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 x x 0 x x x x x x x 0 x x x 0 x x x x x x x x x x x x 0 x x 0 x 0 0 0 0 0 0 0 x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x x x x x x x x x x x 0 0 x x 0 x x x x x x x x x x x x 0 x x x x x x x 0 x 0 x x x x x x x x x x x x x x x 0 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x 0 0 x 0 0 0 x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 3 1 1 1 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 2 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\downloads\installer.txt	Generic Write,Read Attributes

Windows API Usage

Category	API
Process Shell Execute	CreateProcess

Shell Command Execution


							Superstar Racing.exe (NULL)

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.KGFA

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Mutcitic.co.in

Denetight.com

Virus.Bamital.V

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen