Threat Database Trojans Trojan.Agent.XGA

Trojan.Agent.XGA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.XGA
Signature status: Root Not Trusted

Known Samples

MD5: 1f53fe19b6a43fb8ea96979be015a63b
SHA1: f17bba908e45eeb512a080ce40f701619dcc1199
SHA256: 4CCBFFD4B19335AA26311EB114A4ADCA9C957ABEA9DF614082283C48A8B77CCD
File Size: 5.46 MB, 5460032 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
nimax GmbH. GlobalSign Root CA Root Not Trusted
nimax GmbH. GlobalSign Root CA Root Not Trusted

File Traits

  • HighEntropy
  • No Version Info
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqa4e7.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqa4e7.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqa4e7.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqa4e7.tmp\system.dll Generic Write,Read Attributes

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...