Trojan.Bunitu.I
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 844 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 754 |
| First Seen: | December 16, 2022 |
| Last Seen: | April 2, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Bunitu.I |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
e12ebd2efb04a3021245bc0f257413b8
SHA1:
be034ad25e708fd521515c7fbf57a6b3f2550c0b
SHA256:
BF7ABC3B00241F1EF08D1CFBA262809D719CE3485CA26132F9CA21AEC3F45092
File Size:
8.44 MB, 8436154 bytes
|
|
MD5:
9fab94ebf133887e11ed7acea45ab598
SHA1:
e5419e54a89ce157220bf809e3d478991eae10fe
SHA256:
F57111E50A72E6B624CA6F804B6B0D669C63DA5F62AB16EAFCAC5E45EA58A59C
File Size:
5.74 MB, 5742612 bytes
|
|
MD5:
63b1deaac5975a76555b5c3c5836d21e
SHA1:
d1829884c06902d66d1dfa7da4bd08c319e7f100
SHA256:
FC0042DE2F96BE7DA413A5573640E36004D1454CB078ADD43B21519ABF129EA0
File Size:
8.60 MB, 8602685 bytes
|
|
MD5:
c622f2f053782fdba9960c0a20458e9f
SHA1:
559b24fac220e8f1bd86b8f49e0c94f718f085ae
SHA256:
ECE7D4FF01EBFC72503AFE0EA5A574C72F16F6E2AFED21E6180F2813AFB942DD
File Size:
6.11 MB, 6108180 bytes
|
|
MD5:
cad248a61d0912474e40a5c51ce3d9aa
SHA1:
a67f209d981f53e37cb6239b73a532b69543f187
SHA256:
577B60D446F4EB925F3BE7E67EBD266221A74709D0BFDF922E1B7E8C6D4ADC13
File Size:
936.19 KB, 936192 bytes
|
Show More
|
MD5:
3be76fbca361488f38bb1ec322d75d9d
SHA1:
a4100d8736eb89a69cd661044713d012dbdb697d
SHA256:
DBC46D751952C55D5A3420E7AAC94E0B4D05540442CB7CE6E568A6F70CD20BFA
File Size:
5.26 MB, 5263507 bytes
|
|
MD5:
afcf49e18f51a3f7d0d35782ae0c9e02
SHA1:
425b26bfcc4f7d14456c08f3f6f8f4bbb375e388
SHA256:
012309323EFC0606A73C98798713E805D1B5B5D4A5592B108215D2A1B79F6CAF
File Size:
941.18 KB, 941176 bytes
|
|
MD5:
4277682de48337d14904552913b987d2
SHA1:
16440508f56eba3c330f33638cc324cef2fdcdb3
SHA256:
8780C4BDD0C30B4DC5366FD0FFA58284E67D01843FE64D8D60DCD1CD7B2FC3F6
File Size:
9.42 MB, 9419380 bytes
|
|
MD5:
53bb667be2c99a8989e49996ddc3ee0c
SHA1:
e41e8ff64011205b54868e457cf816e546d471b0
SHA256:
2F76DD46DF8073745794C2965BD4C335DC3DA8109EED05026B044CEA3F79F9BB
File Size:
6.45 MB, 6445139 bytes
|
|
MD5:
ecc6b4116356b3d056dc6a60320ef05d
SHA1:
6a3d301e2a54608bb2451664f8ea2a95e65da978
SHA256:
4211C3D11E32AAAD95EC3E6F0C1D216EE5CDEF04479A58F0B4A6EE00910244DC
File Size:
1.91 MB, 1906688 bytes
|
|
MD5:
bd0a7acd07ca614364c256eb90b262d5
SHA1:
9cc44188630e860ee3700a1b0a50e0abd8fb836c
SHA256:
A73BCF8E1D3899D037D101A966050BD6049B8FDA6CD6E5A334895A75ADBB21D1
File Size:
4.99 MB, 4991368 bytes
|
|
MD5:
281254905df13f643c87eebbca4e60c3
SHA1:
67b2047e31aa0a54e10df77a763db7568abf1165
SHA256:
62AA82F0A7C9490D9106919F2235C57DD44E0E0CB6690163C6291539A7ABBE54
File Size:
6.32 MB, 6316531 bytes
|
|
MD5:
ebf256c7fb4b89d09bd3f3f850a210ec
SHA1:
85a047dd3f3d7dde2785f463114159e805ff075b
SHA256:
957A6C685FAF91574D2A95CDD540BE1F0D8D8B2DF3182D37FB41A49FE8861623
File Size:
620.76 KB, 620760 bytes
|
|
MD5:
372f8a6802848b02c6238617f45e6413
SHA1:
12bededb4a2575407d6cd8bb7b31658932c872a0
SHA256:
19E222A70FE4D1F5F6465E7E19CE00C4225C6D1D2987453E3C5BA0F8F94D37CD
File Size:
5.13 MB, 5132221 bytes
|
|
MD5:
2d7dcfa1cd83063b17aeb4e5d435b122
SHA1:
0de023905ea7721b3f52ccaeb0637563d49e0a63
SHA256:
0B48722DB565E1D7A3294D38C754ABC7ADC44EEEE3D324C4DC8AF8237784E79A
File Size:
6.63 MB, 6625820 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | This installation was built with Inno Setup. |
| Company Name | Akeo Consulting (http://akeo.ie) |
| File Description |
Show More
|
| File Version |
|
| Internal Name | Rufus |
| Legal Copyright |
|
| Legal Trademarks | http://www.gnu.org/copyleft/gpl.html |
| Original Filename | rufus.exe |
| Product Name |
Show More
|
| Product Version |
|
File Traits
- .UPX
- 00 section
- 2+ executable sections
- big overlay
- dll
- HighEntropy
- No Version Info
- packed
- upx
- UPX!
Show More
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- FakeAlert.X
- Kasperagent.A
- Trojan.Downloader.Gen.HP
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\is-26a76.tmp\be034ad25e708fd521515c7fbf57a6b3f2550c0b_0008436154.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5b12q.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5b12q.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5b12q.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5b12q.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5b12q.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5mfas.tmp\16440508f56eba3c330f33638cc324cef2fdcdb3_0009419380.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8489i.tmp\0de023905ea7721b3f52ccaeb0637563d49e0a63_0006625820.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8h1qj.tmp\9cc44188630e860ee3700a1b0a50e0abd8fb836c_0004991368.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9h7vc.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Show More
| c:\users\user\appdata\local\temp\is-9h7vc.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-9h7vc.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9h7vc.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9h7vc.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-c87sf.tmp\67b2047e31aa0a54e10df77a763db7568abf1165_0006316531.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-i87gk.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-i87gk.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-i87gk.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-i87gk.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-i87gk.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ig1ju.tmp\559b24fac220e8f1bd86b8f49e0c94f718f085ae_0006108180.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-j6brs.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-j6brs.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-j6brs.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-j6brs.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-j6brs.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-mh3lg.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-mh3lg.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-mh3lg.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-mh3lg.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-mh3lg.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-mom36.tmp\a4100d8736eb89a69cd661044713d012dbdb697d_0005263507.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ne8u0.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ne8u0.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ne8u0.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ne8u0.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ne8u0.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-nh2ls.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-nh2ls.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-nh2ls.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-nh2ls.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-nh2ls.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-q4r3k.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-q4r3k.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-q4r3k.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-q4r3k.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-q4r3k.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-q9lh8.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-q9lh8.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-q9lh8.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-q9lh8.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-q9lh8.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-qiutj.tmp\e5419e54a89ce157220bf809e3d478991eae10fe_0005742612.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-to2ip.tmp\d1829884c06902d66d1dfa7da4bd08c319e7f100_0008602685.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-u8l8n.tmp\e41e8ff64011205b54868e457cf816e546d471b0_0006445139.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ukori.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ukori.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ukori.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ukori.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ukori.tmp\isdone.dll | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| User Data Access |
|
| Anti Debug |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
"C:\Users\Owkbcaln\AppData\Local\Temp\is-26A76.tmp\be034ad25e708fd521515c7fbf57a6b3f2550c0b_0008436154.tmp" /SL5="$90270,7867702,140800,c:\users\user\downloads\be034ad25e708fd521515c7fbf57a6b3f2550c0b_0008436154"
|
"C:\Users\Ffikjqbm\AppData\Local\Temp\is-QIUTJ.tmp\e5419e54a89ce157220bf809e3d478991eae10fe_0005742612.tmp" /SL5="$A0198,5150804,140800,c:\users\user\downloads\e5419e54a89ce157220bf809e3d478991eae10fe_0005742612"
|
"C:\Users\Dfmseysd\AppData\Local\Temp\is-TO2IP.tmp\d1829884c06902d66d1dfa7da4bd08c319e7f100_0008602685.tmp" /SL5="$220720,8006033,140800,c:\users\user\downloads\d1829884c06902d66d1dfa7da4bd08c319e7f100_0008602685"
|
"C:\Users\Xtnulzet\AppData\Local\Temp\is-IG1JU.tmp\559b24fac220e8f1bd86b8f49e0c94f718f085ae_0006108180.tmp" /SL5="$17077E,5496350,140800,c:\users\user\downloads\559b24fac220e8f1bd86b8f49e0c94f718f085ae_0006108180"
|
"C:\Users\Yzvxqvfu\AppData\Local\Temp\is-MOM36.tmp\a4100d8736eb89a69cd661044713d012dbdb697d_0005263507.tmp" /SL5="$402E0,4646603,140800,c:\users\user\downloads\a4100d8736eb89a69cd661044713d012dbdb697d_0005263507"
|
Show More
"C:\Users\Xszyephx\AppData\Local\Temp\is-5MFAS.tmp\16440508f56eba3c330f33638cc324cef2fdcdb3_0009419380.tmp" /SL5="$30326,8811144,140800,c:\users\user\downloads\16440508f56eba3c330f33638cc324cef2fdcdb3_0009419380"
|
"C:\Users\Eldkeeii\AppData\Local\Temp\is-U8L8N.tmp\e41e8ff64011205b54868e457cf816e546d471b0_0006445139.tmp" /SL5="$40348,5830656,140800,c:\users\user\downloads\e41e8ff64011205b54868e457cf816e546d471b0_0006445139"
|
"C:\Users\Ylqqanjo\AppData\Local\Temp\is-8H1QJ.tmp\9cc44188630e860ee3700a1b0a50e0abd8fb836c_0004991368.tmp" /SL5="$1A0022,4373012,140800,c:\users\user\downloads\9cc44188630e860ee3700a1b0a50e0abd8fb836c_0004991368"
|
"C:\Users\Okoxduwm\AppData\Local\Temp\is-C87SF.tmp\67b2047e31aa0a54e10df77a763db7568abf1165_0006316531.tmp" /SL5="$3033A,5732797,140800,c:\users\user\downloads\67b2047e31aa0a54e10df77a763db7568abf1165_0006316531"
|
"C:\Users\Zvfiwmiu\AppData\Local\Temp\is-8489I.tmp\0de023905ea7721b3f52ccaeb0637563d49e0a63_0006625820.tmp" /SL5="$802B8,6015782,140800,c:\users\user\downloads\0de023905ea7721b3f52ccaeb0637563d49e0a63_0006625820"
|
