Threat Database Trojans Trojan.Agent.XDK

Trojan.Agent.XDK

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.XDK
Signature status: No Signature

Known Samples

MD5: 3c3133e36c73d9419014d254e8ef0622
SHA1: 4e22a1c80b512d94a4d3bfeea0b7614225abb346
File Size: 241.66 KB, 241664 bytes
MD5: 168ac2e4f488b354369de411a90e7bd8
SHA1: c94ad04fcfee8703b74656a333256d4d21b162fd
SHA256: FF58B4FEDD20827A0D538AAE3DC0739058E85CDFDD0479FC8E4FA8C9DEBBCB7F
File Size: 274.43 KB, 274432 bytes
MD5: 28ce123edc78724534ecfd93f2cc4d69
SHA1: 9c6481e6f3c242c93445545cda170e1abba0ddc0
SHA256: BA67C4E0F9574C9ED15355F48B96383DFBC1464130D579D3F9D147387C1B04B9
File Size: 258.05 KB, 258048 bytes
MD5: 4ea0c3f894a35e58d33c5669ab3fe2ee
SHA1: baabcb9d8eb763bf27b55da2d11e10fa9193d373
SHA256: 72923BB7D3BFE2AD7238814B02B4D8C2A7790BB0C29012E473115A31B28C1BAA
File Size: 270.34 KB, 270336 bytes
MD5: 51fff30a150125c2450f5c397b7e643f
SHA1: ae36433606aa80029895aecd6444afe1f3094d52
SHA256: 94A85E0F55F0C333AB76412E1DA38CE6257E090DCDA6FA4BDA5803880694771B
File Size: 237.57 KB, 237568 bytes
Show More
MD5: a6c3c50ec3c2da53272634c528367322
SHA1: 2d6d88f805afd43e7fae0f3315fe5d7bc0437673
SHA256: 4A0CC23F9B0E678F4DFA96A98318279EEBF79E8874699E471B5B6E2816A2DDC9
File Size: 237.57 KB, 237568 bytes
MD5: 7a2d2e0fa4f3a729df45f006851892a5
SHA1: 4d874161088c897f04a5c7cfc61d80784342a9ab
SHA256: 79A05B6EBEA1D1FA7BB209F4921CB45A1F010DE9D7BDAE202F0C96B6C5ED9A66
File Size: 241.66 KB, 241664 bytes
MD5: e26f2bf59d43b67b8cf954f8a863c1de
SHA1: bfe767b0a350de405edf0ae469590214eb40807c
SHA256: 9731743DAA2B0BB484037190D1BED84C266E44241957667F516CD91A18A42A67
File Size: 237.57 KB, 237568 bytes
MD5: 1e6dba89c45dfb8d2c58aa87e8d56e79
SHA1: 6ffe670f0fe7da52fa27e1c2f398da4c27e54dfe
SHA256: F1C40B7C0CE1BD4658379FAB58C73BFCC9D566AF9A345C4C1E96E6D58BE726E9
File Size: 245.76 KB, 245760 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • Gentee
  • No Version Info
  • x86

Block Information

Total Blocks: 106
Potentially Malicious Blocks: 79
Whitelisted Blocks: 27
Unknown Blocks: 0

Visual Map

x 0 0 x x x x x x x x x x x x x 0 x x x x 0 x x x 0 x 0 0 x x 0 0 0 x 1 x 0 x x 0 x 0 x x x x 0 0 x x x x x x x x x 0 x x x x x x 0 x 0 x x x x x x 0 x x 0 x x x x x x 0 x x x x 0 x 0 x x x x x x x x x x x 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.XDK

Files Modified

File Attributes
c:\users\user\appdata\local\temp\gentee00.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\gentee00\english.lng Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\gentee00\german.lng Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\gentee00\pauto.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\gentee00\spanish.lng Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...