Trojan.Agent.XYB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	6,002
Threat Level:	80 % (High)
Infected Computers:	40

First Seen:	July 31, 2024
Last Seen:	April 23, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.XYB
Signature status:	Self Signed

Known Samples

MD5: 734180c91b9561d1ff75c3b0633d06af

SHA1: cf7a1d069fcb03397b63a2495fe457d874b5733b

SHA256: 3D9C9BE6EBF52A46FE919CDBFDBA0562E7D7591956C0D92482E8679EA439929D

File Size: 1.47 MB, 1473664 bytes

MD5: 65c90be7eafd1deb2568cd5e663850eb

SHA1: 7568b4fcd4588395801d0fe289e7b53f7cdbc62b

SHA256: 29ACD740A10B820DA199346A5FE627E7B48D405F10B54AB2F40C32797B14D044

File Size: 1.76 MB, 1756800 bytes

MD5: 9bb79bd6a4d571c6cf60202734a4ed5c

SHA1: 2587dec2635c09eccdb828107c5bf1b0ded26029

SHA256: 75F294E0F30D627257D964C26E7D256D9C967E11269AD8884FC6D4BB2AFC3CA6

File Size: 1.50 MB, 1497216 bytes

MD5: 6d2c4db91199137ba051b57e3de511ea

SHA1: 3fab4599ad7b796eed68346bfc4e685d0e2e4023

SHA256: C6B767B0E95FB5D5EA8B7BB84F4634A7ADE3D3ED2D11807410CE8C53773668D5

File Size: 1.45 MB, 1454208 bytes

MD5: 0575625c014de4aaaaabe9dc0100b570

SHA1: 0d80d3e0769201fa69b1281e319653862b0fcad1

SHA256: 13864890AB8482916D1C23AD7296DA3EF994315D65B32BFE59F88A48911D9410

File Size: 1.45 MB, 1454224 bytes

MD5: ed99cbf64eadf1c0bf8dccc067c05845

SHA1: 84244860efa406b5572129fc7f83252563d8a8cd

SHA256: 531C8F761F5CD979771AB2500E98263BDB2D5343DC5C0F37E2A50A7CF3C68218

File Size: 1.81 MB, 1809536 bytes

MD5: 7c13461d9e4fdc40ea7c96f55b62e624

SHA1: 7fd2e0afab897838d9c888d38c953ca176636eb0

SHA256: C4A196422A7C6695A934CE5AB90DB47BDEECF8432ABB441804558E95D7A9405D

File Size: 1.47 MB, 1473168 bytes

MD5: ee26e7600ce533c9358b9943b050223a

SHA1: 031ad97f0c0ba9d539582cf9658c8aac8bf37175

SHA256: 2B96406E6BB25E1DDDFF516C7F74875ABE78A2F3CBF8CF912B867F43F0B63E19

File Size: 1.44 MB, 1441936 bytes

MD5: 0d7164a3607f42ec5fd3d368e4f39485

SHA1: 1487180f1028b5bdaa423570ff2c3c43b4e96460

SHA256: 3A1E02D5B59FF2704ED16EC42863C25E3D67C5B0174E6FC8FB839ED41545F6C6

File Size: 1.48 MB, 1483408 bytes

MD5: 4b47f7fb3cd739352c4d11580594b3dd

SHA1: 4568b5bf229f1e57e2bd3b5a75b2ca1ee3ae98a8

SHA256: 86DD50A8D7CDA729AC77028FAAE5CDF39DB89B45B9DED86EFB19F3B41C34A7D7

File Size: 1.53 MB, 1527952 bytes

MD5: 92a0b85195eb236166f80f21f1a9f614

SHA1: 472c048df7fbea840fdda2448df787ba59609890

SHA256: 92BC9AD211C8AD1A53BB7638E3743B9E7AC039345F1C392FAD735A3E6BA6041C

File Size: 1.45 MB, 1448080 bytes

MD5: 21420e366495d7123a8662bc33075a7e

SHA1: e522efa6fc9bdcacf2a76bacb1461b0575a2474b

SHA256: 3DDAF4317D5A9C76AA579409BE024F28B932ABF1F3DAE147477609E1D7869981

File Size: 1.50 MB, 1497216 bytes

MD5: 5add63743c5abc1c342a1363dd5e35d6

SHA1: 3dc6b82744134685e88d58f22425a37e88d7a2ae

SHA256: 77C2A3FC36641C8D19B75A6E91C45032733ADE848553E19C9E41FB4FCD1B7044

File Size: 1.41 MB, 1407104 bytes

MD5: 3bc777f801038f22c62acc33d2e301f5

SHA1: bfbb3fc90fbb028717c878d9873d1207015985de

SHA256: CCFE41FB44E7DEC0A6F393D5510DF128607B6A16A1D54AD9478D1E4A1203BE8E

File Size: 1.43 MB, 1433736 bytes

MD5: 39b3fc50befb0bece748f2a4943b1487

SHA1: 3387cf6ab9c3992b7d9c0040504981fc6dedb0c0

SHA256: 76725DDD473D52D44B5909DB6435B7610CAF6A0255EA738E5A427BA549F3619C

File Size: 1.73 MB, 1727624 bytes

MD5: b7e328f9ad70a5a56cc2c12c33dd9e2b

SHA1: 035fca4b01912a6ba171fdeee2995b3ffd73f8ba

SHA256: 25DF81BAF5757C548006F2936631D95ADBB3FE2E20831415A526E2A8A2B35CA7

File Size: 1.55 MB, 1546240 bytes

MD5: a626a1bd568a3a04fa289df7887e106e

SHA1: 460c7c23ffdfa3c003099f3c339619f6fafed6d6

SHA256: 4C1B5915E9740B25C6270A63ED3163501A1C88B9C558C1EBDC70AA361E27D6CC

File Size: 1.95 MB, 1952968 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
*.bleacherreport.com	*.bleacherreport.com	Self Signed
1575d9b8.sni.cloudflaressl.com	1575d9b8.sni.cloudflaressl.com	Self Signed
postman.com	postman.com	Self Signed
softportal.com	softportal.com	Self Signed
thesaurus.com	thesaurus.com	Self Signed

www.dress.com	www.dress.com	Self Signed
www.glass.com	www.glass.com	Self Signed
www.gulliver.com	www.gulliver.com	Self Signed

File Traits

golang
HighEntropy
No Version Info
x86

Block Information

Total Blocks:	874
Potentially Malicious Blocks:	2
Whitelisted Blocks:	872
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.OSA
Agent.OSH
Agent.OSK
Agent.XYB
ClipBanker.DRA

ClipBanker.PDB

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.XYB

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.WaveMax Sound Editor

Trojan.Kryptik.JUD

Trojan.Agent.MBD

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen