Trojan.Agent.OR
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.OR |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
56746cb8a2d87c353d4244621170746a
SHA1:
d484571c24e606ace1421d40a584e66d9607bbdf
SHA256:
8D5958720D650BC6D0E3533770D37EF91D53C66163E5149DC251ECFE57D4873C
File Size:
36.86 KB, 36864 bytes
|
|
MD5:
59d7b6c66aff4b4827b9d241b64e1dce
SHA1:
70f53c1291d1d1a739e5e8f8d5c3a9bec2737e9a
SHA256:
AC98AEC25355BD40D22CC5930C5189E9A98C8E1D013DCE07A9AD81411EC15B2E
File Size:
20.99 KB, 20992 bytes
|
|
MD5:
20986973f143190e4798c4e316a9676b
SHA1:
653d0764c6dbc66ac917bf092fdef15f0e78e175
SHA256:
BF33235079EDDFC3A0205912C08A1F7410434BFE613806B42887266DF0FB4736
File Size:
243.12 KB, 243115 bytes
|
|
MD5:
530f9fa7658fcb9f6de4d151d3b091ce
SHA1:
92795ea6e11420d2e5328e05f179d99ca0af3dfb
SHA256:
24F8163860D117F53CE79ECFDF44851C5820123157B8EE51E0C5EC5FC630FA38
File Size:
80.38 KB, 80384 bytes
|
|
MD5:
aa550a71c8fa801255df2cf9f66635a4
SHA1:
309cd5f3dbed5d67181c1a99a266824a3b947059
SHA256:
C9ED4CC70D75DDAD5273A7401745F24981066003ABBA11442B65932E76DFF898
File Size:
318.83 KB, 318834 bytes
|
Show More
|
MD5:
3a21f4d7039d68cc149729f6624734ca
SHA1:
bf9046a31ef17fdff07dead531a7388d997eb589
SHA256:
49CD491EB4CC200AA0B145964758FF8539E7A321497912E6FFF6B540F689CCE2
File Size:
20.99 KB, 20992 bytes
|
|
MD5:
9757ef3c67f2a8b303bf7e855531b091
SHA1:
88570193c5f3a0470e4eeb76b20488cd038ef973
SHA256:
3B34E21D338149E8B58B444B618F81AEA9B2C60CD862D3D7809A674DEE192A4F
File Size:
28.16 KB, 28160 bytes
|
|
MD5:
cd539547dc8acf5ae303ef200eddabbd
SHA1:
0772d814f568838827dbbaba691fbf8610d0adfc
SHA256:
4A3D1D7155EB9EB9E4E035369A565159019FF41AB8B51C720A800C6A72A20B05
File Size:
132.41 KB, 132415 bytes
|
|
MD5:
07151e00c06de3d90f9cf74554282002
SHA1:
0dd7edfad7157c555f7c063386e4fc898abf0752
SHA256:
3F050D87669ADBADC0B44F85742445A26BA731DE6C94BF9394B70456995C1C4E
File Size:
17.41 KB, 17408 bytes
|
|
MD5:
2bd41c7a940bd0720ae468028f9e3329
SHA1:
0b13850e46008f45fb27afa0a9ee597127cd39cf
SHA256:
65893AD2C2E138CBDC7FFDBE024199EC4F8069B7117C258F151D5FFA52297325
File Size:
1.42 MB, 1415295 bytes
|
|
MD5:
fbd67ee05049919b925bd3f90a5e77be
SHA1:
46ff83bf7784f737132ab93171c954a5aff7a530
SHA256:
410B08F7AD9867117BC3BAE968BC07ACE8BDCF469D9A042C19E67E655863D0CB
File Size:
20.48 KB, 20480 bytes
|
|
MD5:
8a158f7d8f897978766c1fb886bef0a3
SHA1:
e40447abc7753cd3f0f75dcf7de632c8214d17c1
SHA256:
37CF10A30D3AF5086F5B89AE41BD10191D233FF498AF0AE297F07B8C530E596E
File Size:
19.97 KB, 19968 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File has been packed
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | Tutti i diritti sono riservati, (TM) DVL & Inc. |
| Lingua | Italiano (Standard) |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- 2+ executable sections
- big overlay
- HighEntropy
- No Version Info
- packed
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 101 |
|---|---|
| Potentially Malicious Blocks: | 89 |
| Whitelisted Blocks: | 11 |
| Unknown Blocks: | 1 |
Visual Map
0
?
0
x
x
x
0
x
x
x
x
x
x
0
x
x
0
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
0
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.OR
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\downloads\risulta.trc | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\risultati.txt | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|
