Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.OFSP

Trojan.Agent.OFSP

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,444
Threat Level: 80 % (High)
Infected Computers: 45
First Seen: October 7, 2025
Last Seen: June 3, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.OFSP
Signature status: No Signature

Known Samples

MD5: e6ec400271c7f8676a90d9d253b94082
SHA1: bfe1abe961998a0924e625528bfd3559d6ffc357
SHA256: 0A2B7272C7A44927B0BDDB9A0E86EFB86711056A4554A7995B8A66B3A4760050
File Size: 45.06 KB, 45056 bytes
MD5: c0b9e3b0ecbb79fa5e5c5bc10e079e8e
SHA1: 4c53b21396b2027eaa4176ebe248b2435bb0e1b3
SHA256: 03979F1999A0CA5C6EA68FDC6674471755D8CB2C3171B020D0447B8369A40C0D
File Size: 45.06 KB, 45056 bytes
MD5: 113fa7277bfa79f75a0432c86170fe9d
SHA1: 3ab93ea99d0aa81e2a474feac40956e297236606
SHA256: 83E964956E25A81FD36DC6DB682ECA89F503A36EFB91CE242B2A2B8DD29011DA
File Size: 53.25 KB, 53248 bytes
MD5: 9422d5a3fee584ad66e7d447bf6a989b
SHA1: 1264b0ba62b9fa8e974fd0d9a818f42c97895174
SHA256: D20E0281F0447CCDF4FE1BCA168E3FD80E80718916A7B6DEEE1F5413D117A678
File Size: 53.25 KB, 53248 bytes
MD5: f22f760950a9fcfa73f99458bc2d8990
SHA1: 7c097570523a5372851f39fe2a84df776ec3b1f9
SHA256: B549A589CDC8E1C5371DDB521B3A27B39C4859EB209BA322E38D3C0DD3C756AE
File Size: 53.25 KB, 53248 bytes
Show More
MD5: cc7091849802382f27e274d3c304dae4
SHA1: c48f5595c4ee5d56efed224ad84877d2360adb66
SHA256: AE89FA39CCDC450E8615CF6D4604C08BDC33F24289D56FF3592D941B15FDCD50
File Size: 48.64 KB, 48640 bytes
MD5: 5bc549f1dcceb735503c519cf2769b5a
SHA1: 11c09b66084d7e14a1384ddec054ce209accd848
SHA256: 5F40ECD0E4C27E9C2F472076D3C5359AFEF8DE639612230F41947051FDED1CF2
File Size: 53.25 KB, 53248 bytes
MD5: 5c5ced5cc2d6bb90096b2d63f27d6197
SHA1: b103b2a13a65c86dceecae5b20a6cfeaa3aac13f
SHA256: FEE0FD2F8575C5BC1040CA8693987E9F9FFC052751F258DE397D5E8545CAA12B
File Size: 53.25 KB, 53248 bytes
MD5: b6034d2ef638a5901958f43e213dda5a
SHA1: 0736302eca8195d420a538968d58e1ffef9ff670
SHA256: 09461F73A90DE8B7CF195F564513714859A85D0BF9890E9ECEA31655456EC37C
File Size: 53.25 KB, 53248 bytes
MD5: 4219ddd076f0b758596dd737ae8ab775
SHA1: ade77ce735edb86bf03b1c9c7d83b9afb449422c
SHA256: 577F44BDF75E091BD7AF261C806991577D36EB990BF6D75444BD1F11311E00C9
File Size: 53.25 KB, 53248 bytes
MD5: 52a2e9fec605971dbcfd37ed7f5f0139
SHA1: 0d1d9d766d4620f41ffc0dd1895bb594c91e8c29
SHA256: 7DD17579BFF2882989EBC51E34FADF628E01D54C87D6E992E63CBE505502C9B0
File Size: 53.25 KB, 53248 bytes
MD5: b323b7209b34cc57d43e156f24c7c4bc
SHA1: 786523f3240cb1a93511dffe8f30839b8ef3b9fa
SHA256: 94529B6F2B2B21D39142FE76714E8BF9EAD172F8F191CA69F59CA9DE643439EE
File Size: 53.25 KB, 53248 bytes
MD5: f85ab95c4dc4b6079f163e4c85df6eff
SHA1: c235c651aadb0ac5ed5b2a1b430b44e6c951a202
SHA256: BA6ED3F425256B24FB852C4AF564ED43C8CA97DD3F81F09DC9C52F4B687D5ED6
File Size: 53.25 KB, 53248 bytes
MD5: 2cc47a83c38c14aa5d2db472c187ddb5
SHA1: 3edc273ae815304599aa629551b3abd4fd764c8a
SHA256: 1D8B0B5D944311F1E3A6C3F62831964782F5FA9539CD839BFE46D2600010D52F
File Size: 53.25 KB, 53248 bytes
MD5: 304e6a25cd77ed9afe3e7eb9c806fbcc
SHA1: 763bd89b11369b8c5458ff7a464d4b18cbc95369
SHA256: F503C712F8FB1663B27E6CB5C73AC5F39E5ECEAAE2759861C537D403ED7AAC63
File Size: 53.25 KB, 53248 bytes
MD5: a6ddfbafc62950ee0ad6350623a488a5
SHA1: 22d78ecfcdaa30020e65e5ac4340fca2ddc7f567
SHA256: DCF68E6D98A43E2314EB244DB7B258C804EA69CA331959886283948D63478B69
File Size: 53.25 KB, 53248 bytes
MD5: 5c36dd41f9384fb18d870220d0ddc54f
SHA1: 7d0e5b1623e705530e8688f0c05b95fe340b70f1
SHA256: 23DF0267359C51A104A855C154727E06F42D46D59C90F53E57C24AA12C629081
File Size: 53.25 KB, 53248 bytes
MD5: 6ee159d0b476f697ad400435a4f6e53e
SHA1: 822bbc1747bb9203b5d89d60d791b61da7104a4d
SHA256: EFC30514355499445AFC4757ED5631C9E0A089EC723519D27998DD09EABAF19A
File Size: 53.25 KB, 53248 bytes
MD5: b70a498c0e7e2eb9b54c76ec1b903dd3
SHA1: d2ba636cdbcf56329d856ba2691f4cf5196259b9
SHA256: 07003C1E31A315CA113C5D10A25DBD8318D1515986684908AF01F2AF936434EC
File Size: 53.25 KB, 53248 bytes
MD5: fe3efc3da5d3d7707b3ad48bf28a31c7
SHA1: cdd190723fb5d55de87216d83022f2b245758e57
SHA256: AAF06E134BEFA03B4F89B9E33EC8057EB652CBAD5589F0847CF699CF22E88DAA
File Size: 53.25 KB, 53248 bytes
MD5: 231d315fcfd018bdbd76ad3365f678a1
SHA1: 4d434c1d14354462cbd1cc30f1724aa730d4e61b
SHA256: 61BEDC8A437316D8CFD04A213536C13470108546458940A1F1A6CC51AB720988
File Size: 53.25 KB, 53248 bytes
MD5: 9a208db776455213a21277ebef6e2509
SHA1: faad07c4dd1945fad68718df4fde458c1303d100
SHA256: 4F60FCEDA1EC9845CACA2166CF26DF4B95256A8AF99747C914653FC6A20A9F6D
File Size: 53.25 KB, 53248 bytes
MD5: 5fd99dd282a24627534c1a22d4934551
SHA1: d294012be07430d2003698294c088057cdc75ea7
SHA256: 88C122487EDCC8EB6E17FC7EAE871DF01C2178B00428F0A00E2E73DBAB36B690
File Size: 53.25 KB, 53248 bytes
MD5: 3147d4917ccbc4ddfe005ea69e7a5f47
SHA1: cde8e3d9e28ebb731c84f37188fda57de8a51f69
SHA256: 2771743A7A25B31CF9DEF05A5EE728613E3BE511631BAE907B775AE88187ACC0
File Size: 60.93 KB, 60928 bytes
MD5: 433657d965d3e872f8c4159db70c9a97
SHA1: 4fc9de40f7d46f2d2b317b3742dd0175ee7333ee
SHA256: 57E2734D32D7D49A589155BDDC6B7B20BD878558E11E3E0205947C485875F80D
File Size: 60.93 KB, 60928 bytes
MD5: 50fd6ff0a81349f85d06117636b5cbb7
SHA1: 03d1483cdb58fa4cbb2049e1bdcfb5aae711223b
SHA256: A40AF0894F6DE8938CE6845725F3A7A6D6339688AD64772BDA2A5C57149BD1BE
File Size: 60.93 KB, 60928 bytes
MD5: 81cb8c93021e3cc1105664b871721b62
SHA1: 99276e7befe7670ae78498871e17a8bdcad677f8
SHA256: 993D8A445AB906F99D63E81D19542A1AF694D9591FD0CCD657B4561081F77200
File Size: 60.93 KB, 60928 bytes
MD5: 9a31d6150f446dc13b94fdb649e8227e
SHA1: 671b5ed2709b69cb7a69e5e8c2d0823694e32814
SHA256: 896D27AC2579561179EE6AB43023526372755011F121282DACFE0AE8AA90BA47
File Size: 60.93 KB, 60928 bytes
MD5: 025dbc9b056a2f9a111ea0aa4414b6ab
SHA1: c452453717d3f28b9c8bc19dea5b156d092a41ee
SHA256: C852F3DAEE37CD218B4F74BD8F732450543774A5303ACEC8AA27295CE352ACF0
File Size: 60.93 KB, 60928 bytes
MD5: 73dc0a903b1502c77570f921f974d753
SHA1: 1a968627a009c096410c24db6a1a9a07090b9d40
SHA256: A8A7FA8B6C5564A915745D466415FEA653B39293B356C6EA69812FAA4E1D75D8
File Size: 60.93 KB, 60928 bytes
MD5: dc70dd5ada608a49cbd9fa0fa2381b82
SHA1: a724f35c422e77aece26980f8e411c191d08d3cc
SHA256: D2797D9AAB9ED671B07CC4BDA0CCF3D5837AECE3BCD38B2BE42D6B84607041A1
File Size: 56.83 KB, 56832 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • dll
  • x64

Block Information

Total Blocks: 116
Potentially Malicious Blocks: 9
Whitelisted Blocks: 107
Unknown Blocks: 0

Visual Map

0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Trojan.Agent.Gen.CDC

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateToken
Show More
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...