Trojan.Downloader.Agent.T

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	2,195
Threat Level:	80 % (High)
Infected Computers:	440

First Seen:	January 23, 2013
Last Seen:	February 10, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Downloader.Agent.T
Packers:	UPX
Signature status:	No Signature

Known Samples

MD5: 6ca0516146495955e4bf06e22c2f65f2

SHA1: e8c1978b0d83b3d53bfca3f9169b59c32c96f5e1

SHA256: 37DF3E57CD33E63FAEB5A77D25EFD997893ED97638C30CA658FDBBE22C4F4F1D

File Size: 214.67 KB, 214674 bytes

MD5: bd3ffd828c1536e015af964b2a4da7af

SHA1: 5396bdef5209b4a5cdb160d6e52dd8849ec56664

SHA256: D2DEE87A12AFA15B9153EA7A9F60337984D1217340A692B74E9729A501B905C5

File Size: 5.27 MB, 5271521 bytes

MD5: fd6a4a567471fb74b9ebb43e8529d63e

SHA1: 0015106c26b2524f3b3f8e4a6d861d6e424f316a

SHA256: 42864BD52A3DAB69E4D16DE27889C99765891EA01A9B523776767D465D1310EE

File Size: 361.39 KB, 361388 bytes

MD5: 331a1e2c8cc93cc3c08af60b57699f68

SHA1: 13113c3dd9be941d1bc27b487e6fc3bf44eee145

SHA256: CA80FD43F1437B523A6DECD1234E7FF195BBFF5F5640AFE2B915B2E6E9A0106C

File Size: 490.24 KB, 490238 bytes

MD5: e6ee1df1a355162b04640fc55159b643

SHA1: 550d38fca472b981a75d57510859ec3ba1c41698

SHA256: C7ED9740F61C58A2C1084C093B896A6BFAF48F830E782358711FD9DE5438118E

File Size: 33.21 KB, 33212 bytes

MD5: bb926e4dfb542bcb9cc43bae9d8a9dbe

SHA1: 1a63a7222b028e59974104b47572313202ff77f4

SHA256: B4351BA934F0C895EBA5A2029D6EA9BE399195BD2588BFD973732C46A2F97FC8

File Size: 204.73 KB, 204727 bytes

MD5: 832c456453ee60f7e8807e94d039cc6a

SHA1: 770a69835636afd26c8121d3af82e6c415fac676

SHA256: 9D1BBBBBF7AFB2664BE9517E30E0B0C9EFD05BD05CD9257DA99D0F3A47DE35DD

File Size: 131.07 KB, 131072 bytes

MD5: b4ae85281ba9031fd8da8159e6c644af

SHA1: 663159d8c3761ff290f9ccac5f7727e8514b48a2

SHA256: 54ED39492F0046F4ECA76A0BBDB2C0EBB91657381D7D3DF0E6F7A3586BF50313

File Size: 205.97 KB, 205975 bytes

MD5: 60c805482d8314aedb2a72744027ebad

SHA1: c535a20293268bd9d3ee6a9672eee4f9dd089bb9

SHA256: 87129FBEC68F8BCD0751596902635551B0CA484E796EE76CC74557C7CF537FA7

File Size: 2.01 MB, 2010485 bytes

MD5: 53f668741a28381038104f47233a4e1a

SHA1: c457417a9fdc181d4e3950bf3e846747233c890e

SHA256: 1E0ADE1DBC571A5EA44796097FC1813A968C3706B5E4A0E5F4B521CD1D07FFA7

File Size: 2.01 MB, 2012408 bytes

MD5: 6a66ac879c6aba85546c7b33042692cb

SHA1: 225291f598873acc4b59f652efa8186ecb2c1165

SHA256: 7E1E95D5DCFE7F19934AEBBCC47DAE861AD66269D08C2DE3A069E388C66ADF4A

File Size: 179.89 KB, 179891 bytes

MD5: 06335b2f36babb1106f2eb67ddfd4f84

SHA1: 47812773cae10f8a3e0867768df7b1f9793f281d

SHA256: E764B8D9B4E5CDBE67B302F101930BF85900179BAAB9592296030DAE808BF81D

File Size: 607.08 KB, 607078 bytes

MD5: 5376cfc9ad8d0a1c35a8162007ab47fc

SHA1: d9a9e2bf8b07589ef3270e9781a99a739ed61768

SHA256: 7ABB8545DFEE9D8F1FAE46A28A62F556F72AED80776A17CDCB7F9EE182AAB35B

File Size: 180.48 KB, 180482 bytes

MD5: a500983daf2cc44eef605f3a6adf7b21

SHA1: 26525f8e52def3d33f1d39916a494dd1670f40d1

SHA256: F193869F6CA7532D5795549E52703F69CA418ADB41A5390C404663018D3F656C

File Size: 2.24 MB, 2240848 bytes

MD5: 89396361c00eb92eed93fa38ce4e7c30

SHA1: 779a810dddf9334704e692aa7bd487d20ce72dc6

SHA256: 267C20E1EF44C70FD693782ECC60F629F950A205526F2F250BBF8A7F998BF528

File Size: 34.73 KB, 34725 bytes

MD5: 0ad7e349cdf976aa7c23945585e55bd0

SHA1: e139206ce9e7ce9f2aa607c55d1a87033dc0866e

SHA256: 7329071147051303E31B3451CBBDAA0AE9DF59B190C445CA5E070039CB55B716

File Size: 93.57 KB, 93574 bytes

MD5: 59692a8fad700391592637cfbae0a9c0

SHA1: 775f3bff2753f702f4f67a515b4452847865c419

SHA256: 28CA9137276C2EBB967F8BF51A3A584D2E290B10AE38CAB65C15402FD2257909

File Size: 153.75 KB, 153746 bytes

MD5: 6033e1e698d430f4d0dd9cfb4d94b9fb

SHA1: b6dde88f55d975fb25467b213c628665480e7d30

SHA256: 0E7313F311CF24207FFCD4956B0CC6826482596EB556D6E4183843B86C9B62ED

File Size: 15.36 KB, 15360 bytes

MD5: 2928cfc48113db40d48ecab0768502b1

SHA1: 73a60ef2781456b01a55dc3bca6c83aa96b6a174

SHA256: 93139BAE9D7FBDF489D10579992C921AD88228E25C7495A29D7B6A0C08DCFCB1

File Size: 760.38 KB, 760376 bytes

MD5: 8925f28fd29d5910f0f9b599ab1ddd0d

SHA1: 706e86757582e5c90d04595487b7edefc80cea54

SHA256: FB2DCB3F040DE63CECA41ED82F933691826AF0CF031417D3F3F6063FFA28CF25

File Size: 1.91 MB, 1914176 bytes

MD5: 6f7f45d0b3fd1c2a4c08239aaceec193

SHA1: 71fd4f14f6a909ff36e45eb101b109fd675cbd21

SHA256: 221D6C46063B09DC4C9408154DD1E38BA276CF95AE7CD0A24215EECF191F3672

File Size: 56.00 KB, 55996 bytes

MD5: 1deb95e098174cdc5ca13186481a7912

SHA1: 8113df241fc69dc7d909fbc19ac08f05e12892ff

SHA256: 2821853144388B72E0885C6E07D0A891155D4C870C925C104FF387EFC4698156

File Size: 2.57 MB, 2567654 bytes

MD5: d930ecf3e4c4aeb237186aa0858a38b9

SHA1: e3e657fb2fac57cd83bc77e7782f406f559be3f0

SHA256: C6F134B6FAC9E6165F47EB9F05973E698078CAF7EB1211FC4F6313338E385B30

File Size: 56.01 KB, 56007 bytes

MD5: 7c7f213a19f219487347f27233642d74

SHA1: 1b5fcf082f42c8641493eb7a399a1d846a4682e1

SHA256: B23952D759F78A5EB632E6B052E255C2EB1D30B571F2ED5EEA020662720B3CB3

File Size: 334.16 KB, 334157 bytes

MD5: 40c5a3f965e8d178e24c5e820b55746d

SHA1: 9116d8b4bdb20b8ab73eecc74d072f5da5a0b854

SHA256: ECB9F75D5158804B1342A82156C9C2114FCECE89DB230C22747EF261853FC767

File Size: 116.16 KB, 116164 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
Future Technology Devices International Ltd	Class 3 Public Primary Certification Authority	Hash Mismatch

File Traits

$Id: UPX
.UPX
2+ executable sections
big overlay
HighEntropy
No Version Info
packed
upx
UPX!
WinZip SFX

x86
ZIP (In Overlay)

Block Information

Similar Families

Downloader.Agent.T

Files Modified

File	Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\00005fb4_rar\c535a20293268bd9d3ee6a9672eee4f9dd089bb9_0002010485	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\00005fb4_rar\c535a20293268bd9d3ee6a9672eee4f9dd089bb9_0002010485	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\00013eaa_rar\c457417a9fdc181d4e3950bf3e846747233c890e_0002012408	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\00013eaa_rar\c457417a9fdc181d4e3950bf3e846747233c890e_0002012408	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\fe206b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe30bc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe3eda.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe4443.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe5d51.tmp	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\fe6041.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe6182.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe6571.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe690.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe7148.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe8001.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fe8fa0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fea6f9.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fea87f.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\febc40.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fec2a6.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fec6cb.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fecf64.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fed4b7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fedde4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fede38.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fedf70.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fefe14.tmp	Generic Write,Read Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	Û	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	é	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://affiliate.free.rongrean.com/logo.gifhttp://demo.mosiva	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	鱞댶	RegNtPreCreateKey
HKCU\software\apcr::u2_0	⏑	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	Ù	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ƒ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://erenkarahan.com/images/logo.gifhttp://gutekpl.za.pl/lo	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Other Suspicious	AdjustTokenPrivileges

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Downloader.Agent.T

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Related Posts

Trojan.Downloader.Agent.TFA

Trojan.Downloader.Agent.TJ

Trending

BestArcadeHits

Trojan.Downloader.XB

Welsworn.info

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...