Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Downloader.Agent.AG

Trojan.Downloader.Agent.AG

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 8,484
Threat Level: 80 % (High)
Infected Computers: 55
First Seen: September 15, 2021
Last Seen: April 10, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Downloader.Agent.AG
Signature status: No Signature

Known Samples

MD5: 278cf09fb1c424c9c29758f90751090b
SHA1: 94f7c7d5590471705068428e766b7b2e82fae90f
File Size: 948.74 KB, 948736 bytes
MD5: da867009d2030d87a6614c2a2a085d19
SHA1: 43cf91443837af87d0769f274639dd7d2ee39987
File Size: 4.75 MB, 4752832 bytes
MD5: 39fae91e8d2886857d6ed1b4f0e65080
SHA1: 18f81a5c822700e180198291d149313b9eecce48
SHA256: E03CC659CFE024629D01C4E99E375CD191753FBDF751BCDA2FC8E32D9E1AEAF5
File Size: 2.23 MB, 2228224 bytes
MD5: 3f959b4b33ad648c11efcdff5fb16ea9
SHA1: c52c004901d05fe65abc7b433340718b5458b744
SHA256: 6F27761C203E13F5295F4DE795F1672631A7EE10DD288894FF6117B58DAE8BDE
File Size: 4.55 MB, 4546560 bytes
MD5: abb80f2c3d091c914ebfa3f5421856c1
SHA1: 1566401488fd4431f06cee2089c674bb555d8982
SHA256: 175A72265ECEA39E5C6A42181ACA59A435879AF70C0F248F2243890BF0E07C0C
File Size: 360.96 KB, 360960 bytes
Show More
MD5: 3db2fdd35f0e3d38941386021f746bd1
SHA1: cd8b9240e0136c0f1217f7f1b1d3c61f675ad6a9
SHA256: A751EDE47226609BFD4F704FA34A4B62E9D7230D2A38C17732964E796BA09291
File Size: 2.89 MB, 2889216 bytes
MD5: 0cff620a2f4232f4fdb2dfabd22c1ce6
SHA1: 6edff7e00ddbb60fef4e3a9859dca9e41db2d27f
SHA256: 832E91B997B4DE2F4EFCF55E1836F9E8E5779BDD601B75E8E6886B7A5A29D704
File Size: 2.25 MB, 2253824 bytes
MD5: bdaa1e1f6719ad0724e70bd97ae36b36
SHA1: 303dc2fc26a61a3315f056897f3355ad4fa9edc8
SHA256: EA988C06DB3FD241C0BB30AFC727BB6DC8DBB38584DDEFD56CF3D1CA7B96DC1E
File Size: 1.74 MB, 1742336 bytes
MD5: e99af92d86f15adcf39000a1617b17b5
SHA1: 089fdfd2e153a3eb71d87f9c2ef7ac8aa122af60
SHA256: 54A7318EDD7B69B58C581E6E7D68C0602CCC06CC8D651DD19D269E6D2E9E5593
File Size: 843.26 KB, 843264 bytes
MD5: bf66cd39e37630d7dae52b323c82a5c3
SHA1: dd0a73a9e200b1f4b55446065145c61286d70522
SHA256: B3E36B89378D11A382FF320C54AFB41DB4E6209452A4C8635F036DA1A79AFBA6
File Size: 2.22 MB, 2224128 bytes
MD5: 90b25a7465902d8f902be52c9fd33563
SHA1: 60c7341f9054c1af844286f6d9ae1cda2847713e
SHA256: CD46AFEB8D1898D496D47E2BD3144933C0E97E871FBE5420B57B6A41C1C3240D
File Size: 9.14 MB, 9139712 bytes
MD5: 83c7651e8764bf189b55c37e679f46f7
SHA1: 3f99c4381bba0539053b158331d9703e4af3be8d
SHA256: DA2B26C0CC4459399C520797809B12DBD54C85A4423E3AFB3AD7CE23B5831429
File Size: 3.70 MB, 3702784 bytes
MD5: 791581c2528339ece44e5baa34617dce
SHA1: a0a51e8fa62ef4cf7e667bc133c063cd71c25a56
SHA256: 0C037128F669DF5E0C4B321994AB900208450B027A14F3FD0AFEF142ED80C7C9
File Size: 4.14 MB, 4135424 bytes
MD5: a3ae2af5ff39d88034856be389578414
SHA1: fee1525c562fed9815083ab92cd46fa341b45a63
SHA256: E0E0B538DABB35627413FFBDE36408E43E3E7823510F2E6EBC083ABCFEE28CEF
File Size: 3.95 MB, 3949568 bytes
MD5: cf7047066ccceb32f687f1a91cd4a4cf
SHA1: d8e00f7a4bd7a768df09c5b2d9965f6e919fab08
SHA256: D2525ECE6856E69DCC8A4A56CC01181011E2294D973BE2FB2D068F20C3AEA374
File Size: 36.35 KB, 36352 bytes
MD5: 96d148b916b709311fbcf66f9541ca22
SHA1: 7584771fd4e90466936ce52790441afcc06b1f4c
SHA256: 9FBC872C9FB4C642DB48D623B153730DABDC26961A7D2DDAC7011238CCD54868
File Size: 1.90 MB, 1903104 bytes
MD5: cb2dba006f3d1ef3b8439d3174637244
SHA1: 0f092030400de64a5fdf155523a7f2aae7a024f6
SHA256: FC4E536F0C783FEDD1C739A2DE8D53C7C9CD359C9A6D870FDED71318F1F53046
File Size: 1.70 MB, 1702400 bytes
MD5: c702e49f3c6494347a477aa23d6e7e0e
SHA1: e0b6a35871cf0e1a736fcfed3d9de91c1fb59ba2
SHA256: DA841538EDF6647BD7D3668B84278FD3FD8E1A0E412A0D7265B21CE5F7275258
File Size: 1.75 MB, 1745408 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 32.0.0.0
  • 2.6.0.0
  • 1.0.0.0
Comments
  • BENX PREMIUAM
  • FX BYPASS
  • OUSSAMA
Company Name
  • AotForms
  • BENX XITERS
  • Client
  • Extasy
  • FX BYPASS
  • https://dsc.gg/kernelos
  • OUSSAMA
  • Razer
  • ST Injector
  • UIDBypass
Show More
  • ​​b
File Description
  • aaaaaaaaaa
  • AotForms
  • BENX PREMIUAM
  • CHEAT OUSSAMA
  • Client
  • Extasy
  • FX BYPASS
  • IMMORTAL FREE
  • IMMORTALITY
  • iph
Show More
  • NewSpoofer
  • Spiidxp
  • ST Injector
  • UIDBypass
  • Valex
  • ​​b
File Version
  • 32.0.0.0
  • 2.6.0.0
  • 1.0.0.0
Internal Name
  • aaaaaaaaaa.exe
  • AotForms.dll
  • Client.dll
  • CRACK CHEAT OUSSAMA.exe
  • Extasy.dll
  • FX PROXY BYPASS.exe
  • IMMORTAL FREE.exe
  • IMMORTALITY.exe
  • iph.exe
  • NewSpoofer.exe
Show More
  • PANEL DLL EXTERNAL.exe
  • Spiidxp.exe
  • ST Injector.dll
  • UIDBypass.dll
  • Valex.exe
  • ​​b.dll
Legal Copyright
  • Copyright © 2024
  • Copyright © 2025
  • Copyright © 2025 BY MR.Saydul
  • Copyright © 2026
  • Copyright © https://dsc.gg/kernelos 2024
  • Copyright © Razer 2025
Legal Trademarks
  • BENX PREMIUAM
  • FX BYPASS
  • OUSSAMA
Original Filename
  • aaaaaaaaaa.exe
  • AotForms.dll
  • Client.dll
  • CRACK CHEAT OUSSAMA.exe
  • Extasy.dll
  • FX PROXY BYPASS.exe
  • IMMORTAL FREE.exe
  • IMMORTALITY.exe
  • iph.exe
  • NewSpoofer.exe
Show More
  • PANEL DLL EXTERNAL.exe
  • Spiidxp.exe
  • ST Injector.dll
  • UIDBypass.dll
  • Valex.exe
  • ​​b.dll
Product Name
  • aaaaaaaaaa
  • AotForms
  • BENX PREMIUAM
  • Client
  • Extasy
  • FX BYPASS
  • IMMORTAL FREE
  • IMMORTALITY
  • iph
  • NewSpoofer
Show More
  • OUSSAMA
  • Spiidxp
  • ST Injector
  • UIDBypass
  • Valex
  • ​​b
Product Version
  • 32.0.0.0
  • 2.6.0+913c49e0fb3c66b1ea4ff1b99aaf39a551a211f4
  • 1.0.0.0
  • 1.0.0

File Traits

  • .NET
  • Agile.net
  • CreateThread
  • dll
  • Fody
  • HighEntropy
  • ntdll
  • VirtualQueryEx
  • WriteProcessMemory
  • x64
Show More
  • x86

Block Information

Total Blocks: 579
Potentially Malicious Blocks: 131
Whitelisted Blocks: 234
Unknown Blocks: 214

Visual Map

0 0 0 0 0 0 0 ? ? ? ? ? x 0 x x x x 0 0 0 0 0 x x x 0 0 0 0 x 0 0 0 x x x 0 0 x ? ? ? ? 0 ? ? 0 0 x ? ? ? 0 ? ? ? ? ? ? x 0 0 x x x 0 x ? x x 0 ? ? ? 0 ? x x 0 ? 0 x x x 0 x ? x x 0 ? ? ? 0 ? x x 0 ? 0 x ? x x ? x ? x x x x ? x x x x x x x x x x x x x x 0 x ? x x 0 0 0 x 0 x x 0 x x x 0 x x x x x ? 0 x x ? ? x ? 0 x x x x x x x x x x 0 x ? x x 0 x x 0 0 x 0 x x ? ? ? 0 ? ? ? 0 ? x 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? x x 0 x 0 0 ? ? x 0 ? 0 0 x 0 x ? ? ? ? x ? 0 ? ? ? 0 x x x x 0 x x 0 x x 0 ? 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 x ? ? x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? x ? ? ? ? 0 0 x x x 0 0 ? x 0 0 0 0 0 ? ? ? ? ? 0 ? 0 x x ? ? ? x ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? 0 ? x ? ? 0 0 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? x 0 0 0 ? ? ? ? ? ? 0 x ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? 0 0 0 ? 0 ? ? x ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 x 0 x 0 ? 0 0 x x 0 ? ? 0 0 0 0 0 x 0 0 0 ? x ? x ? 0 0 0 0 ? 0 0 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 ? 0 ? 0 ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Downloader.Agent.AG

Files Modified

File Attributes
c:\users\user\downloads\panel dll - external.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\scripts\komorebi.lua Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\valex::workspacefolder c:\\users\\user\\downloads\\workspace RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
Show More
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtSuspendThread
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair

53 additional items are not displayed above.

Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Process Manipulation Evasion
  • ReadProcessMemory

Trending

Most Viewed

Loading...