Trojan.Agent.XAE

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.XAE
Signature status:	No Signature

Known Samples

MD5: 8fc64c88bd066e675458d4ba733f6381

SHA1: ad0179e7d3fc10777badfb29a7c04cf10d579efd

SHA256: 8EB7BA93DB12605A463EA8D69AD2D46FC437BC0D8A1AE11667478F96A746DFDF

File Size: 713.13 KB, 713129 bytes

MD5: c1c6f93f4aa5f913b96c4d4f87a439ad

SHA1: e759b96ed9ec5a1c8cd2c0212d34c564b8b1bbc7

SHA256: 6385E91E68877F3E9ECA6F145306C205D0477B1A33C333521C0C32B385A46CB7

File Size: 8.10 MB, 8098076 bytes

MD5: 9925fa75894797a2c5c4515a20e9397b

SHA1: 8d49716e677f7c588cd696a2923007ab6b7f0620

SHA256: A876D95E270F522067EEBDCD993C52F189E76CAE14A444EC4A118C2442E91DD0

File Size: 648.84 KB, 648840 bytes

MD5: 20923e6bb906048c944418908cd76a8d

SHA1: 6dfce61915995859ae01e0e03444bffb635db144

SHA256: FD8393317F63684CDDE2D9CA3444535F14688AA898DE87A42B86F7E346DDE2B7

File Size: 221.20 KB, 221204 bytes

MD5: 35f31645d746422e69572a4142908e40

SHA1: 66d5963d0db6e17c36606a6cc5d2fc7c83d6206c

SHA256: 45BCACACC896330EC5B452434AFCD32CA621A527AFCC13F4FDC62F53F1CDBAE6

File Size: 9.58 MB, 9578640 bytes

MD5: f5ab334ba3230c855f4b3f18dc541970

SHA1: 3e6f69054ec2948e1e38ed5f1c03df7853e54594

SHA256: 071C3867F546810A0DD6116673719C74F581DC5FBD4E44BAB0EE65E62193E168

File Size: 818.56 KB, 818564 bytes

MD5: a96a60b15f6efecf2fdc0e81981f3135

SHA1: f1fbd6e118aad3e5b713dad3805e9eb9f0d4ffc1

SHA256: 96FCB2BC670DEE79D40090C8A587AF85C3C95EE02DCABE2E76CEB3EE11DC4ECD

File Size: 1.27 MB, 1271792 bytes

MD5: b94987830352c147100d5a23fbee23fa

SHA1: 556875501a436fdf638f5a77ea253dce609766e4

SHA256: 5512C91E2E0C2C6B4CFD6196F62B85355BE385C2765F16071B79FF96E7D0BECA

File Size: 5.26 MB, 5255918 bytes

MD5: 7cc139d9e82e0faa3a01ab9db3281c80

SHA1: 9271a93ab8797c534984ec670771e00877eeb69c

SHA256: DE9B377B90D6A86615504C40A54C27688C522708EB691AFD71BC0CD3DD778EB6

File Size: 219.39 KB, 219390 bytes

MD5: c752c12705efc0a116a7bd7de4bc1f1e

SHA1: cca63e5109c43a11507713d36ef21beec26eec8d

SHA256: 0AF63E17E7B86CAE7902C2893F7711562649144D57A82D2FDFCC8B3B95EAEF02

File Size: 222.44 KB, 222444 bytes

MD5: 01301b8b5b0095c5a0433a8f190c575c

SHA1: 7b07aa5ce5e64cae1c7bc21e5de8d99be93f4b58

SHA256: D96B1202E1358239FBF964D0A1DE128B4EEE7F3B63BE757A4E544C81F0308C7F

File Size: 221.82 KB, 221820 bytes

MD5: 99cf76c5b0c856a334e24d3a16f6dcc3

SHA1: dca473a27469cdf2859b1c1a58d84a7f16c27006

SHA256: 9D24C45DC1262CB6F1C346068AB921C37FAADFB980E7B5AC8425CC1E94EB1DDF

File Size: 217.60 KB, 217600 bytes

MD5: 010657b0b9995ac0581c0b67c02058c2

SHA1: 808133009f216fba6a61702d3315e46833179c2a

SHA256: B9C8FA991CC3D3E32CE189219EF205E5DF355E4BBDADC988ACD20B5D2C841887

File Size: 221.28 KB, 221283 bytes

MD5: 82882e743a421427a6f7ab065f2755ee

SHA1: 693e0779f16e590f274cb854f15303f1fa7edafd

SHA256: 929259E0D05DCA669913754D68BC687BE405F102AFDCF002EE354430AD7ECAD6

File Size: 366.11 KB, 366106 bytes

MD5: e6bcc88dfee60f43001b69c165a65fc0

SHA1: 4f2c656c04773aa32c21d75aa7f8e8046f3ff89e

SHA256: 6D5ADF10BB01986EA9301B89283FFCFC8AFD753312A886AE218AA7276A64B2C7

File Size: 2.95 MB, 2951039 bytes

MD5: 4e36b9c694aa69d483eb7d0e9a8e265c

SHA1: 2ec60fa6b77926749b4a6ee44a7caac210cfd665

SHA256: B7980AF55AAC423E5ED71F8B9A88FC19D7280EF5FC40D64C3110131284C0D220

File Size: 6.83 MB, 6832111 bytes

MD5: 44dfb70647190433f683812cb1401e38

SHA1: 4919d9e3f3627cbb9864b249d8ac8252e8e77754

SHA256: 62288400B6057204D485219E023F95D58A92D11AB0608F58E80276285492F01D

File Size: 3.72 MB, 3716985 bytes

MD5: d449257fc13d9652f39d32d9b3836de2

SHA1: 4d8a794b896958ebf8fb301a216b7e2a67a35b22

SHA256: B48EA86D0767CCE903E535D14C591190F344F8D04930E17133EDFBD487293E16

File Size: 3.99 MB, 3991840 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have relocations information
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

HighEntropy
Installer Manifest
No Version Info
RAR (In Overlay)
WRARSFX
x86

Block Information

Total Blocks:	843
Potentially Malicious Blocks:	0
Whitelisted Blocks:	843
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 1 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 1 1 0 0 0 0 0 0 0 0 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 2 0 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 1 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 1 0 0 1 0 1 0 0 2 2 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.XAE
HEUR.MSIL.Generic_274333
Malex.N
Wana Decrypt0r.A

Files Modified

File	Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\winrar	Synchronize,Write Attributes
c:\program files (x86)\winrar\__tmp_rar_sfx_access_check_3565328	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\winrar\rarreg.key	Generic Write,Read Attributes
c:\program files (x86)\winrar\rarreg.key	Synchronize,Write Attributes
c:\projetos	Synchronize,Write Attributes
c:\projetos\__tmp_rar_sfx_access_check_12276546	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\projetos\robt	Generic Write,Read Attributes
c:\projetos\robt	Synchronize,Write Attributes

c:\projetos\robt\data	Generic Write,Read Attributes
c:\projetos\robt\data	Synchronize,Write Attributes
c:\projetos\robt\data\robtsi12legs.xml	Generic Write,Read Attributes
c:\projetos\robt\data\robtsi12legs.xml	Synchronize,Write Attributes
c:\projetos\robt\locucoes	Generic Write,Read Attributes
c:\projetos\robt\locucoes	Synchronize,Write Attributes
c:\projetos\robt\locucoes\robtsi12	Generic Write,Read Attributes
c:\projetos\robt\locucoes\robtsi12	Synchronize,Write Attributes
c:\projetos\robt\locucoes\robtsi12\robtsi12015.mp3	Generic Write,Read Attributes
c:\projetos\robt\locucoes\robtsi12\robtsi12015.mp3	Synchronize,Write Attributes
c:\projetos\robt\version.txt	Generic Write,Read Attributes
c:\projetos\robt\version.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_32.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msi3aefe.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2146000	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_238718	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\cdiresource	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\alertmail.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\alertmail.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\alertmail4.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\alertmail4.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot\excanvas.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot\excanvas.min.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot\jquery.flot.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot\jquery.flot.min.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot\jquery.min.js	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\flot\jquery.min.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\graph.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\graph.css	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\graph.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\graph.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\graph8.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\graph8.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\option.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\dialog\option.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\gadget	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\gadget\crystaldiskinfo.gadget	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus\copying.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus\copying.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus\opusdec.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus\opusdec.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\opus\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\dark	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\dark\theme.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\dark\theme.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\default	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\default\theme.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\default\theme.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\flatsquare	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\flatsquare\theme.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\flatsquare\theme.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\simplicity	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\simplicity\theme.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\cdiresource\themes\simplicity\theme.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\diskinfo.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\diskinfo.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\diskinfo32.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\diskinfo32.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\diskinfo64.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\diskinfo64.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\installwnb.msi	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\installwnb.msi	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\copyright-ja.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\copyright-ja.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\copyright.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\copyright.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\nvmeinterpreter-license.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\nvmeinterpreter-license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\polyhook_2_0-license.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\polyhook_2_0-license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\slotspeedgetter-license.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\slotspeedgetter-license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\win32-darkmode-license.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\license\win32-darkmode-license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\01.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\01.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\03.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\03.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\04.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\04.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\05.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\05.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\07.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\07.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\09.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\09.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\0a.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\0a.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\0c.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\0c.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\b8.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\b8.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bb.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bb.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bc.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bc.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bd.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bd.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\be.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\be.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bf.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\bf.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c0.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c0.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c1.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c1.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c2.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c2.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c3.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c3.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c5.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c5.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c6.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c6.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c7.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\c7.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\currentpendingsectorcount.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\currentpendingsectorcount.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\poweroncount.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\poweroncount.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\poweronhours.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\poweronhours.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\reallocatedsectorscount.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\reallocatedsectorscount.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\smart.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\smart.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\temperature.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\temperature.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\uncorrectablesectorcount.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\em200ab000s1s04fak\uncorrectablesectorcount.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\01.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\01.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\05.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\05.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\09.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\09.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\0c.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\0c.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a1.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a1.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a2.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a2.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a3.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a3.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a4.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a4.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a6.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a6.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a7.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a7.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a8.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a8.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a9.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\a9.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ab.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ab.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ac.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ac.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ae.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ae.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\af.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\af.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\b5.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\b5.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\bb.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\bb.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c2.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c2.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c3.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c3.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c4.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c4.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c7.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\c7.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ce.csv	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\ce.csv	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\smart\netac ssd 240gbaa000032567777774367\cf.csv	Generic Write,Read Attributes

578 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\winrar sfx::c%%windows%system32%drivers%etc	C:\Windows\System32\drivers\etc	RegNtPreCreateKey
HKCU\software\winrar sfx::c%%program files (x86)%diskinfo64.exe	C:\Users\Manpstuh\AppData\Local\Temp\RarSFX0	RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState
Process Shell Execute	ShellExecuteEx
Process Manipulation Evasion	NtUnmapViewOfSection
Other Suspicious	AdjustTokenPrivileges

Shell Command Execution


							(NULL) C:\Users\Xhsfluno\AppData\Local\Temp\RarSFX0\setup.exe


							(NULL) C:\Windows\SysWOW64\msiexec.exe  -I "C:\Users\Xhsfluno\AppData\Local\Temp\RarSFX0\InstallWnb.msi"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.XAE

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

WAR Airdorp Scam

Lemongifted.com

Dindoor Backdoor

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen