Threat Database Trojans Trojan.Agent.MAA

Trojan.Agent.MAA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,266
Threat Level: 80 % (High)
Infected Computers: 862
First Seen: January 16, 2013
Last Seen: April 22, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.MAA
Signature status: No Signature

Known Samples

MD5: 98ea958b2e9d2e8000a27dc5c04932af
SHA1: b1023d1f3a96a44672a4d61463f4e9e55f4eacf6
SHA256: 8A8AE6873BC493E273EAA4603F67948B41EF95D02118982B1AF8B6DA50B5BD55
File Size: 7.12 MB, 7122944 bytes
MD5: 4483742fe5d4508d741d2b705f0a611c
SHA1: 3de27c2383ccadaebc33056512a0f0fc07c27e5d
SHA256: 354044504AA787732A63659A6365B45C273D3ADB51201267862DD3277AAE9DCC
File Size: 7.14 MB, 7139328 bytes
MD5: 24d8f94b19ae91d4ad79397fc32766e1
SHA1: 5f843aefa13ef1e034710ab94b66c0974616851b
SHA256: E9491380D21F2D736AC9618420554864513177E89CC4C43BFF0ADBE942221154
File Size: 2.15 MB, 2153884 bytes
MD5: 30209c5a9c4235c7abbde39a8aee5c3e
SHA1: c038c7c25e2ab7fd3e3b1ae2267f980081052cce
SHA256: 60057704D1DDAC05B25952EE36DAF78D4D468051FE17D06C50AD63153E19C042
File Size: 7.15 MB, 7154688 bytes
MD5: 96c60d6d50f4f31aade5280618ecb81d
SHA1: 9ef6fae67a2570c0eaf9a023df86e5145a9e03c1
SHA256: 31907D094D3860B16A77D1F6D3B8713B86A4B92861DC096713EADAE54A1C075A
File Size: 7.12 MB, 7122944 bytes
Show More
MD5: 6246a02e9bdea8863b777363050f0272
SHA1: f8fabc364303f2b7b9ca06c39caa64919e6fdbcd
SHA256: DF0C2A37B0905AEAA7281D1276DDC5A0831A9B646696D264E48D4C1EEEF63A21
File Size: 7.29 MB, 7287296 bytes
MD5: d7dfe0282b4ad989d87453511993e9ea
SHA1: 4bea9136589bbccb72aa9debd529231cccdd0233
SHA256: D66919F54000BDEEEEE2A9F4DA69C38C36BA20FECA87F8E9BAC231E8DA384F6D
File Size: 7.12 MB, 7123456 bytes
MD5: 165de585cd5115461092326ef5e36ca8
SHA1: 5a8dccb4b2e1b366bfc8797e12d181a45921bfce
SHA256: 47A3B1DB93021A810A1542EC32D2F2AB6873203972AAF3BAFEADBC4A22048118
File Size: 7.15 MB, 7154688 bytes
MD5: b77aa49abf24cf5c09c1554e72ed0dfa
SHA1: 301c7a0c9dd4a5d27aded243fbb1eab81779e33d
SHA256: 38F61FC6C44E9A16C49010869C33190E9BDBDBC27841A35D5CFEE04168ADD679
File Size: 7.27 MB, 7265280 bytes
MD5: 5c89a9e0b16378ec2028b8bf602a4aed
SHA1: 02b7e93db38eb17f14be801c499d992c1c8a357d
SHA256: B294E4447A38F33778C762933A9296E509FEFE71A8C3AA8F7B682B535CD9C064
File Size: 7.15 MB, 7154688 bytes
MD5: 222b6f84a4c6ec6f5718bc2bdb6cb47e
SHA1: 72207e91f09508701fb20d4fb79ff2c78b37bbc2
SHA256: B392CEF870DDD8ED43ACD25F541334E3C67892EB80E027B6B3CFCD1D61B6E6EE
File Size: 7.14 MB, 7138816 bytes
MD5: e8bd24f9d8344cc5076cbbf35ccd05e2
SHA1: 7e7e489c0d7427434bb253f810d5c8fffd591a14
SHA256: C4982ECAD7EB1BF972AF5094711A9DFF0DC9A157757536412857637F4D9F2C66
File Size: 7.19 MB, 7186432 bytes
MD5: a527193003bc97e0cbabab0d4eae38b9
SHA1: b0b77d751d514433b0b0131026c3846886be366a
SHA256: A6332925AE4303B59FF257DC6D5785A12233BDEF345972ACC2D29503BE02117D
File Size: 7.22 MB, 7219200 bytes
MD5: bc1c07eac7948f62d4d053dc08316b73
SHA1: db04f228a95a9aa4e0652a5157f6490d51933fd2
SHA256: 949355B4DA7C52C17FD6ACAA428347EEB1F0F305C9F1A6EF8B979FD4DDEA4D1F
File Size: 7.19 MB, 7186432 bytes
MD5: ef17be8fad1328c9fc9fbafdf1747acb
SHA1: e235acae8dcf37845b918b60926ffa40d50212d8
SHA256: C240119C20752E1E818EA1250B48BA13932247D1DAF397B3450EE3819B9E5C61
File Size: 7.27 MB, 7265280 bytes
MD5: 1faa69e8e1698a147deedb6e6074397f
SHA1: cf4bf07ecfb92cf57b1f3de39a1d7537ab3ad745
SHA256: 3E9890C8712D3E0209BEFAF8984ACCCDBFCE96EECCAE1C7F7FBD94451B06A847
File Size: 7.11 MB, 7107072 bytes
MD5: 69ee0fcc87a41c810ce20991b64fd633
SHA1: 6adffa2e1b6b0c4e15b2c037ed42e1998bac86a2
SHA256: EB5DEE0B46DFD3E013A751479759CFB0D8DAE8B5CA3BB03422271A6A3A608908
File Size: 7.16 MB, 7160320 bytes
MD5: 4ee151ab6d101ee23d6305ef8211e58f
SHA1: 9c3e635ec52b425d3265f9a22c460b3cfb61d679
SHA256: 32352AC6A5DF09C5431E7B97B8EBEC66B1D79EF3851CF250EA0984CEA92E1E57
File Size: 7.12 MB, 7123456 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Microsoft
File Version 1.00
Internal Name Win
Original Filename Win.exe
Product Name Win
Product Version 1.00

File Traits

  • 2+ executable sections
  • CryptUnprotectData
  • No CryptProtectData
  • No Version Info
  • VirtualQueryEx
  • x86

Block Information

Total Blocks: 15,301
Potentially Malicious Blocks: 268
Whitelisted Blocks: 15,033
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\microsoft windows Synchronize,Write Attributes
c:\users\user\appdata\local\microsoft windows\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\default.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\microsoft windows\libeay32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\sqlite3.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\ssleay32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\taskwin.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\winprsv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::enableballoontips RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::kernel system "C:\Users\user\AppData\Local\Microsoft Windows\taskWin.exe" RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::enableballoontips RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::control network "C:\Users\user\AppData\Local\Microsoft Windows\winPrsv.exe" RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

open c:\users\user\downloads\default.exe

Trending

Most Viewed

Loading...