Trojan.Agent.XVJ
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.XVJ |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
2e02e88a20efc945076d477404e5198e
SHA1:
d83aebf94b5d5164b13f1aa93553af0574158b50
SHA256:
637DB6012BD9CFD3862C905C21C2DCD8292BA262F775FE030F7562F45BD02888
File Size:
174.08 KB, 174080 bytes
|
|
MD5:
08c0f0b0fb7667dd9c66332131cb6035
SHA1:
605781f780a98b091e3479f3d3653cbff588d03e
SHA256:
98E98D6BADF3F015FFEDDBB1271E3CB033108195E6225CD9D0D5E9FFF5AF3086
File Size:
157.70 KB, 157696 bytes
|
|
MD5:
94bc4f8da510176ce767956e596dba9a
SHA1:
b032b4c83fe56bd655a7f6cbf37a84af5e0ed9c8
SHA256:
6F15BB2D97ED1B57FF776E5690C30CEAFFA1FBFF33827B64812D321F7AE567FD
File Size:
160.77 KB, 160768 bytes
|
|
MD5:
1967225db8d02151238ea8ce130a7c61
SHA1:
d742f41f4079b8ea0d25eb7ebd76c532052afd32
SHA256:
53E8715272957C3C72D079088691BC6149DBDABC7B923BCD41B13A7EDBC6F086
File Size:
197.63 KB, 197632 bytes
|
|
MD5:
bcf53bd5a02a5a9b3dd65d66d55491e8
SHA1:
98e17388f7984161abb750222dd6feedbd4a7108
SHA256:
F25C7D4C8FDD3D92AFC13AF404E0178B99326303FA10CADA24EEA8693DD36AE3
File Size:
320.00 KB, 320000 bytes
|
Show More
|
MD5:
f16395e5da254e14c45e54afb0f81313
SHA1:
7f10904e1a8798d42f0638a3872a2a0213bfec61
SHA256:
0A560B651255651E75D8753D3835BAE0C1334125E2DADA42271E89DD256D069C
File Size:
213.50 KB, 213504 bytes
|
|
MD5:
4229835cd256ec809faef1ca50db8ed9
SHA1:
7b19ec8ecddbc73cc793060f7d0c9c3c655f28d2
SHA256:
3A9C68EE35E37A967634104CE67240A6A5BED43CBB7A48659B005C184E2E284F
File Size:
201.73 KB, 201728 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- HighEntropy
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 27 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 1 |
| Unknown Blocks: | 25 |
Visual Map
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.XVJ
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
