Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.UIGA

Trojan.Agent.UIGA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 5,757
Threat Level: 80 % (High)
Infected Computers: 34
First Seen: February 4, 2026
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.UIGA
Signature status: No Signature

Known Samples

MD5: dee5a19eec188f7ec99473bc8c586285
SHA1: 8524fee9d2fc4f641f5af18c4e00d182776a6c28
SHA256: 37DEA037D58B049248919C64E369A33FF5D315925D83FD2124F844088B236B06
File Size: 920.54 KB, 920538 bytes
MD5: 8e26596854ee84950e1cc6c2d1848c46
SHA1: f58ad143c5aac012cf2596f5e2103a14c446408c
SHA256: 192D20D704CCF60EBF0BAC462F73E5F8F5AD91BA10FBFF0D0287A68DC882FB18
File Size: 9.85 MB, 9852096 bytes
MD5: d97bce72fbc07d12712a16aa2fa8123d
SHA1: 73facc82c62b5a7b43d9c953ad57cacde1d1978b
SHA256: 12A45C261C70BAF9D3694C38DA7E4D89F6D2FEC3A0B3838F3566CFE2C50D21F4
File Size: 916.62 KB, 916620 bytes
MD5: 3eb196a30a76316f9f44fabf6b1ae105
SHA1: b0732be0b01e8f4efc8035e58eabc73f8615e01d
SHA256: FF324ADDD143F99FD7E0098D02DCC7CF337F8A1FBAFAE5E624A7392B9CD9FDF0
File Size: 1.21 MB, 1208800 bytes
MD5: 6a1b5be860cf07947f8b956729c82412
SHA1: a8bfa07361fbecfbb8c898955dbaa7faf347d81a
SHA256: 123DAAB237EBDBB4D43957D6E4E870B95E850F9EE1D13D47D523927F5819858D
File Size: 1.48 MB, 1483884 bytes
Show More
MD5: bd1c5793b0ce87d348dc2cc6512c4c5a
SHA1: cc3ad3c44fd9352ea9a240a7d3896ccf1bbf3eda
SHA256: D1AD023232B39F2405CD42F9369E84261FB766BE3C95875F0B8CB12B8F68D381
File Size: 1.68 MB, 1683144 bytes
MD5: 785e43b8d74c76e7936f414b7bd8b421
SHA1: 2141ccb316303683c37a3f0acf1a12de254fdd53
SHA256: DA44BAEAC2D69FC2D8D3E03E95F3B302625FC7234206F572F513B14636EB76F2
File Size: 2.67 MB, 2673115 bytes
MD5: 6b994ea85f142514435e0ce75555983e
SHA1: d1122747e6e5eecec0ef809b38b7264ecab63eeb
SHA256: D0045377F72DD38ECE58F2193144FE2F40087B734EE9F5B24E5FA2FA8746A06E
File Size: 1.15 MB, 1145800 bytes
MD5: 599cb28806924673cb7f173fdaaac61e
SHA1: d869f6b61610b502e9c240478ab952e456a7bf7a
SHA256: 15D7A2F36C893A23AF9A634933D549E96003043B1CC747A2172076B6B239F612
File Size: 945.73 KB, 945728 bytes
MD5: 3aceb95be51c13c5108ae6d60958f578
SHA1: ca0e4776d45990d2460d2cf77d69d2e8db30bd6b
SHA256: BAE90F224A10A8E4727BF9EBBC366D84E44040B5142C36CC685B0B51CA0AF4AB
File Size: 1.17 MB, 1172977 bytes
MD5: 019b8b4b734a75f0040d0e63390d445c
SHA1: 2fb90ccc8b19aaafbe9d1077b9dd58ff6cdbb1ec
SHA256: F366948622CC741AAF56FF0FAC53DA6A435803C2234DB81D3583FC976919E91A
File Size: 3.91 MB, 3911408 bytes
MD5: cc05a303c7817e038a2bb4c209419a4d
SHA1: 1f4673ef784146ee3a9cd5cef217ff17e6774993
SHA256: 13606520561EFBF7D789EF26A1EE5DB576CB9D602B2F27027FE79CC91FBC7EBC
File Size: 924.60 KB, 924596 bytes
MD5: c665ac88e0bcd5d182fa57b9d838779b
SHA1: 5fd5d360b8959ae3df7eef28ffd92428d7a22843
SHA256: 588245D29BA13CA67732F104BDE477B4937C5A5A2A1F31C9A80C81E1543D2439
File Size: 943.92 KB, 943924 bytes
MD5: 9830c9e0ed79c6c219bbce35abbe0971
SHA1: 2410abf76d96ebc624945ade13e71ad97afb5164
SHA256: 2ED0C071ED82FC210219DDC3827075D75B565C0D9CA2802B393A5082D500D989
File Size: 948.74 KB, 948736 bytes
MD5: 8fbeed4efe7c00c5f657155dda757eb6
SHA1: 339a8212b5afeedb205e50e7a30851605ed4add6
SHA256: 67DE7C2290527091A94DABF154385046B5530023F1ECC431D1389C74FFFA8A7D
File Size: 1.16 MB, 1163792 bytes
MD5: 48e93d39acc1301f0a6618cc4767864b
SHA1: d84c530ed8aa3a6f2bfb9913ca8e181e6fb84715
SHA256: 682EC4C09DC4E3146B9B5A0A6747426445BD0183A68902B506A536D05D1C8FFC
File Size: 921.14 KB, 921144 bytes
MD5: 755e4c468c03f7bb843de1f124df9994
SHA1: fbeda59f4de7b4787b2a03f2b102e2ef589d150a
SHA256: 16477487DCABD96BFE805D0E98378516CBA21E75158908CB9D61C8D7A2037A9F
File Size: 5.93 MB, 5926686 bytes
MD5: eac3a8ebf9509efc72a4816d8ed0bc62
SHA1: 1ed3f36fca61d16169484819757a49755b980c44
SHA256: D2C0EE79BF7E4799A5C1910874AFBB121F9749BC387B6E31152624F990883778
File Size: 3.23 MB, 3234280 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Alpha Urgent Dynamics
  • Axis Bridge Center
  • Blend Hardware Geo Group
  • ByteNode University
  • Deep & Leaf Club
  • Diamond Neural Company
  • Entry PLC
  • Fresh Micro & Sky Club
  • Gamma Fire Beta Solutions
  • Genius Apex Red Assets
Show More
  • Genius Unique Universe
  • GeoDoorUltra Coalition
  • Leaf Beat & Fuse Innovations
  • Monitor Universe
  • Neo Crown Connect Dynamics
  • Panelt6 Works
  • QuickStreamBio Alliance
  • Unite60 Telecommunications
File Description
  • Artisan Fork Array Conservation Runtime
  • Channel Augmented Support Creator Layer
  • Cornerstone Patch Signal Assurance Service
  • Customer Response Component
  • Exchange Distributed Extended Resolver Driver
  • Eye Boutique Converter Encoder
  • Frank Extension Flexible Refactorer
  • Frank Process Extension
  • Listener Cloud Technique Inspect Joiner
  • Open Cluster Supply Tool
Show More
  • Power Facade Backup Inspect Program
  • Progressing Search Timeline Restoration Extension
  • Protocol Capacitance Innovative Primary Provider
  • Spectrum Select Runtime
  • Stream Disruptive Subsystem
  • Support Volume Driver
  • Tiny Temperature Regulatory Producer
  • Tiny Video Learning Wrapper
File Version
  • 13.12.86.188
  • 12.13.15.764
  • 8.8.29.281
  • 8.1.26.27
  • 8.1.9.251
  • 6.1.29.114
  • 5.8.41.86
  • 5.3.5.169
  • 4.19.36.844
  • 4.12.40.51
Show More
  • 4.8.73.654
  • 4.2.9.45
  • 3.0.9.124
  • 2.15.32.788
  • 2.2.18.73
  • 2.2.8.79
  • 2.1.20.102
  • 1.6.2.89
Internal Name
  • apimodeldf
  • audiomediaf1d5
  • chrome_elf
  • cryptcertee30
  • host171
  • network_2922
  • pattern_memory
  • pipeline_split
  • plugin_18f269
  • protosync95a
Show More
  • record_recycl
  • settings_ce21
  • startup_00d0d
  • SysProvider
Legal Copyright
  • (C) 2021 - 2025 Blend Hardware Geo Group
  • (C) 2022 - 2025 Alpha Urgent Dynamics
  • (C) 2025 ByteNode University
  • (C) Copyright 2022 Unite60 Telecommunications
  • (C) Copyright 2025 Axis Bridge Center
  • (C) Copyright 2026 Fresh Micro & Sky Club
  • 2020 Monitor Universe. All Rights Reserved.
  • 2022 Panelt6 Works. All Rights Reserved.
  • 2023 Leaf Beat & Fuse Innovations. All Rights Reserved.
  • All Rights Reserved. Copyright 2020 Deep & Leaf Club
Show More
  • All Rights Reserved. Copyright 2020 Gamma Fire Beta Solutions
  • Copyright (C) 2013-2019 QuickStreamBio Alliance
  • Copyright 2014, 2022 Neo Crown Connect Dynamics
  • Copyright 2016, 2023 Diamond Neural Company
  • Copyright 2024 Entry PLC
  • Genius Apex Red Assets Copyright 2019-2023
  • Genius Unique Universe (C) 2024
  • GeoDoorUltra Coalition, Copyright 2018
Original Filename
  • apimodeldf
  • audiomediaf1d5
  • chrome_elf
  • cryptcertee30
  • host171
  • network_2922.dll
  • pattern_memory
  • pipeline_split
  • plugin_18f269
  • protosync95a
Show More
  • record_recycl
  • settings_ce21
  • startup_00d0d
  • SysProvider
Product Name
  • Async Banking Hold Packer
  • BandAmplitude Enhanced Builder
  • Clever Connect Oscillator Validator
  • EffectEngine Perceptive Sweeper
  • Essential Endpoint Verifier
  • Family Protocol SDK Slice
  • Maturing Debug Limiter Sender
  • Merged Unified Grid Assistant
  • Output Radio Finalizer
  • Path Excellence Highlighter
Show More
  • Power Essential Cutting Finalizer
  • Proton Inductance Perceptive Conductor
  • Radio Excellence Logistics Forwarder
  • Skew Humidity Timer
  • Soft Combiner
  • Storage Archival Interrupt Categorizer
  • Table Candid Chunk
  • Tree Workflow Regulator
Product Version
  • 16.2.90.906
  • 11.5.37.171
  • 11.4.14.229
  • 11.2.30.257
  • 9.9.63.980
  • 9.6.17.325
  • 9.2.18.294
  • 8.8.29.281
  • 8.4.17.282
  • 5.8.41.86
Show More
  • 4.19.36.844
  • 4.12.40.51
  • 4.8.73.654
  • 3.3.10.197
  • 3.0.9.124
  • 2.4.11.50
  • 2.1.3.36
  • 1.11.39.153

File Traits

  • big overlay
  • dll
  • HighEntropy
  • x64

Block Information

Total Blocks: 184
Potentially Malicious Blocks: 20
Whitelisted Blocks: 95
Unknown Blocks: 69

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? ? 0 ? ? ? 0 ? x ? ? x ? ? ? ? ? ? ? ? ? x ? ? ? ? ? 1 0 ? ? ? x ? ? x ? ? ? ? ? ? x x x x ? ? ? 0 ? ? ? ? x ? ? ? x ? ? x x x x ? ? ? ? ? ? 1 ? ? 0 x ? ? 0 ? 0 x ? ? ? x ? ? 0 ? x ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.LPI
  • Agent.UIG
  • Agent.UIGA
  • Dropper.JOA
  • Dropper.JOB
Show More
  • Injector.SR
  • Trojan.Agent.Gen.AMX
  • Trojan.Agent.Gen.APP
  • Trojan.Agent.Gen.BPG
  • Trojan.Injector.Gen.FHZ
  • Trojan.Injector.Gen.FKE
  • Trojan.Injector.Gen.FND
  • Trojan.Kryptik.Gen.DBD
  • Trojan.Kryptik.Gen.DYP
  • Trojan.ShellcodeRunner.Gen.IT

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory

6 additional items are not displayed above.

Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • NtWriteVirtualMemory
  • ReadProcessMemory

Trending

Most Viewed

Loading...