Trojan.Agent.UGA
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 18,986 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 178 |
| First Seen: | August 2, 2024 |
| Last Seen: | March 20, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.UGA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
a3fb3554224447f751c6d44179cd47f7
SHA1:
232be06781b55b544938272cd869d5b4fcad56d2
SHA256:
AB8992FE04A83DC6444CB8D66BCD1AB30370B5D879AFAD04F631B9092F919B62
File Size:
531.46 KB, 531456 bytes
|
|
MD5:
00e87480c5676741e7821c109af4e125
SHA1:
f811335e801e760d37a843b3b8ce4cd6943ba2fe
SHA256:
D45F6B83F08741BD71F368A849ECD433692FB77E1249DE8EE656AB6E1FC7BC52
File Size:
486.91 KB, 486912 bytes
|
|
MD5:
ca3ff2a8db24b14c61f231da85c0de20
SHA1:
1e31f6e37640791c993a2a686d0bf4364c0404a5
SHA256:
EAB922D2F08C8110790091DB3C946F6A54CAEB9F21C13863B86A6A5BF342ACAE
File Size:
540.67 KB, 540672 bytes
|
|
MD5:
9d9d62464e0d78a09a5a586e14a9897c
SHA1:
8245a0ae04ba7510a27cca43a4a3d1160f642e4f
SHA256:
1B242B41404454F1F928AB2840E13645BBB4DCFA8D27E410435F01083DCC8DB4
File Size:
472.58 KB, 472576 bytes
|
|
MD5:
4814906cbe9e7208914990b9f671fb45
SHA1:
0cb79dde2304591611937a142a402a622f3c221d
SHA256:
B54EFCD1427FF0E56944765E5F25A1EB82D04BAB029B6A99FA7B09856D5698DD
File Size:
529.41 KB, 529408 bytes
|
Show More
|
MD5:
58d9c996509492e014ee3008b3e68247
SHA1:
2396b644577fcf933b03bb0af0bb41ba2bd9927d
SHA256:
5201C9775AB82E087D100EEE2A5770112689CD1429F9E91A6F0428489E60C150
File Size:
518.66 KB, 518656 bytes
|
|
MD5:
55045810d08913183eb697aa8754f502
SHA1:
d75d165a69257caf21ab8384767b91a3e524fceb
SHA256:
F9D52E0ABAD4F030E4A256D8DCA9E5704BA52FCB89D8D000A8C9964C3E2CA766
File Size:
527.87 KB, 527872 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- 2+ executable sections
- dll
- HighEntropy
- vmp section variant
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 466 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 459 |
| Unknown Blocks: | 7 |
Visual Map
?
?
?
?
?
?
?
2
0
0
1
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
2
0
0
3
1
1
0
1
2
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.AIZF
- Agent.ANH
- Agent.JFI
- Agent.KPG
- Agent.LGSA
Show More
- Agent.OFGI
- Farfli.PC
- Farfli.ZI
- Korplug.P
- Kryptik.CBXA
- Kryptik.CBXB
- Stealer.FPE
- Trojan.Kryptik.Gen.COR
- Trojan.Kryptik.Gen.DGK
- Trojan.ShellcodeRunner.Gen.LT
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\232be06781b55b544938272cd869d5b4fcad56d2_0000531456.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f811335e801e760d37a843b3b8ce4cd6943ba2fe_0000486912.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1e31f6e37640791c993a2a686d0bf4364c0404a5_0000540672.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8245a0ae04ba7510a27cca43a4a3d1160f642e4f_0000472576.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0cb79dde2304591611937a142a402a622f3c221d_0000529408.,LiQMAxHB
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2396b644577fcf933b03bb0af0bb41ba2bd9927d_0000518656.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d75d165a69257caf21ab8384767b91a3e524fceb_0000527872.,LiQMAxHB
|
