Trojan.Agent.LJ
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.LJ |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
fddc73e3831a09eef5442952a64e74fc
SHA1:
7a4bbb1c3d16e3067aae74262653c6688ac87a1d
SHA256:
02ED7BC6F0AD2D3E0065A474160B4685B0B2C3C702FB4DE51430383EC91261CD
File Size:
29.18 KB, 29184 bytes
|
|
MD5:
82754e70c0d6c3c261e1f25efb3b5dc5
SHA1:
2cdc0df504c031fb769316df2a31ad44fe885901
SHA256:
7C36D524577DF24310A5E1AB6A8D8B45510A38FE496C7FF524411E1D6AC0C91B
File Size:
130.56 KB, 130560 bytes
|
|
MD5:
ea94dca67fe41d68c57db455cc5510bc
SHA1:
43456f5c5f5a4137d0ac55b391e73c77029289c2
SHA256:
353E431CC8F6F3F5A84C9CBA542A899DF5597AE38CACBC762EB7427238425FFF
File Size:
29.18 KB, 29184 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- 2+ executable sections
- big overlay
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 45 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 44 |
| Unknown Blocks: | 0 |
Visual Map
x
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.LJ
- Agent.LS
- Agent.LT
- Sillydl.A
