Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.M

Trojan.Agent.M

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,817
Threat Level: 80 % (High)
Infected Computers: 1,821
First Seen: July 24, 2009
Last Seen: March 6, 2026
OS(es) Affected: Windows

Aliases

10 security vendors flagged this file as malicious.

Antivirus Vendor Detection
TrendMicro PAK_Generic.001
Panda Generic Malware
McAfee-GW-Edition Riskware.Agent.EZ
K7AntiVirus Trojan.Win32.Malware.1
Ikarus Virus.Win32.Agent.YIC
eSafe Suspicious File
CAT-QuickHeal Trojan.Agent.irc
Avast Win32:Agent-YIC
AntiVir SPR/Agent.EZ
a-squared Virus.Win32.Agent.YIC!IK

Analysis Report

General information

Family Name: Trojan.Agent.M
Signature status: No Signature

Known Samples

MD5: 6d2f61b2fcca7ad49edb4dd4c150623e
SHA1: fff3961aff2ea64dd0f273051523abe6d42948ef
File Size: 22.53 KB, 22528 bytes
MD5: 03a8f69611d83066c6efe22b9043ec1f
SHA1: 3030c0e7f5aa0bce665f2de062559b30dd64717b
File Size: 5.97 MB, 5973096 bytes
MD5: d5aaaee651aa52c6d6b5527787817f9b
SHA1: bf7024e552756ff2645a0f5740640650db13ac8a
SHA256: 83B0C95EE4A387A34B17343282A79C9BD2BD7B88EA14A11F0B96186BB5043605
File Size: 20.99 KB, 20992 bytes
MD5: e237f8915909633fabdc200e9a278603
SHA1: 61837785f4bd118b7f39d0075beaf03ec6dded94
SHA256: 8BB024CBC9AB6E7615FC99F8F5FF94FF29C00C88F1BD8ABED92FDBBB2AD1DEC3
File Size: 8.52 MB, 8517632 bytes
MD5: 0f283bbd13e49de44dac713c374986fd
SHA1: 893da38584f3502b979aa0306a469b854098a4f6
SHA256: 63C111A6BBD84CEE51E25933B0E8266B4BB3392A7F4BB391E74CC5DC42457635
File Size: 21.50 KB, 21504 bytes
Show More
MD5: 0bd8f4c21714bb5891243960024af856
SHA1: a5dd8570c84a530d9c486b62fce680609f1c7bad
SHA256: 75FCDFC805AE4EBAA2D59B328E35A586056EC7B28621A43D4270FE4F5478D7FC
File Size: 20.99 KB, 20992 bytes
MD5: e8e9afc75b640bb86e41537006233de8
SHA1: 9dfe229887a2cd96458424526b4d679ac909f231
SHA256: 676987B7781938A0F91BFF613C7926DDA490833A3894AA713E970D380EE0280F
File Size: 22.53 KB, 22528 bytes
MD5: 0251cd642b48780cfab8531d1f306146
SHA1: d0b7d90ab9cdc1701ece21fd8e04fe0a9bad7cbc
SHA256: E7D1159D5157523CD21DFAE1F90461FEA6F8C7A24E889AA291B9D14E044BD375
File Size: 33.82 KB, 33824 bytes
MD5: fb872547f494bc20af01e9eadeb04516
SHA1: 48bfa2996267a3c69f0c059626af0185aabd54c0
SHA256: F36857D23FB8C84A37B12820C964C24D5882425637C4DE129E22D01249191322
File Size: 3.51 MB, 3505504 bytes
MD5: 03cfd9894b1dc8f8bf4ee9250679189d
SHA1: 5da364b9cf44701b7f65d9dc37cb0fab2d818382
SHA256: DFE8F1933D0993F7CF48A7C8343BF2B6EF24ADE66DF1267AA953725FB4ADAFCB
File Size: 246.08 KB, 246080 bytes
MD5: a668e44cf9c21418781b8bb36fd56a24
SHA1: bbeb9801763ce11b04a3912713671c7d2cf20c02
SHA256: 70F9597FE726F00A69383919F1D86C30001195D0C655640F94CBA9729E20C0AB
File Size: 21.50 KB, 21504 bytes
MD5: e1cb0cb58d331d93418b12af5763eab1
SHA1: d13ea12f26cbdc4888496cad4f18c36d35b6231f
SHA256: 1E947AC5AC3D19FF02354445C331931D8FB53C07ACA6FBD655B6FDBD8BDA25E3
File Size: 369.15 KB, 369152 bytes
MD5: 61af1f48854c4509b1874615cb5cd8f3
SHA1: 8b1565d24bad916c7309fb3423c420834f531d46
SHA256: 5570121E0743B754FA8E99B368FC3974E208E27C1971569B95058A74ACC35275
File Size: 1.21 MB, 1211392 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with InstallAware: http://www.installaware.com
Company Name
  • Advanced Micro Devices, Inc.
  • Sogou.com
  • Zebra Technologies
File Description
  • AMD Chipset Software
  • Zebra Setup Utilities Installation
  • 看图
File Version
  • 2024,10,26,40
  • 2.0.0.0
  • 1.1.9.1048
Internal Name
  • AMD Chipset Software
  • shell_ext_sdk
Legal Copyright
  • © 2012 ZIH Corp. All rights reserved.
  • ©2021 Advanced Micro Devices, Inc.
  • © 2024 Sogou.com Inc.All rights reserved.
Original Filename
  • Setup.exe
  • shell_ext_sdk.dll
Product Name
  • AMD Chipset Software
  • 看图
Product Version
  • 2.0.0.0
  • 1,0,0,40

Digital Signatures

Signer Root Status
Jernej Simončič COMODO RSA Code Signing CA Hash Mismatch
Jernej Simončič UTN-USERFirst-Object Hash Mismatch
Zebra Technologies VeriSign Class 3 Public Primary Certification Authority - G5 Hash Mismatch

File Traits

  • 2+ executable sections
  • big overlay
  • HighEntropy
  • Installer Version
  • No Version Info
  • x86

Block Information

Total Blocks: 525
Potentially Malicious Blocks: 10
Whitelisted Blocks: 402
Unknown Blocks: 113

Visual Map

? 0 0 ? ? 0 ? ? 0 ? 0 ? ? 0 0 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 ? ? ? 0 0 ? ? 0 0 0 ? 0 0 ? ? ? 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 1 0 0 x 0 x x x 0 x x x x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\ksgsdk\log\ksdkhelper.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\windrx.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute

Shell Command Execution

open

Related Posts

Trending

Most Viewed

Loading...