Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.ME

Trojan.Agent.ME

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 14,229
Threat Level: 80 % (High)
Infected Computers: 4,216
First Seen: April 23, 2021
Last Seen: January 7, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.ME
Signature status: No Signature

Known Samples

MD5: 453aa1964df6e11797829aa415a030c3
SHA1: b88bc3da2fa57dfd82d2be100a40506076a821ae
SHA256: 1C67DFC6EDC578FDFFD14C5986ACBD61527F4AA907D233ACC4B3D677C73A68F2
File Size: 88.18 KB, 88179 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • Installer Manifest
  • nosig nsis
  • No Version Info
  • Nullsoft Installer
  • x86

Block Information

Total Blocks: 110
Potentially Malicious Blocks: 24
Whitelisted Blocks: 86
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 x 0 x x x x x 0 x 0 0 x 0 x 0 x x x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 1 1 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.ME

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bindquest.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mastercfg.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miniinpaint_sdcn.70747.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa861.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa861.tmp\killer.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa861.tmp\nsiscrypt.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa861.tmp\nsisdl.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • ReadProcessMemory
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Network Winsock
  • closesocket
  • gethostbyname
  • inet_addr
  • socket
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...