Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Darktima.A

Trojan.Darktima.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 26,100
Threat Level: 80 % (High)
Infected Computers: 1
First Seen: August 29, 2025
Last Seen: May 27, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Darktima.A
Signature status: No Signature

Known Samples

MD5: eec35e47a24f274bd04386f1bdabdffe
SHA1: 2e7af6983e83ab9479d2c9b245ac2f16683a9dc3
SHA256: 3BA8A562F78AF7776675F128F12777144FC3C73A471D8EFB1950728179BB72D9
File Size: 303.62 KB, 303616 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • CryptUnprotectData
  • HighEntropy
  • No CryptProtectData
  • No Version Info
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 354
Potentially Malicious Blocks: 117
Whitelisted Blocks: 237
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 0 0 x x 0 x 0 0 x x x 0 x 0 0 0 x x x x x x x x x x x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 x x x x x x x x 0 x x x x 0 0 0 x 0 x 0 x x 0 x x 0 x x x x x x x x 0 0 x x x x 0 x x 0 x 0 0 0 x x x x 0 x 0 0 0 0 0 x x x x 0 x x x x 0 x x x x x x x 0 x 0 x 0 0 0 x 0 0 x 0 x 0 x x x x 0 0 0 0 0 x 0 0 0 0 x x x x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 0 x x 0 x 0 x x x x x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\directory\cybergate\install\server.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\uesgftpb2.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::policies c:\directory\CyberGate\install\server.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer\run::policies c:\directory\CyberGate\install\server.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\active setup\installed components\{1t222tv8-060y-k558-xq6t-uuk6v0o53ti2}::stubpath c:\directory\CyberGate\install\server.exe Restart RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserName
Anti Debug
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • VirtualAllocEx
Process Shell Execute
  • CreateProcess
  • ShellExecute
Thread Create Remote
  • CreateRemoteThread

Shell Command Execution

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
open c:\directory\CyberGate\install\server.exe

Trending

Most Viewed

Loading...