Trojan.Downloader-Agent

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	8,058
Threat Level:	90 % (High)
Infected Computers:	3,554

First Seen:	July 24, 2009
Last Seen:	April 26, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
TrendMicro	TROJ_AGENT.UDE
Symantec	Packed.Generic.187
Sunbelt	Trojan-Downloader.Drv32
Sophos	Troj/Dloadr-BWK
Prevx1	High Risk Cloaked Malware
Panda	Adware/VirusRemover2008
NOD32	Win32/TrojanClicker.Agent.NEB
Microsoft	TrojanDownloader:Win32/Obvod.B
McAfee-GW-Edition	Trojan.Clicker.EQ
McAfee	Generic Downloader.z
Kaspersky	Trojan-Downloader.Win32.Agent.ajtr
K7AntiVirus	Trojan-Downloader.Win32.Agent
Ikarus	Trojan-Dropper.Agent
Fortinet	PossibleThreat
F-Secure	Trojan-Downloader:W32/Agent.HUQ

File System Details

Trojan.Downloader-Agent may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	project675.exe	a28b6cda3ffebe14ddc143726883a63b	8
Name: project675.exe MD5: a28b6cda3ffebe14ddc143726883a63b Size: 417.79 KB (417792 bytes) Detections: 8 Type: Executable File Path: c:\Users\<username>\desktop Group: Malware file Last Updated: December 18, 2019
2.	FunSpace.Update.Process.exe	68df2dd194db756ccf7ddf4e30c61e51	1
Name: FunSpace.Update.Process.exe MD5: 68df2dd194db756ccf7ddf4e30c61e51 Size: 483.89 KB (483896 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\FunSpace\VKMusicUpd Group: Malware file Last Updated: March 25, 2016
3.	U3L35MEA.exe	c2b64b4de7a7a337d50e9f332b276a0c	0
Name: U3L35MEA.exe MD5: c2b64b4de7a7a337d50e9f332b276a0c Size: 55.8 KB (55808 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
4.	ieaux.dll	d3dd4da48a70a021da92663b7d15cf66	0
Name: ieaux.dll MD5: d3dd4da48a70a021da92663b7d15cf66 Size: 183.64 KB (183648 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
5.	install_conga[1].exe	4338ea1110896eed2d5355f6ec3bf977	0
Name: install_conga[1].exe MD5: 4338ea1110896eed2d5355f6ec3bf977 Size: 36.86 KB (36864 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
6.	maindll.dll	6fd7896ae616a0ae52dd84c678944619	0
Name: maindll.dll MD5: 6fd7896ae616a0ae52dd84c678944619 Size: 143.36 KB (143360 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
7.	xd1_v115_241[1].exe	866a09db37cc2beec90053d033a9169f	0
Name: xd1_v115_241[1].exe MD5: 866a09db37cc2beec90053d033a9169f Size: 29.69 KB (29696 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
8.	ins21.exe, insD.exe, shopper[1].exe	d8f943de4c76dac5fda7877d4ec04b94	0
Name: ins21.exe, insD.exe, shopper[1].exe MD5: d8f943de4c76dac5fda7877d4ec04b94 Size: 622.61 KB (622613 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
9.	ins13.exe, ins27.exe, ins30.exe, ins37.exe, ins6.exe	88b401bb0ba7139e30ca28ae2568d1d6	0
Name: ins13.exe, ins27.exe, ins30.exe, ins37.exe, ins6.exe MD5: 88b401bb0ba7139e30ca28ae2568d1d6 Size: 921.65 KB (921651 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
10.	PuzzleDesktop.exe	9d9078307280a6945bef24a28d14b239	0
Name: PuzzleDesktop.exe MD5: 9d9078307280a6945bef24a28d14b239 Size: 81.92 KB (81920 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
11.	tmps.exe	9ad1bd3dfd3f2d31a2d6c388580b2af0	0
Name: tmps.exe MD5: 9ad1bd3dfd3f2d31a2d6c388580b2af0 Size: 365.12 KB (365128 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 11, 2014

More files

Registry Details

Trojan.Downloader-Agent may create the following registry entry or registry entries:

File name without path

free.exe

virus.bat

Analysis Report

General information

Family Name:	Trojan.Agent
Signature status:	No Signature

Known Samples

MD5: 034aeffe6d1b99d85c2471c1301ccc10

SHA1: 689ef15be29438e2b5c952e38006691e6df182ed

File Size: 3.17 MB, 3172985 bytes

MD5: 39105f8ac510efe7f5b7d6c67c2db0a7

SHA1: 52069a6f0f66c7f9192cba27899c728883f61eb7

File Size: 315.39 KB, 315392 bytes

MD5: a1bebca8b9618045a83ebf5f0dd25894

SHA1: 0bfd269195cbec4af7144009464410af04012bdf

File Size: 152.06 KB, 152064 bytes

MD5: 4e8bd96f56a7edc8e6e797ff1b2a8849

SHA1: 345bcf3ab1f384717a8829d07bfd45e96ba6c0c6

File Size: 712.70 KB, 712704 bytes

MD5: 79187c801cfeae8695908bda908ec6d2

SHA1: 4886e42d78068fdf0c81beffe41de0374d6cfee4

File Size: 3.17 MB, 3172985 bytes

MD5: 10eb5e49706f22a8deace0a2dbdc82c6

SHA1: 5b2f524fc0d7fe4fa7bf9d389ff2a8a6af51ac36

SHA256: 836AF134423747FED3A54E2F258D3C5165DDB010AEBE2DC88839988D1A733217

File Size: 259.07 KB, 259072 bytes

MD5: 982e02da0d1b4c14cf6514dfd6d8946c

SHA1: 79e005d1c8d12265766d41f989ad1c6b0175d3d1

SHA256: 51253A229E97D2BC8928021B690E5657937793E5A268B76CCA48E0AF7A0B4051

File Size: 4.32 MB, 4315648 bytes

MD5: 3fdd34dc0177d250c16ed3efdc807f0a

SHA1: f03ba3bc296375d6a7bf07fbdf37437d1bfa2e22

SHA256: A42F8140A82D6741B3A3D15A6215853AFA94E8FE8EEA27F7A134B0D00B934B5F

File Size: 5.46 MB, 5456384 bytes

MD5: df2e6b2e6960520c0f482741c79dc24a

SHA1: cb26843852dda20f03ab4998b6683f55ae2d3608

SHA256: 40AFEC8B1433B13EF1EF83579EAA332FAD5E1374319A68AF6DF7701E35397CBE

File Size: 5.43 MB, 5430784 bytes

MD5: e215575c3fee36bb0121f4db50257d7a

SHA1: 4423aacfad4fc1118c12cd66bf68aa4f236aa8a8

SHA256: 65E05A9375A7B380FB7D5015B473644EC879F418CAADE97F1808CBE6070D8EC6

File Size: 7.26 MB, 7264256 bytes

MD5: 400bd063c90795b3c746f56b20811552

SHA1: 1cf446bc8a5c1e1d06faeaedb7fe60f979ef8601

SHA256: FE45293CD5AE73720D20505E1706FF1E3A76A698CF9B5CC7F5319F27D888493A

File Size: 1.78 MB, 1782504 bytes

MD5: 91dfe7793d1ea3dea55f08435c4ea846

SHA1: 5bdb172a4954382270f8f028d02ce99e9f12c833

SHA256: 76320C125F0750F787868F351897BCE1F753FE7270D5361843CADCCD8419D71B

File Size: 84.48 KB, 84480 bytes

MD5: 80fbe78de0b2daca2c7d7713042c0647

SHA1: 0a28918f32111ab71bb3f37388d407056a54e6c7

SHA256: DEA17A69E716E42799EC824BD42D3C3438B76799792DD7AF92B82A10CD0BA972

File Size: 316.93 KB, 316928 bytes

MD5: 5ad3e10228e5e93cd23570ec095af782

SHA1: 36b07cc3f35c7250bfe20502a5825c16f399d30f

SHA256: 10CB893D05979F366FF7B5AB24D5882DD80998E1DA41226D1E171D4063935160

File Size: 9.64 MB, 9639936 bytes

MD5: ec3812058142c9ed90d7d86210d3a23d

SHA1: 61b90de3b1ecf016970ff127447087e7d6f10883

SHA256: F117BB2021A0D1B09ADB5CCA0788B41E5AFD9363B6A68255290721B89A862FA0

File Size: 3.56 MB, 3555840 bytes

MD5: 122b4555cb9cf6917f1878f66be1bd1c

SHA1: 8eaa3067768715e232067198fd96678f3641f476

SHA256: 83B17F02ED2989FD12F444F530903B12453BC39AB2056EFA501F1A6A21FC5ACE

File Size: 2.66 MB, 2657792 bytes

MD5: 5292c9e907ceb342aaefc84cea79bc17

SHA1: f37cedcb79a96452eefa5f1f4d147f1175c848de

SHA256: DBA129AFAFB0DC6FDBB679ACDDEA6913F6C634382181D492BB935A20FE41F0C8

File Size: 7.09 MB, 7089664 bytes

MD5: 540b2fe3233595acbb78b3727c44060c

SHA1: cd526ab1a8cac6534a246050d8dd777b01a88e44

SHA256: C485B5579657FF04723C13B5FEC610C64B232A0BEA58CCBF762235FE92104B6D

File Size: 6.16 MB, 6159650 bytes

MD5: aa63d45a59a56b52de7800435fdcd7c3

SHA1: 0f267739f02e29f12b1c4330cc8aebc229c8ed7c

SHA256: 2E74DD8170DA84126E8DFE0518DBF93BF885B749FCBBD4B082708C00CA6451C2

File Size: 5.81 MB, 5805056 bytes

MD5: 9feaebe9322d145f48db773922e1f13a

SHA1: 1d430da4ec12e9ca600297bcf96ae8ed83a6db63

SHA256: 530C43415B1051D4F78F42A78794D77CD1CF1396241C4483AA9F76A103E94121

File Size: 592.84 KB, 592840 bytes

MD5: 0fac71281a99eac04ff5a194e5eaa3bb

SHA1: 8bb11de30d5554f97cdb4b933eb0d9ddba01babf

SHA256: 0280C4EEBA7439BDCF880F013F7FE997CFAB2F0FC88D2C53BAE5DE097268ACF9

File Size: 3.17 MB, 3172985 bytes

MD5: 2a95bf1e1419bd4919291d32f7b4739e

SHA1: 25c7f86f6493491525428562b67480cb10ec6dbc

SHA256: 0BE31AAB41FB1740B176811377EEB2E59809C7A1D332F7F4C465BF7E9DAF406A

File Size: 9.28 MB, 9280512 bytes

MD5: 308c0dbf3bd27e1c9921c8d96811254b

SHA1: db536bf9ce28cb79c9635bd0e6e5cf1ac893a4b7

SHA256: B77B70F40D79362E0BE63822F3E7CFE36C645F884F0BB3A9FD4DB3BB2814D63F

File Size: 9.29 MB, 9293824 bytes

MD5: 663b423b5a1c8a4c4150a74c9676b486

SHA1: 430054e3e36424ea887a1d8af132f13d8e47c691

SHA256: FE854FFDE15094F31E014EC3EB93927D225D20A883D7904B02EDB2F4715BFC63

File Size: 1.08 MB, 1075712 bytes

MD5: 77ee84119fef893309aef2f157d9789c

SHA1: 72223e8d13eb9454937b92c7278c4d24baf34265

SHA256: A403109D774D94558BB54E75E17AA1597508C4AB79146959EDF772DEC6E9AAA8

File Size: 2.07 MB, 2068817 bytes

MD5: 2332a0042ad102248c279188ebd1d3e8

SHA1: 5f377fc164f033f1473b722f105a368f65aa1572

SHA256: 393DA7D18014A72BB26910EE6405496791B3120FB59938BE4AE6A99F039583AF

File Size: 5.57 MB, 5565952 bytes

MD5: caa990217afc5d7209fe3b38f0d42ca2

SHA1: 5518a09e6a9f5cd8005142191115bf3ae6747d52

SHA256: 94A6858FDA6E05E14155C2B853044EACD4CF486535834241123815975879459E

File Size: 1.96 MB, 1964032 bytes

MD5: d97fb3328da5d17b296eb97aff2362a0

SHA1: 9bca9d54cd4a898c044a8c8731ac5ea2bef7365c

SHA256: 7C907DE722EC80907F26E22DFA0FC8CDEDA170C4B557CA1BB08AF6DCF738FB96

File Size: 7.82 MB, 7818752 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	9.0.0.0 3.3.0.0 1.1.12.6 1.0.0.0 0.0.0.0
Comments	C#-Mnemonic ver.9.0.0 pre-release Control Panel for KetcauSoft' Application http://www.autoitscript.com/autoit3/ Launcher & Patcher This installation was built with Inno Setup.
Company Name	Audi AG ETH ticker Ethereum ticker GENERATION NT LTPTeam Microsoft NL-X The Classic PW - Genesis The Classic PW - Mar em Fúria TML Weapons of War New Generation Inc. Show More WEFLY Structure JSC www.kreo-tech.com XopMC Youxiland Co. Ltd.
File Description	C#-Mnemonic-hash160 Client Login Program Enigma Encryptor ETH ticker Ethereum ticker 1.0.0.0 GESTION DE POLYCLINIQUE Isaeva KCS Inside Laptop Battery Analyzer Macro X Evolution MuUpdater Show More NL-X pwprotector SD Creator Setup/Uninstall UNDERTALE Engine Weapons of War New Generation
File Version	51.1052.0.0 9.0.0 3.3.0.0 1.11W 1.4.0.0 1.1.12.6 1.0.0.0 1, 0, 0, 1 0.1.0.3 0.0.0.0
Internal Name	C#-Mnemonic-hash160.dll Isaeva.exe KCS Inside.exe Login.dat ModisEvolution.exe MuUpdater.exe NL-X.dll NLBA_LaptopBatteryAnalyzer.exe NL Hybrid.dll pwprotector.exe Show More SdUpdater2.exe setup WoWNewGen.exe
Legal Copyright	2018~2021 TML 2024 (c) ETH ticker Ethereum ticker Copyright (C) 2004 Youxiland Co. Ltd. All rights reserved. Copyright KetcauSoft © 2012 Copyright © 2015-2022 AUDI AG Copyright © 2020 Copyright © 2022 Instant, Inc. Copyright © 2023 Copyright © 2026 Copyright © 2026 Weapons of War New Generation. Show More Copyright © GENERATION NT 2008 Copyright © LTPTeam 2016 Copyright © Microsoft 2015 Diego Román t.me/brythbit by @XopMC
Legal Trademarks	KetcauSoft
Original Filename	C#-Mnemonic-hash160.dll Isaeva.exe KCS Inside.exe Login.dat ModisEvolution.exe monitor_prog.exe MuUpdater.exe NL-X.dll NLBA_LaptopBatteryAnalyzer.exe NL Hybrid.dll Show More pwprotector.exe SdUpdater2.exe setup-win32-bundle.exe WoWNewGen.exe
Private Build	01.00.00.00
Product Name	C#-Mnemonic-hash160 Client Login Program ETH ticker Ethereum ticker 1.0.0.0 GntMedDocteur Isaeva KCS Inside 2024 Laptop Battery Analyzer Launcher & Auto Update Macro X Evolution monitor_prog Show More MuUpdater NL-X pwprotector SD-Creator The Classic PW - Genesis The Classic PW - Mar em Fúria UNDERTALE Engine
Product Version	44 36 31 9.0.0 3.3.12.0 3.3.0.0 1.11W 1.1.12.6 1.0.0.0 1.0.0 Show More 1.0 1, 0, 0, 1 0.1.0.3 0.0.0.0
Version	1.11W
W D Version	27.0

File Traits

.NET
00 section
2+ executable sections
Agile.net
big overlay
CAB (In Overlay)
Confuser
Fody
GenKrypt
HighEntropy

Inno
InnoSetup Installer
Installer Manifest
Installer Version
NewLateBinding
No Version Info
ntdll
Reactor
Reflective
RijndaelManaged
VirtualQueryEx
Wix
WixToolset Installer
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	733
Potentially Malicious Blocks:	2
Whitelisted Blocks:	620
Unknown Blocks:	111

Visual Map

0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 0 ? ? ? ? ? ? 0 ? 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 ? 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 1 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Autoit
BadJoke.FH
DialupPass.A
Emotet.CDD
Injector.AK

Lumma.GFD
MSIL.Agent.GDE
MSIL.Agent.OAAR
MSIL.BadJoke.XF
MSIL.BlackGuardStealer.A
MSIL.Brute.BGF
MSIL.Brute.GFA
MSIL.DllInject.LE
MSIL.Filecoder.GG
MSIL.Gamehack.JS
MSIL.Heracles.IP
MSIL.Injector.FSA
MSIL.Tedy.F
MSIL.Tedy.NN
Remcos.AI
Rugmi.IA
Sheloader.A
Sheloader.C
Stealer.KF
Zenpak.C

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\972ae312b9b3458a8bb8df383a9fb2b1\webview2loader.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\a634fbb351864c07b1d9d3e2e2924438\webview2loader.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut7702.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-gde6n.tmp\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lroid.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\temp0.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\temp1.jar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~dffa55f81611a658c1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vmlgywd.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vmlgywd.jpg	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\94\shell::sniffedfoldertype	Downloads	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\pc soft\windev\27.0\appli\36b07cc3f35c7250bfe20502a5825c16f399d30f_0009639936::last_framework	270103j	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	143.0.3650.96	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext Show More ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetContextThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx 20 additional items are not displayed above.
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Network Winsock2	WSASend WSASocket WSAStartup
Network Winsock	connect gethostbyname inet_addr
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecute
Keyboard Access	GetAsyncKeyState GetKeyState

Shell Command Execution


							"C:\Users\Nztewlcq\AppData\Local\Temp\is-GDE6N.tmp\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650.tmp" /SL5="$60302,5666415,214528,c:\users\user\downloads\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650"


							jview.exe  /cp:p "C:\Users\Hxejqwsr\AppData\Local\Temp\temp0.jar


							open http://www.java.com


							"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.java.com/

Trojan.Downloader-Agent

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed