Trojan.Agent.ZFKC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	15,910
Threat Level:	80 % (High)
Infected Computers:	10

First Seen:	October 17, 2024
Last Seen:	February 18, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.ZFKC
Signature status:	No Signature

Known Samples

MD5: 3935198fba8bb07313585e51f31e0f5b

SHA1: b07e4d1cef7e10356b18f1017c1fae660e58bf1d

SHA256: 2BAF567320DCE5990E44052D667E7D29E1AE2448BEFB1A0E8E27901A9EF90477

File Size: 3.65 MB, 3651072 bytes

MD5: ca0fadeee8f93d0967b654381fa8db0c

SHA1: 7c6ecdff711416dca2139bf759f4b31e9d4d8119

SHA256: DD1A84FFB328C6CD6FC2DAB042905A3A38D5CD158EB6A2B6E15996E7076FF58B

File Size: 3.09 MB, 3088384 bytes

MD5: 8e7247e2113edd6eda0ecdb76b27fade

SHA1: 395eac0078ea9583e761e8ae4c4a389f177b0e5e

SHA256: BDC3E5B0B4C486B50923D1112E826D05AA601E9410D68F4F26220AA5C377B740

File Size: 2.61 MB, 2613248 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File has TLS information
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

2+ executable sections
CryptUnprotectData
GetConsoleWindow
HighEntropy
imgui
No Version Info
ntdll
WriteProcessMemory
x64

Block Information

Total Blocks:	6,023
Potentially Malicious Blocks:	232
Whitelisted Blocks:	5,538
Unknown Blocks:	253

Visual Map

? ? ? x ? ? 0 0 0 0 0 0 x x 0 ? x 0 x 0 0 0 x x 0 x x x x 0 x 0 x x x 0 x ? x x 0 0 x ? x ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? x ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 x x 0 ? 0 x ? ? 0 x 0 ? x x ? ? 0 ? ? ? 0 ? 0 x ? 0 0 0 x 0 ? x ? 0 x 0 0 0 ? 0 0 0 0 ? ? x 0 x x 0 x 0 x 0 x 0 ? 0 0 0 x ? x 0 ? ? ? 0 x ? 0 ? 1 0 ? ? 0 ? 0 ? 0 ? 0 0 0 x ? 0 0 0 0 0 ? 0 ? x 0 0 0 0 x 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 x 0 0 ? x x 0 0 x 0 ? ? x 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 ? ? ? x ? x x x x 0 0 x 0 x x 0 0 x ? 0 0 ? x ? 0 0 0 ? 0 x 0 x 0 0 x 0 0 x x x 0 0 ? ? 0 0 0 ? ? ? 0 0 0 0 ? ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? x ? ? ? x 0 ? ? 0 ? 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? 0 ? x ? ? 0 ? 0 ? ? ? ? ? 0 ? x ? 0 0 x ? x ? x 0 0 0 0 x ? x 0 ? x ? ? x 0 x 0 0 0 0 ? ? 0 ? 0 0 0 0 0 x 0 x 0 x x 0 ? ? 0 x 0 ? ? ? 0 ? ? ? ? x x x ? 0 ? ? x 0 0 ? ? ? ? ? ? 0 x x ? x 0 ? 0 x 0 x x x x 0 x 0 x 0 0 0 0 0 0 0 0 x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? x ? 0 0 0 0 x x x ? ? ? 0 0 ? ? 0 0 0 ? ? x x 0 0 0 0 0 ? 0 x ? ? x x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? x 0 ? x 0 0 0 0 0 x x 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? 0 0 ? 0 0 0 0 x 0 0 0 x 0 x x 0 x 0 0 0 ? 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 x ? x 0 ? x 0 0 0 ? 0 0 0 0 ? ? 0 x x x 0 0 0 0 0 0 0 ? 0 ? ? 0 x ? ? 0 0 x 0 x x ? 0 ? 0 0 0 0 0 0 x 0 x x 0 x x ? ? 0 ? ? 0 x ? 0 0 0 0 ? x 0 0 0 0 0 0 0 x 0 0 0 0 ? 0 0 0 x 0 x 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x ? ? ? 0 x ? 1 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 ? 0 x 0 ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

CsgoInjector.FB
CsgoInjector.GH
Gamehack.CAA

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䮼潲ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쐒䯔潲ǜ	RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.ZFKC

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Hacktool.Autoclicker.PB

Trojan.Agent.GYG

Trojan.Tasker.EA

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen