Trojan-Downloader.Win32.Agent.ahoe

By GoldSparrow in Trojans

Translate To:

Threat Scorecard

Popularity Rank:	1,459
Threat Level:	80 % (High)
Infected Computers:	548,776

First Seen:	July 24, 2009
Last Seen:	April 14, 2026
OS(es) Affected:	Windows

Trojan-Downloader.Win32.Agent.ahoe is a trojan horse virus that typically infiltrates the computer from rogue websites or through file sharing programs. Trojan-Downloader.Win32.Agent.ahoe downloads malicious content from the Internet and executes them on the compromised machine without user knowledge or approval. Trojan-Downloader.Win32.Agent.ahoe creates its own registry entry to ensure that it begin running every time Windows starts up. Trojan-Downloader.Win32.Agent.ahoe typically appears listed in the scan results of the rogue anti-spyware program Windows Antivirus Pro.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Downloader.Generic12.XJL
Fortinet	W32/Downloader_x.GCN!tr
AntiVir	TR/Agent.dpp.2
Kaspersky	HEUR:Trojan.Win32.Generic
eSafe	Win32.TRAgent.Dpp
Avast	Win32:Agent-APGZ [Trj]
McAfee	Generic.dx!bcx4
Ikarus	Trojan.SuspectCRC
AhnLab-V3	Win-Clicker/Agent.499712
AntiVir	TR/Gendal.kdv.300198
BitDefender	Trojan.Generic.KDV.300198
eSafe	Win32.WS.Reputation
McAfee	Artemis!764155503436
Panda	Trj/Downloader.QBT
AVG	Delf.EKJ

SpyHunter Detects & Remove Trojan-Downloader.Win32.Agent.ahoe

File System Details

Trojan-Downloader.Win32.Agent.ahoe may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	tcharar.exe	fb499993c46f50b75f102d5d59b61eb2	9,924
Name: tcharar.exe MD5: fb499993c46f50b75f102d5d59b61eb2 Size: 992.09 KB (992091 bytes) Detections: 9,924 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\is-6ks2l.tmp\tcharar.exe Group: Malware file Last Updated: September 12, 2023
2.	NetUpdService.exe	ac9fa3514f1313c92ae5a52938a50d9a	1,483
Name: NetUpdService.exe MD5: ac9fa3514f1313c92ae5a52938a50d9a Size: 2.95 MB (2956288 bytes) Detections: 1,483 Type: Executable File Path: C:\WINDOWS\SysWOW64\NetUpdService.exe Group: Malware file Last Updated: March 5, 2026
3.	lsmsrv.exe	b262a3f123fc2ad625654813cf3c3734	84
Name: lsmsrv.exe MD5: b262a3f123fc2ad625654813cf3c3734 Size: 6.14 KB (6144 bytes) Detections: 84 Type: Executable File Path: C:\WINDOWS Group: Malware file Last Updated: September 5, 2018
4.	Client.exe	1362cac64386ac917c3b91e29749740f	49
Name: Client.exe MD5: 1362cac64386ac917c3b91e29749740f Size: 58.88 KB (58880 bytes) Detections: 49 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe Group: Malware file Last Updated: June 26, 2020
5.	TssWpfWrp.exe	d017768239636f67bfafd5e02ec53918	29
Name: TssWpfWrp.exe MD5: d017768239636f67bfafd5e02ec53918 Size: 40.96 KB (40960 bytes) Detections: 29 Type: Executable File Path: C:\Windows\SysWOW64\TssWpfWrp.exe Group: Malware file Last Updated: October 21, 2022
6.	digital1610_Good_11cr13.exe	35164e8135d144bf04395e62461d2a0e	23
Name: digital1610_Good_11cr13.exe MD5: 35164e8135d144bf04395e62461d2a0e Size: 667.64 KB (667648 bytes) Detections: 23 Type: Executable File Path: C:\Program Files (x86)\Proxyfilter\Proxyfilter\digital1610_Good_11cr13.exe Group: Malware file Last Updated: August 11, 2024
7.	Server.exe	7f5b5834f8e8a25b7b6586b86091b72d	20
Name: Server.exe MD5: 7f5b5834f8e8a25b7b6586b86091b72d Size: 808.44 KB (808448 bytes) Detections: 20 Type: Executable File Path: %LOCALAPPDATA%\Default Folder Group: Malware file Last Updated: December 23, 2016
8.	mscorsvcw.exe	860a6d17959203f41a2ca6226270516c	15
Name: mscorsvcw.exe MD5: 860a6d17959203f41a2ca6226270516c Size: 77.31 KB (77312 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
9.	AGSService.exe	2d364060d6b042250a351507c0b6d556	9
Name: AGSService.exe MD5: 2d364060d6b042250a351507c0b6d556 Detections: 9 Type: Executable File Path: C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D} Group: Malware file Last Updated: October 17, 2018
10.	g666.tmp.exe	c7d0fd72924d39d78010aa13e5f1e3bf	5
Name: g666.tmp.exe MD5: c7d0fd72924d39d78010aa13e5f1e3bf Size: 239.1 KB (239104 bytes) Detections: 5 Type: Executable File Path: %WINDIR%\TEMP Group: Malware file Last Updated: October 24, 2025
11.	WindowsDefenderUpdate.exe	844430aac97001ca90f1e319711ba820	5
Name: WindowsDefenderUpdate.exe MD5: 844430aac97001ca90f1e319711ba820 Size: 325.63 KB (325632 bytes) Detections: 5 Type: Executable File Path: C:\Users\<username>\Desktop Group: Malware file Last Updated: May 16, 2018
12.	get.exe	cd49e0979be34d51eee3606438184f52	4
Name: get.exe MD5: cd49e0979be34d51eee3606438184f52 Size: 67.35 KB (67357 bytes) Detections: 4 Type: Executable File Path: c:\Users\<username>\appdata\roaming Group: Malware file Last Updated: November 7, 2018
13.	4b3f7176cfd3fb818f8e4780b9ded838de5ff6d8cf01865d59fc68fb4c0e0424	00e7325c6b03ae161c5fbf755fa14739	3
Name: 4b3f7176cfd3fb818f8e4780b9ded838de5ff6d8cf01865d59fc68fb4c0e0424 MD5: 00e7325c6b03ae161c5fbf755fa14739 Size: 343.04 KB (343040 bytes) Detections: 3 Path: F:\5094385635852288\4b3f7176cfd3fb818f8e4780b9ded838de5ff6d8cf01865d59fc68fb4c0e0424 Group: Malware file Last Updated: March 25, 2021
14.	CasPol.exe	a7aaf4d9e10897faded9a4727a626900	1
Name: CasPol.exe MD5: a7aaf4d9e10897faded9a4727a626900 Size: 115.2 KB (115200 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
15.	rundl64.exe	bce7203e636f826142284d5ac72892ec	0
Name: rundl64.exe MD5: bce7203e636f826142284d5ac72892ec Size: 69.63 KB (69632 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 19, 2010
16.	msmsgs.exe	2ab1867e8b59176adbac333f6357e978	0
Name: msmsgs.exe MD5: 2ab1867e8b59176adbac333f6357e978 Size: 57.34 KB (57344 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 19, 2010
17.	iOmm100.exe	315dbe28016a28842556704148eba158	0
Name: iOmm100.exe MD5: 315dbe28016a28842556704148eba158 Size: 53.24 KB (53248 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 23, 2010
18.	ikwnmb.exe	dcb43c208a13b5c1cccebce576987b26	0
Name: ikwnmb.exe MD5: dcb43c208a13b5c1cccebce576987b26 Size: 126.46 KB (126464 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 1, 2010
19.	dealassistant.exe	1ae1c57db53066c7e1ef5076bb9b1b8b	0
Name: dealassistant.exe MD5: 1ae1c57db53066c7e1ef5076bb9b1b8b Size: 934.06 KB (934061 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 15, 2010
20.	retadpu77.exe	fc83423421cd2d1b09955e3aee7f29cf	0
Name: retadpu77.exe MD5: fc83423421cd2d1b09955e3aee7f29cf Size: 40.96 KB (40960 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 27, 2010
21.	mrofinu1000106.exe	3e9f2da6cd3519cb9320f9ba8ed92c72	0
Name: mrofinu1000106.exe MD5: 3e9f2da6cd3519cb9320f9ba8ed92c72 Size: 37.37 KB (37376 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 27, 2010
22.	retadpu1002397.exe	dde8bfd270ffeea1c763d1827734d0e4	0
Name: retadpu1002397.exe MD5: dde8bfd270ffeea1c763d1827734d0e4 Size: 35.84 KB (35840 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 27, 2010
23.	orz.exe	8a548d9d41f045b29884ecd682d4f1d1	0
Name: orz.exe MD5: 8a548d9d41f045b29884ecd682d4f1d1 Size: 86.01 KB (86016 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: May 18, 2010
24.	pridl.exe	cd88b89d5e4eb922a4e179a1be66aefc	0
Name: pridl.exe MD5: cd88b89d5e4eb922a4e179a1be66aefc Size: 11.26 KB (11264 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: May 18, 2010
25.	cpds.exe	fca86cdf5a1851c1c9c33726f0fc6c82	0
Name: cpds.exe MD5: fca86cdf5a1851c1c9c33726f0fc6c82 Size: 59.62 KB (59621 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: June 29, 2010
26.	file.exe	865cd7bf0e4612204bfaff0e11bfd166	0
Name: file.exe MD5: 865cd7bf0e4612204bfaff0e11bfd166 Size: 56.83 KB (56832 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Trojan-Downloader.Win32.Agent.ahoe may create the following registry entry or registry entries:

File name without path

fja9sdfh.exe

hhb91hih.exe

j0192udlkhas.exe

pdqjw9d8as123hdk.exe

pqjw9d8123hk.exe

svb98s12e.exe

svb98s15e.exe

svj9812e.exe

Regexp file mask

%ALLUSERSPROFILE%\FXGuard\fxnet.exe

%APPDATA%\Alianz.exe

%APPDATA%\fileSystem.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js

%APPDATA%\syse.sys

%APPDATA%\workk.exe

%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]

%HOMEDRIVE%\smartdata\bbaassd.exe

%HOMEDRIVE%\smartdata\fasfd.exe

%HOMEDRIVE%\SmartData\fhalslk.dll

%HOMEDRIVE%\SmartData\performer.exe

%HOMEDRIVE%\SmartData\servicer.exe

%HOMEDRIVE%\SmartData\svchost_ms.exe

%LOCALAPPDATA%\Audiodg\audiodgs.exe

%LOCALAPPDATA%\bbuy.exe

%LOCALAPPDATA%\Default Folder\server.exe

%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat

%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]

%LOCALAPPDATA%\WServices\performer.exe

%LOCALAPPDATA%\WServices\smaters.exe

%LOCALAPPDATA%\WServices\svsmst.exe

%Programfiles%\fuwu.exe

%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe

%PROGRAMFILES(x86)%\smartdata\asdd.exe

%PROGRAMFILES(x86)%\smartdata\asdffdf.exe

%PROGRAMFILES(x86)%\smartdata\bbaassd.exe

%PROGRAMFILES(x86)%\smartdata\fasfd.exe

%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe

%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe

%PROGRAMFILES(x86)%\SmartData\performer.exe

%PROGRAMFILES(x86)%\smartdata\servicer.exe

%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe

%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe

%TEMP%\networkservice.exe

%WINDIR%\gdp32.exe

%WINDIR%\imgsvc\imgsvc.exe

%WINDIR%\lsasc.exe

%WINDIR%\sysde32.exe

%WINDIR%\System32\NetUpdService.exe

%WINDIR%\system32\show.exe

%WINDIR%\system32\wbem\123.bat

%WINDIR%\System32\wmiex.exe

%WINDIR%\sysve32.exe

%WINDIR%\SysWoW64\NetUpdService.exe

%WINDIR%\SysWOW64\wmiex.exe

%WINDIR%\temp\bestfile1.exe

%WINDIR%\Temp\y2b.exe

%WINDIR%\winmds.exe

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Machiner

SOFTWARE\MaxPlugs\Emmail

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window Update

SOFTWARE\Wow6432Node\Machiner

SOFTWARE\WOW6432Node\MaxPlugs\Emmail

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

eMail Extractor_is1

Emoticons Mail_is1

{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}

{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}

Directories

Trojan-Downloader.Win32.Agent.ahoe may create the following directory or directories:

%ALLUSERSPROFILE%\gramblr

%ALLUSERSPROFILE%\nirds

%ALLUSERSPROFILE%\tlrzjcfpeq

%ALLUSERSPROFILE%\yemjxjfcbj

%APPDATA%\ww.fm

%LOCALAPPDATA%\WServices

%PROGRAMFILES%\Procedure

%PROGRAMFILES%\Windows Utility Update

%PROGRAMFILES%\eMail Extractor

%PROGRAMFILES%\machinerdata

%PROGRAMFILES(x86)%\Windows Utility Update

%PROGRAMFILES(x86)%\machinerdata

%TEMP%\HWMonitor

%USERPROFILE%\SecurityHealthSystray

%USERPROFILE%\cabapi

%UserProfile%\AppXDeploymentServer

%UserProfile%\wksprt

Analysis Report

General information

Family Name:	Trojan.Downloader.Agent
Signature status:	No Signature

Known Samples

MD5: 4c87a98b06b25d056ba958054f6df7a0

SHA1: 78e7071501e35ab8f8a06920869088d23cd72898

File Size: 46.18 KB, 46183 bytes

MD5: b37f263aa3a12f66ac4cea307aa71bd5

SHA1: 7d39c32d4d5b78a79b1fe20121647f14d12958ee

File Size: 46.18 KB, 46180 bytes

MD5: 1b98bdc7a806091ddf1f929ff93abc97

SHA1: de04ec480dc52fd96f883fb177f2402497f268b2

SHA256: 888F878D224C18A884FA2C2A68A5EE869CFA23939D3114E70656ADD9BE7ABDBE

File Size: 46.18 KB, 46181 bytes

MD5: 2892e1c722fe4a15e9f6451be44b1c97

SHA1: 80c1237f62ff8ad6ddbe20b6b00c22ef3e72ec1d

SHA256: 470B8826F437B92C95A09D0F83016B9CA8D25FFF777C288013B2282552175EF4

File Size: 46.18 KB, 46180 bytes

MD5: 02bd686d7320405b38fcb84578ad9bf9

SHA1: 8c48ee4cd9b0fa70f305b7c4a3ab70a391b2f026

SHA256: 8F3D62B448BB53A5F39373CA296FB5E6E2C50814EC3CA3FDDC5299E56AAAEC30

File Size: 46.18 KB, 46183 bytes

MD5: 3d6dc175d4a640a344b09b0313e7621c

SHA1: b6c9d28d5dc128f4f44dc05f1714d2becc5b440d

SHA256: D8776458DE607BA71132DE5F6877EBFB6950786B1BE1649E22AAFEEC1A1ECDC4

File Size: 46.18 KB, 46179 bytes

MD5: fb33bad211ac5405443eeaad2cd4f324

SHA1: 307e6b510f1b8590adeb0514c8ee3db57d910d31

SHA256: D94EFDE45FC4367F5B61C4614453052AEC335D848C88D28A392D2446A8AFA16B

File Size: 1.52 MB, 1515520 bytes

MD5: b06df00c4478dc8e100e6af0079505dc

SHA1: 2f539c32b5b0fa8f042e161d674072ae13f67232

SHA256: A52BD84EDFC8BF9A2922A413FF0E6D9928EE1ED9620F19C0DF206FF28602BC9B

File Size: 39.67 KB, 39667 bytes

MD5: be57f871c1f3fd9f0fe98ea97de21a00

SHA1: 09339ea667e3f3975797b8fc41945b68502d544b

SHA256: D4C74959C9BEF137F42341AB7F6CC9F557CDD4635A79350015F3D8A86673DD3F

File Size: 568.84 KB, 568836 bytes

MD5: a100c083f48f3a7e9feceddbca264b07

SHA1: 7e66277d681bef8efadca551145ac66d45467a56

SHA256: 45FA1321764AC3D629A677C6F9F688EE1B73E19C20DE1DC173BBAFE8A47C14F6

File Size: 46.18 KB, 46180 bytes

MD5: 1c3c7bf76976c416e63684a8b91a8ca4

SHA1: 85869b92cad3e42aefc0121ba39c213e1951ffee

SHA256: 124C495B99C59ACFD5A1CD68E7AC6EA5DB257E65609083FED4C09AC6272200CE

File Size: 20.48 KB, 20480 bytes

MD5: 39550d26ac3111ddb2b284317d95a1ed

SHA1: 87a31244e944216d12231acbb9ce222f9131aba2

SHA256: A9E9FAD6E3487D0A32A0C34D25A78C95D30544A839EB2CF8CAD8041284B55E06

File Size: 8.19 KB, 8192 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
Company Name	noOrg
File Description	DotNet.Core
File Version	1.00 1.0.0.0
Internal Name	DotNet.Core.dll gg waits
Legal Copyright	Copyright © 2017
Original Filename	DotNet.Core.dll gg.exe waits.exe
Product Name	DotNet.Core Project1
Product Version	1.00 1.0.0.0

File Traits

.NET
dll
HighEntropy
No Version Info
vb6
x86

Block Information

Total Blocks:	16
Potentially Malicious Blocks:	0
Whitelisted Blocks:	11
Unknown Blocks:	5

Visual Map

0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nsa5a18.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa5a18.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa5a18.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa5a18.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa5a18.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb3091.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb3091.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3091.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb3091.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3091.tmp\system.dll	Synchronize,Write Attributes

c:\users\user\appdata\local\temp\nsc5110.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc5110.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc5110.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc5110.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc5110.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf7ab9.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf7ab9.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7ab9.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf7ab9.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7ab9.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh57b1.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh57b1.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh57b1.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh57b1.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh57b1.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn540d.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn540d.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn540d.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn540d.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn540d.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq338e.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq338e.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq338e.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra709.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra709.tmp\pwgen.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra709.tmp\pwgen.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra709.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra709.tmp\system.dll	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; Win64; x64; ovrFT49HUY	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; Win64; x64; ovrFT49HUY	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Nmqimwrn\AppData\Local\Temp\nsn540D.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovP2wW2d09	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovP2wW2d09	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fjxikcma\AppData\Local\Temp\nsc5110.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; WOW64; ovLqlLUcpU	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; WOW64; ovLqlLUcpU	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Zxtblvbb\AppData\Local\Temp\nsa5A18.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovYdEXgYaa	RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovYdEXgYaa	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Oosmxeyw\AppData\Local\Temp\nsh57B1.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovsyYj3YHK	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovsyYj3YHK	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Nfvsrdon\AppData\Local\Temp\nsb3091.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; WOW64; ov098YfArb	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; WOW64; ov098YfArb	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Syxcgwon\AppData\Local\Temp\nsf7AB9.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; Win64; x64; oQaf2tau	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; Win64; x64; oQaf2tau	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\626d5325-4419-4ac5-baae-1ad029bac7c6.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovpMK0rLE2	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\5.0\user agent::platform	Windows NT 10.0; ovpMK0rLE2	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey

Windows API Usage

Category	API
Encryption Used	CryptAcquireContext
Other Suspicious	SetWindowsHookEx
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection Show More ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan-Downloader.Win32.Agent.ahoe

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan-Downloader.Win32.Agent.ahoe

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Downloader.ConsCorr

Trojan.Vapsup

Trojan.Vundo.HM

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen