Trojan.Agent.OIEA
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.OIEA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
239dbd269dc94daa158e6be872f65d56
SHA1:
9ea65d4aa6d9a354b8eb353c0eac436c49844906
SHA256:
ED4FE8BD5EC40B6928B475BB4AFE6552777004CCEE7EE2CE00C39225FE2ED2C7
File Size:
485.89 KB, 485888 bytes
|
|
MD5:
28d8db4cf44a2769e5725bfb1af209a6
SHA1:
de69f7c07c43ae78bd23c0db24c8b19eed2478c4
SHA256:
AC7BB272331A9250C458C7EAE9DAC1E555948DEC6D2CF97698A7A591823D9EDE
File Size:
524.29 KB, 524288 bytes
|
|
MD5:
e7c41a9a8609ec55a215a99e67dc6874
SHA1:
0568f1a421bda036613ce330138ff079da57d8e2
SHA256:
7C0242532DDC10D71EBEF77494A394DF9052AE6AD9F79FE867B4838EEC78D068
File Size:
523.78 KB, 523776 bytes
|
|
MD5:
0357696467efdc60edebcea23a44ce8e
SHA1:
e3f5b95a0e9532758eba41ca0cc4e3c2f64bfac9
SHA256:
6736546F20F2F6B0773BEB775CDE82537635B3CC9411324B3E10A624C2EE0D56
File Size:
523.78 KB, 523776 bytes
|
|
MD5:
acc6e39a5f0e4220a07fbe5de8f84b68
SHA1:
4af860d9317b305fced2816499edc0b2ab06db90
SHA256:
414190035BBF5D5900F9619DC78B748B229B2E1A200D583C40CBDC86DE9A69F1
File Size:
569.34 KB, 569344 bytes
|
Show More
|
MD5:
b48a9010671a5f853c62f4372bfc09dc
SHA1:
12343a2a2d3208b6707127cb3d7b5c4bd6bdcf4a
SHA256:
636E4FE69500B15F2BE2BB7D5F9FBAA31E9908B07EADE08481D288009FE76F1A
File Size:
486.40 KB, 486400 bytes
|
|
MD5:
3bc3b746a887012fc7444ba707ee8de2
SHA1:
a20aa9251746b25a69d460e1a0eea14ce80bfc81
SHA256:
D9DD415D4BAA5EBE67E72E99D93A6EAFA7F0B69FEE1E31F787154C2DEE3A8BF7
File Size:
576.00 KB, 576000 bytes
|
|
MD5:
93c1b9ef12b90abfbf1dac1bd6b7e3c5
SHA1:
f3aebce7524b411fc51e21979afa36410c1ed5ef
SHA256:
C94DD184F44152D482EE19EA77F4DE1A946E666B51A780953DAB7A4600DE055D
File Size:
524.29 KB, 524288 bytes
|
|
MD5:
20d5f848cf6cf3f5ed7227104ee1299d
SHA1:
321c601b3cb48d6c650c63be9fcf1a836941b895
SHA256:
5DCE287C1F5DA2950A228238E1B3D5ACDE36B6CD55BE88B95590904E0A62F6A3
File Size:
485.89 KB, 485888 bytes
|
|
MD5:
82428cdbeb320e036396edb35e6b7b49
SHA1:
c94cf3265e79bdb9b5fc37b402f1f3999f4bf9b6
SHA256:
1790E2FDE168C9136B6B94DE6F77A14B831621501F6E5B9C1178B0E812744D05
File Size:
568.32 KB, 568320 bytes
|
|
MD5:
8e765a2610d751386314288cf5e1edd5
SHA1:
251a19d8691dcd770e476cf2f64f277af400d03c
SHA256:
70F9CBA38C5842E7D6D22DE36E7D1FC38F6CD3256D26E2AA96D46BEDB6A162C2
File Size:
486.40 KB, 486400 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- HighEntropy
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 359 |
|---|---|
| Potentially Malicious Blocks: | 93 |
| Whitelisted Blocks: | 158 |
| Unknown Blocks: | 108 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
x
0
0
x
x
0
x
x
0
x
0
x
0
x
0
x
0
x
0
x
x
x
x
x
x
0
0
0
x
x
x
0
x
x
0
x
x
0
x
x
x
0
x
x
x
0
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
0
0
x
0
x
x
0
0
x
x
0
x
0
0
x
x
x
0
0
x
0
x
x
x
x
0
x
x
0
x
0
0
x
0
x
x
0
0
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
0
x
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
?
0
x
x
x
x
x
0
0
x
x
0
x
x
x
0
0
x
0
x
x
0
0
x
x
x
0
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.OIEA
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
