Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.POZ

Trojan.Agent.POZ

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.POZ
Signature status: No Signature

Known Samples

MD5: 86bda6d0fbbc6f60b68bd42f88205212
SHA1: a8b7751054a07b76d1ce5ce45183af9f972b18e1
SHA256: 05AF5A29605A39751741B4F868202C921932D264F8CF6B68415135CF19E6F059
File Size: 37.89 KB, 37888 bytes
MD5: 22110415002414d69b9796bfba07ad6d
SHA1: b399d302b0f8ce9ee5d49c97b1bd8187e7e17e96
SHA256: 1F15CBC9458F3FBFAA5ED8F93E9E6D8E7A6B83779A374F15021AB359299E8C08
File Size: 153.60 KB, 153600 bytes
MD5: da87d67b03bd8816e0276c35b4d9f720
SHA1: 32065e84ccf792db5522bd38278508ad59497d07
SHA256: DD16D8F580634F2CB4BE8A62E3C9E5349458D8F50412AE4F7798B1A5CF16F4A6
File Size: 153.60 KB, 153600 bytes
MD5: f102960f65198442b3e6aedd3cef095e
SHA1: c654a091f3a7c340672d3ec078455f40d67cd17d
SHA256: B35C62FA07D534F117C9688660EAD33B3BAF5615B184A3C12D15550A4CD7DCA3
File Size: 39.42 KB, 39424 bytes
MD5: 6cfdd01a1d3e84dd6d048ff226ed5fe8
SHA1: 9a9d6091d8118e00da130a79f205e6a0fedbed88
SHA256: 147ED184AD10DE228555BB14FB95EC7A11E99A4D8CA9C1FFCCE144F4DA97BBC8
File Size: 154.11 KB, 154112 bytes
Show More
MD5: ff219cb12816654467c89df91aa93ef4
SHA1: 4da9d05adaa8c74ee057ae02740c189c43752a7f
SHA256: 6A593CA61FF165DF0FF8276CF0B82D533CB7A20700AABC1A8F3AC757C43CCEDF
File Size: 122.37 KB, 122368 bytes
MD5: 89502cb69d0e1493599d14572a24043c
SHA1: cd28366d8e2cc609c7ec5160bae3ff0d4d0231b3
SHA256: 32FB6D7A243617CFD768567F3AED34E4A8F6FC5AD1831D29369D69CF48868C00
File Size: 161.28 KB, 161280 bytes
MD5: 3adf4078b07c24b51d6c611ac7a8e4ba
SHA1: 0df3f08cd170990b8d6f12e7ac88b42c5dacbf78
SHA256: A409196F988E71B5D1CBA96714CFD9D260E122B2A5217C73601350BF04C3EC50
File Size: 152.58 KB, 152576 bytes
MD5: 89fbb16abb96f07db6a5b2a0fd62e856
SHA1: 862d4a06eacb360fb41d3451b56ab04665fb0f73
SHA256: 1FD5CD9FA8D4F47CC83DFFD3E6F4F3515FB97DDF0663FEFB0C7F5D702FD7C3D0
File Size: 153.09 KB, 153088 bytes
MD5: 7092157d4208b1c22dbf47b4abb9a07c
SHA1: e86489d01c728c5e214c9bdbea6e86da383ff107
SHA256: CC96D583CF14FE1BAC7ECA8BD8B24E1BC73AE88FD1A19E12991DADF70E0779E1
File Size: 734.00 KB, 734003 bytes
MD5: 19c3d3b962fef95044965fe8578ef313
SHA1: d2cd5d2920456576e6a50486d331fb80b503d1ee
SHA256: 462707A38051715164B3D5DBD940E77F788ACEBEC876BD0BC45EDE1081B7868B
File Size: 153.60 KB, 153600 bytes
MD5: 38f957c223e8891cb43e3697e887cc6e
SHA1: 380b779ebc3760b1dab47442a25d69773de0269e
SHA256: 7E8998A2A82324F67598964DE1312913370FE53024DA7D5A34516FC1A39F9BAC
File Size: 151.55 KB, 151552 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Dendraspis
File Description DoViSplit
File Version 1.0.0.0
Internal Name DoViSplit.exe
Legal Copyright Copyright (C) 2025
Original Filename DoViSplit.exe
Product Name DoViSplit
Product Version 1.0.0.0

File Traits

  • big overlay
  • dll
  • GetConsoleWindow
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 313
Potentially Malicious Blocks: 65
Whitelisted Blocks: 234
Unknown Blocks: 14

Visual Map

0 0 0 0 0 0 0 0 0 0 0 x x ? ? ? 0 x x ? x 0 x x x x x x x x x 0 x x x 0 0 x x ? ? x x 0 0 x x ? 0 0 0 0 0 x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 x 0 x ? x x x x x x x x x 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 x x 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? x x 0 0 x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.HJT
  • Agent.PFRA

Files Modified

File Attributes
c:\users\user\appdata\local\temp\fontdrvhost.exe Generic Write,Read Attributes
c:\users\user\downloads\level6_big_secret.rtf Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetNlsSectionPtr
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl

16 additional items are not displayed above.

Network Wininet
  • InternetOpen
  • InternetOpenUrl
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams

Trending

Most Viewed

Loading...