Trojan.Dropper.Fignotok.D

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	10,140
Threat Level:	80 % (High)
Infected Computers:	910

First Seen:	September 27, 2021
Last Seen:	December 22, 2025
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Dropper.Fignotok.D
Signature status:	No Signature

Known Samples

MD5: 61e3e03a51eab9bd42f21ae8af307f7f

SHA1: dd9abd85e8211be14ccedbf9a900d2f387f05f01

SHA256: F65CDC113D1636A7E69DDBB8490FF38DC637692E17EC30A274848CFB60BB97A0

File Size: 1.30 MB, 1295247 bytes

MD5: baba236939fc686d5f1f2fe53d71d8e2

SHA1: a84ebfeb81d79315f14a2d12df6f34e6ba73d017

SHA256: FF25C7EA8C81D430BD373C7B5A5DC0C48CDB0CBCFA8BA1F54C22DA26808258B0

File Size: 1.28 MB, 1282560 bytes

MD5: a8c0e34e4efa04597a1075bd7a957adb

SHA1: 1fe65cf77335148bb72da00ad7159ff4f5e93b66

SHA256: 397A805257E321FD2FA5A646B265DE22D2B5D5C6C0152E9BFBF40ABB0B1A2AEB

File Size: 1.29 MB, 1290270 bytes

MD5: 630362b7d8d44bc2702c82e166d4ba3d

SHA1: 9855dcaedde39676525843a32eea1484517ad2c2

SHA256: 40684C514C9ECD2836187350C5E9EC47529346F22288C3D43623D3D8D928D30F

File Size: 1.28 MB, 1282560 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

2+ executable sections
HighEntropy
No Version Info
x86

Block Information

Total Blocks:	248
Potentially Malicious Blocks:	207
Whitelisted Blocks:	41
Unknown Blocks:	0

Visual Map

0 0 0 x x x x 0 x x x x x x x 0 x x x x x x x x x x x x 0 x x 0 x x x x x x x x x x x x x x x x x x 0 x x 0 x x 0 0 x x x x x x x x x x x 0 x x 0 x x x x x x x x x x x x 0 x x x x x x x 0 x 0 x x x x x x x x x x x x 0 0 x x x x x x x x x x x x x 0 x x x x 0 x 0 x 0 x x 0 x x 0 x x x 0 x x x 0 x x x 0 x x x x 0 0 x x x 0 x x x 0 x x x 0 x x 0 x x x x x x x x x x 0 0 x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Dropper.Fignotok.D

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::aformattagcache		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::aformattagcache	2	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::cformattags		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::aformattagcache		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::aformattagcache	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::aformattagcache	U	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::cfiltertags		RegNtPreCreateKey

Windows API Usage

Category	API
Keyboard Access	GetKeyState

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Dropper.Fignotok.D

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Bingo Master Ads

Adware.Search Safer

Backdoor.Bifrose.O

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen