Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.OFTA

Trojan.Agent.OFTA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 8,852
Threat Level: 80 % (High)
Infected Computers: 22
First Seen: June 10, 2025
Last Seen: May 30, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.OFTA
Signature status: No Signature

Known Samples

MD5: b42e61e1820a61b54b7e6a1f093d58c3
SHA1: f9ab74cc863ee14700eb8dc72b649cd11a63643b
SHA256: 830FCD9AB704F80E5FC20AFD11EDE3E54FC35EDFF0198046743C610E36DF4878
File Size: 7.21 MB, 7209984 bytes
MD5: 4014ac743fc7240e1728ca0fae399cf7
SHA1: dc8fd2f800f1f5eaa6aa25feec3fff33d453cb41
SHA256: D87929DDF11318A5045C75E78A6CF98B1FE22BA97726DA374830E95C3F63A7F5
File Size: 4.63 MB, 4627968 bytes
MD5: bcac8af21d7f08b8dcfdef14207b1d0b
SHA1: dddf4c8d3bc62f8cb8e9d26619bf27a8ebc8a7c9
SHA256: 0C116F4582980F6D5CDBF44029C0B67F367C6CB2210FC8EE2503890974D6F27A
File Size: 2.75 MB, 2749952 bytes
MD5: a3319728ca3dee545c772335e021f198
SHA1: ac760eec4eb502558de417b2b6ecde2049ebdd45
SHA256: D090F7B0C55B86127766FD9CE15D9C66D37FBAEF0F797D6A4CB237BDE09EB87E
File Size: 8.86 MB, 8855040 bytes
MD5: 08dcab2627a7ccfa7f3f5ace41653bce
SHA1: f1f19274d9ee0eba87c2c65a423d6f99c0058217
SHA256: 70F1116273A358D102D4B4FDAC97944A03FBF48C94E12E5E0A9D240F8466F334
File Size: 9.88 MB, 9882112 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • H1-Mod
  • Thorin Corporation
File Description
  • H1-Mod
  • Patcher
File Version
  • 2.0.2.1254
  • 1.0.0.0
Info https://auroramod.dev
Internal Name
  • H1-Mod
  • Patcher
Legal Copyright Copyright © 2024 Aurora. All rights reserved.
Licence GPLv3
Original Filename
  • h1-mod.exe
  • Patcher.exe
Product Name
  • h1-mod
  • Patcher
Product Version
  • 2.0.2
  • 1.0.0.0

File Traits

  • 2+ executable sections
  • fptable
  • GetConsoleWindow
  • HighEntropy
  • No Version Info
  • ntdll
  • packed
  • x64

Block Information

Total Blocks: 14,560
Potentially Malicious Blocks: 102
Whitelisted Blocks: 8,851
Unknown Blocks: 5,607

Visual Map

? 0 0 0 ? ? 0 ? 0 ? 0 ? 0 ? ? ? 0 0 0 ? 0 0 ? 0 ? ? 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? ? ? 0 0 ? 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 ? ? 0 0 ? ? 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 ? 0 0 ? 0 0 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 0 ? ? 0 ? ? ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 1 ? ? ? 0 ? ? ? 0 x ? 0 ? 0 0 ? 0 ? 0 0 0 ? ? x 0 ? ? 0 0 ? ? 0 0 ? 0 ? 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 0 1 ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 ? 0 ? 0 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? 0 ? 0 0 0 ? ? 0 ? ? 0 ? 0 0 ? 0 0 ? 0 ? 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 0 0 0 ? ? 0 0 ? 0 ? ? 0 ? x 0 0 0 0 ? 0 ? 0 ? 0 0 0 ? ? 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 1 0 ? 0 ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 ? 0 ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? x 0 0 ? 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? x 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 1 0 ? ? 0 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 1 0 0 0 0 ? 0 1 0 0 0 0 0 ? 0 1 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? 0 0 0 ? 0 x 0 ? ? 0 ? 0 ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? 0 0 0 ? ? ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? 0 ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? x x 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 ? ? ? ? 0 ? 0 0 0 ? ? 0 ? 0 1 ? ? 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? 0 ? 0 ? 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? 0 ? ? 0 0 ? 0 ? 0 0 ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? 0 ? 0 ? 0 0 ? 0 0 ? ? 0 0 ? 0 ? 0 ? 0 0 0 ? 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? 0 0 ? ? ? ? 0 0 0 ? 0 ? 0 ? 0 ? ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 x ? 0 x 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 0 0 0 ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? ? 0 0 ? ? 0 ? ? ? 0 0 0 x 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? 0 ? ? 0 x ? 0 ? ? 0 ? 0 ? ? 0 0 0 0 x 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 0 0 0 ? ? ? ? ? 0 ? 0 ? ? ? 0 ? ? 0 ? ? 0 0 ? ? 0 0 0 ? 0 ? ? ? ? ? ? 0 0 ? 0 0 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 ? ? 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.OFTA
  • Gamehack.UDB

Files Modified

File Attributes
c:\users\user\downloads\serverconfig.toml Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䖔屑ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\image file execution options\f1f19274d9ee0eba87c2c65a423d6f99c0058217_0009882112::maxloaderthreads  RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_browser_emulation::f1f19274d9ee0eba87c2c65a423d6f99c0058217_0009882112 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_gpu_rendering::f1f19274d9ee0eba87c2c65a423d6f99c0058217_0009882112  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiOpenDCW
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserEnumDisplayMonitors
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetClassName
  • win32u.dll!NtUserGetDpiForMonitor
  • win32u.dll!NtUserGetHDevName
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserMessageCall
  • win32u.dll!NtUserRegisterWindowMessage
  • win32u.dll!NtUserRemoveProp
  • win32u.dll!NtUserSetWindowFNID
  • win32u.dll!NtUserSetWindowLongPtr
  • win32u.dll!NtUserUnhookWindowsHookEx
  • win32u.dll!NtUserUnregisterClass
Other Suspicious
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • WriteConsole
Network Winsock2
  • WSAStartup

Shell Command Execution

WriteConsole: Unhandled standa

Trending

Most Viewed

Loading...