Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.WA

Trojan.Agent.WA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 23,518
Threat Level: 80 % (High)
Infected Computers: 28,575
First Seen: May 18, 2021
Last Seen: April 21, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.WA
Signature status: No Signature

Known Samples

MD5: 95aa47d6ff86b3936265832c7fb4a018
SHA1: 6fa9045bd349fd33d7bf81a3210abbafade5ef9b
SHA256: 023EE46CC85A3BAC9D52A8E5968611C25326F8E4142B9213BFC06DDF9E9049B9
File Size: 6.23 MB, 6225002 bytes
MD5: 1311a7b321fb993849375cb7200e2297
SHA1: 0549fac55a12f38bb64297b7bce2343b97dcd05d
SHA256: BA8A3909EE9919AFDB63120706ACE9761144B25D73B79D753BFCF3C07E98A73C
File Size: 8.51 MB, 8506766 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Igor Pavlov
File Description 7z Setup SFX
File Version 19.00
Internal Name 7zS.sfx
Legal Copyright Copyright (c) 1999-2018 Igor Pavlov
Original Filename 7zS.sfx.exe
Product Name 7-Zip
Product Version 19.00

File Traits

  • big overlay
  • No Version Info
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0faae672_tue23ec0198e7.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0faae672_tue23ec0198e7.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0fb74aad_tue230bc57bef91.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0fb74aad_tue230bc57bef91.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0fc350a4_tue2370a2acc7.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0fc350a4_tue2370a2acc7.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0ff6ff62_tue23d0d1bcb76d.exe Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd0ff6ff62_tue23d0d1bcb76d.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd1011d0b6_tue23effbc5f006.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd1011d0b6_tue23effbc5f006.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd103cdf78_tue237b7ce4.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd103cdf78_tue237b7ce4.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd1048993e_tue230ba5a24.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd1048993e_tue230ba5a24.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd106431e2_tue231c82d6.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd106431e2_tue231c82d6.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd1076bec9_tue2327a47ab2.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd1076bec9_tue2327a47ab2.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd108656c5_tue236e55187fcd.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd108656c5_tue236e55187fcd.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd109005b6_tue23119930.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd109005b6_tue23119930.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd10aea45e_tue23ab3e56e464.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\624cd10aea45e_tue23ab3e56e464.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libcurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libcurl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libcurlpp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libcurlpp.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libgcc_s_dw2-1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libgcc_s_dw2-1.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libstdc++-6.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libstdc++-6.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libwinpthread-1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\libwinpthread-1.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\setup_install.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs88c4eeff\setup_install.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401aac0d5_60d1c7cc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401aac0d5_60d1c7cc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401b5cd92_7c9913856.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401b5cd92_7c9913856.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401ce77d1_cedfef3ff5.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401ce77d1_cedfef3ff5.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401db1daa_d14dfc21e3.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f401db1daa_d14dfc21e3.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f402012b05_667e4d9882.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f402012b05_667e4d9882.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f4021411ca_8bf78ccb82.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f4021411ca_8bf78ccb82.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f402242451_80f3d9cded.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f402242451_80f3d9cded.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f402344a41_36a3af.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f402344a41_36a3af.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f4023e143f_43fa684d.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f4023e143f_43fa684d.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f4025ca8cc_1439a382.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\629f4025ca8cc_1439a382.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\libgcc_s_dw2-1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\libgcc_s_dw2-1.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\libstdc++-6.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\libstdc++-6.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\libwinpthread-1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\libwinpthread-1.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\setup_install.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc8bd065a\setup_install.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5351.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\setup_installer.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 谐⨍㉤ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn

94 additional items are not displayed above.

Process Terminate
  • TerminateProcess

Shell Command Execution

runas C:\Users\Iyorljji\AppData\Local\Temp\setup_installer.exe
(NULL) setup_install.exe
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Iyorljji\AppData\Local\Temp"
WriteConsole: The current dire
WriteConsole: '629f401aac0d5_6
Show More
WriteConsole: '629f401b5cd92_7
WriteConsole: '629f401ce77d1_c
WriteConsole: '629f401db1daa_d
WriteConsole: '629f402012b05_6
WriteConsole: '629f402242451_8
WriteConsole: '629f4021411ca_8
WriteConsole: '629f402344a41_3
WriteConsole: '629f4023e143f_4
WriteConsole: '629f4025ca8cc_1

Trending

Most Viewed

Loading...