Threat Database Trojans Trojan.Agent.OR

Trojan.Agent.OR

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.OR
Signature status: No Signature

Known Samples

MD5: 56746cb8a2d87c353d4244621170746a
SHA1: d484571c24e606ace1421d40a584e66d9607bbdf
SHA256: 8D5958720D650BC6D0E3533770D37EF91D53C66163E5149DC251ECFE57D4873C
File Size: 36.86 KB, 36864 bytes
MD5: 59d7b6c66aff4b4827b9d241b64e1dce
SHA1: 70f53c1291d1d1a739e5e8f8d5c3a9bec2737e9a
SHA256: AC98AEC25355BD40D22CC5930C5189E9A98C8E1D013DCE07A9AD81411EC15B2E
File Size: 20.99 KB, 20992 bytes
MD5: 20986973f143190e4798c4e316a9676b
SHA1: 653d0764c6dbc66ac917bf092fdef15f0e78e175
SHA256: BF33235079EDDFC3A0205912C08A1F7410434BFE613806B42887266DF0FB4736
File Size: 243.12 KB, 243115 bytes
MD5: 530f9fa7658fcb9f6de4d151d3b091ce
SHA1: 92795ea6e11420d2e5328e05f179d99ca0af3dfb
SHA256: 24F8163860D117F53CE79ECFDF44851C5820123157B8EE51E0C5EC5FC630FA38
File Size: 80.38 KB, 80384 bytes
MD5: aa550a71c8fa801255df2cf9f66635a4
SHA1: 309cd5f3dbed5d67181c1a99a266824a3b947059
SHA256: C9ED4CC70D75DDAD5273A7401745F24981066003ABBA11442B65932E76DFF898
File Size: 318.83 KB, 318834 bytes
Show More
MD5: 3a21f4d7039d68cc149729f6624734ca
SHA1: bf9046a31ef17fdff07dead531a7388d997eb589
SHA256: 49CD491EB4CC200AA0B145964758FF8539E7A321497912E6FFF6B540F689CCE2
File Size: 20.99 KB, 20992 bytes
MD5: 9757ef3c67f2a8b303bf7e855531b091
SHA1: 88570193c5f3a0470e4eeb76b20488cd038ef973
SHA256: 3B34E21D338149E8B58B444B618F81AEA9B2C60CD862D3D7809A674DEE192A4F
File Size: 28.16 KB, 28160 bytes
MD5: cd539547dc8acf5ae303ef200eddabbd
SHA1: 0772d814f568838827dbbaba691fbf8610d0adfc
SHA256: 4A3D1D7155EB9EB9E4E035369A565159019FF41AB8B51C720A800C6A72A20B05
File Size: 132.41 KB, 132415 bytes
MD5: 07151e00c06de3d90f9cf74554282002
SHA1: 0dd7edfad7157c555f7c063386e4fc898abf0752
SHA256: 3F050D87669ADBADC0B44F85742445A26BA731DE6C94BF9394B70456995C1C4E
File Size: 17.41 KB, 17408 bytes
MD5: 2bd41c7a940bd0720ae468028f9e3329
SHA1: 0b13850e46008f45fb27afa0a9ee597127cd39cf
SHA256: 65893AD2C2E138CBDC7FFDBE024199EC4F8069B7117C258F151D5FFA52297325
File Size: 1.42 MB, 1415295 bytes
MD5: fbd67ee05049919b925bd3f90a5e77be
SHA1: 46ff83bf7784f737132ab93171c954a5aff7a530
SHA256: 410B08F7AD9867117BC3BAE968BC07ACE8BDCF469D9A042C19E67E655863D0CB
File Size: 20.48 KB, 20480 bytes
MD5: 8a158f7d8f897978766c1fb886bef0a3
SHA1: e40447abc7753cd3f0f75dcf7de632c8214d17c1
SHA256: 37CF10A30D3AF5086F5B89AE41BD10191D233FF498AF0AE297F07B8C530E596E
File Size: 19.97 KB, 19968 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Developed by Desker ( Modify by Archeng )
  • Web : Http://web.interpuntonet.it/DVL/index.htm Email : dvr73@libero.it
Company Name
  • DVL & Inc.
  • Realtek Semiconductor Corp.
File Description
  • Calcolo TRAVE CONtinua
  • Driver Update for Windows x64 or x86_32
File Version
  • 2, 2, 0, 3
  • 1.00
  • 1.0.0.0
Internal Name
  • AlcUpd
  • TJprojMain
  • TRAVECON
Legal Copyright
  • Copyright (C) 2000-2005 Realtek Semiconductor Corp.
  • Copyright © 1999÷2002 by Luigi De Vivo
Legal Trademarks Tutti i diritti sono riservati, (TM) DVL & Inc.
Lingua Italiano (Standard)
Original Filename
  • AlcUpd.exe
  • TJprojMain.exe
  • Travecon.pp
Product Name
  • Calcolo Trave Continua con il metodo agli elementi finiti (FEM)
  • Project1
  • Realtek AC'97 Update driver Tool
Product Version
  • 2, 2, 0, 3
  • 1.00
  • 0.90 beta

File Traits

  • 2+ executable sections
  • big overlay
  • HighEntropy
  • No Version Info
  • packed
  • x86

Block Information

Total Blocks: 101
Potentially Malicious Blocks: 89
Whitelisted Blocks: 11
Unknown Blocks: 1

Visual Map

0 ? 0 x x x 0 x x x x x x 0 x x 0 x x x x x x x 0 x 0 x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x 0 x 0 x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.OR

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\downloads\risulta.trc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\risultati.txt Generic Write,Read Attributes

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx

Related Posts

Trending

Most Viewed

Loading...