Threat Database Trojans Trojan.Agent.XDN

Trojan.Agent.XDN

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.XDN
Signature status: No Signature

Known Samples

MD5: 1ef5089be4b6cdf26806a859cedc32f2
SHA1: ef7d62054e90aced394d0de454dfa4c1442b413f
SHA256: A4AC9BFC0523F1522C6E6803B895A760C162FB8C6ABD111F9E122C431CBAC986
File Size: 777.22 KB, 777216 bytes
MD5: bd9c3d4db5ee5120f60aab1e2e195b55
SHA1: fd81ce61233434163ed8d1690b3978f70b6c5d60
SHA256: 558ED4CBD1DE81AD3EEDFD7DAB6D9E5AE58D73928FA70C649F0DD35111A498C8
File Size: 820.74 KB, 820736 bytes
MD5: 872581d2558f3a1eca4da83ef61cb03f
SHA1: 9edcddfeb08482344f6a33d7848b572142954b76
SHA256: 3636612F07CD183AC56C0346B4FF6E415DC8771003B647D5E96A4F07FC9176F3
File Size: 779.26 KB, 779264 bytes
MD5: aade2a42c94df06f0acd9575c2b05320
SHA1: b2fe58a7f2dea88e3f0bca96e0827e2bccb4c303
SHA256: B450B5405419CF91E688FA39DB6CD1B63C4584E348C29470B82A0869570EC155
File Size: 791.55 KB, 791552 bytes
MD5: 5b485b5d662c98b86cac63010282023e
SHA1: fec734860a69a150919741560e60bd7e0f4defc1
SHA256: 64235212A4D671BFC95D2A6D8D6504DD8484DEAF40CAF84307A80342D14F2FEF
File Size: 790.53 KB, 790528 bytes
Show More
MD5: 7e7e8bac7a28e2ffc6ffc10561159765
SHA1: d428f60f779c65d256e9689578fc9396b620be35
SHA256: A14B8E370AC17740EA930EAF6270AC229E515E15E4ADD90B1E09B5867B97800E
File Size: 792.58 KB, 792576 bytes
MD5: e13756ade5ce03f1416642d806657487
SHA1: 48181af74075234550e9f38d3f2b6493b8c86d2c
SHA256: B01DFD282D0D37DAE6B834F4D3D9494C53FDCADF6A1D3BFD7514C5C1F929A827
File Size: 795.14 KB, 795136 bytes
MD5: 923c35259453b22fe0c36aee35ee7444
SHA1: 506858d00c16cb2b3659e8d8fad05e114874f71d
SHA256: 76A230BB6089D3FEC87674BB7FDB9C174F8A1EB154A67CB24AC9E3AA75F48A68
File Size: 778.24 KB, 778240 bytes
MD5: a4b74c5090f8b69a5aedb308ceb3f577
SHA1: 20079524a110cb60306b21e18a8f3f1537eb36c0
SHA256: 6B4348D197681D100CF299973DA2E714C4BF032BB6834D4ACCCAF3F6D84C0B74
File Size: 782.85 KB, 782848 bytes
MD5: d5a051eac7ac61dab74cec5e047a73e8
SHA1: 3abb22f69a9163dc74b28e7e1b56a46fe769cf75
SHA256: BE361A45D8B978C0527F1C43C707ABCAE043A366FF0C9176080F46165EF710E0
File Size: 790.02 KB, 790016 bytes
MD5: 1e5903d109cecb9ff10859be453d005e
SHA1: d3accef11fff53667ef5bae48519bd3c8f441703
SHA256: BA0BD051D0B5F6EE2EB1F971BA926649728E39DE5A53644BCE0A1381B749AD57
File Size: 778.75 KB, 778752 bytes
MD5: 40b1195bc1a1d102f6aebe8d6a9cb769
SHA1: a85e481b13a4f6fc63fd1c76c4606a2c64a19762
SHA256: 7E6099B366B695EAEC012E48DCD5E7F091BA8DAC294C086C62D4DE1B0F599BE9
File Size: 778.75 KB, 778752 bytes
MD5: 7cf7de7b738636138b73dd71d372a6ac
SHA1: fb0dda681243c22bd40e9e85606638be4773bb5c
SHA256: 7FE4BD2E12EED936804B01F43E5BB3DC2F65FB066AE1CC5DF7D91632BE4AC9CC
File Size: 139.78 KB, 139776 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • HighEntropy
  • No Version Info
  • x64

Block Information

Total Blocks: 71
Potentially Malicious Blocks: 0
Whitelisted Blocks: 59
Unknown Blocks: 12

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.KPRB
  • Agent.OIZ
  • Agent.OSS
  • Agent.UFF
  • Agent.YFE
Show More
  • ClipBanker.GDA
  • Downloader.OFC
  • Kryptik.GDRE
  • Kryptik.GDRG
  • LockScreen.DC
  • ReverseShell.DA
  • ShellcodeRunner.HL
  • Trojan.Agent.Gen.BAF
  • Trojan.Agent.Gen.ZH
  • Trojan.Injector.Gen.GPE
  • Trojan.Kryptik.Gen.BXR
  • Trojan.Kryptik.Gen.BXS
  • Trojan.Kryptik.Gen.CAO
  • Trojan.Kryptik.Gen.COS
  • Trojan.Kryptik.Gen.P
  • Trojan.ShellcodeRunner.Gen.S

Files Modified

File Attributes
c:\windows\temp\~temp.tmp Generic Write,Read Attributes,Delete

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
Show More
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResetWriteWatch
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtSuspendThread

12 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...