Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Gator.A

Trojan.Gator.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 12,104
Threat Level: 80 % (High)
Infected Computers: 204
First Seen: November 4, 2017
Last Seen: January 3, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Gator.A
Signature status: No Signature

Known Samples

MD5: 7a6b7b608028bbdc426c76d93ba5fe88
SHA1: 53894baa2cd1381c06426df7f300fb42fe4f07a2
SHA256: 5CD812462B14D0474F2F658EE9905240075D3BA14316F0B67F494A10E10EC3D5
File Size: 283.17 KB, 283170 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
File Version 4.2.0.1
Original Filename Trickler.exe
Product Version 4.2.0.1

File Traits

  • x86

Block Information

Total Blocks: 993
Potentially Malicious Blocks: 539
Whitelisted Blocks: 453
Unknown Blocks: 1

Visual Map

x x x x x x x x x 0 x x x x x x 0 0 x 0 x x x x x 0 0 x x x x x x x 0 0 x 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x x x x x x 0 x x x 0 x x x x x x x x 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 ? x x x x x x x x 0 x x x x x x x x x 0 x x 0 0 x x 0 0 x x x 0 x x 0 x x x x x x 1 x x x x x x x x 0 0 0 x 0 x x x x 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x 0 x x x 0 0 x x 0 0 x 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x x x x x x x x x x x x x x x x 0 x x x x x x x 0 x x x x x x x 0 x 0 x 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x 0 x 1 x 0 x x x x x x x 0 x x x x x x x x 0 x x 0 x x x x 0 0 x x x x 0 x 0 x x x x x x 0 x x x x x 0 x 0 0 0 x x x x x x x x x x x x x x x x x x x x x 0 x x x x x 0 x x x x x 0 x x 0 0 x x x 0 x 0 x x x x x x x x x 0 x 0 x 0 0 x x 0 x x x x 0 x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x 0 x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 x x x x x x 1 x x x x x x x x x x x x x x x x x 0 0 x x x 0 x 1 x x 0 0 0 x x x x 0 x x x x 0 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 x x x x x x 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x 0 x 0 x 0 x 0 x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 x x x x x x x x x x x x x 0 0 x x x x 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gator.A

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::uets 偉쑪㌏⭑ RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::gef @ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler::firststartvalue ͉ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\gator\dyn::pdpfirststart 841:NEW RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\ginternet\proxy::enabled RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\gator\stat::guid 6B943565-F3E8-4983-BEBA-E7D3E6CD07FB RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::gmg 6B943565-F3E8-4983-BEBA-E7D3E6CD07FB RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::filedones RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::urltime RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::urlsize ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::storedfile RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\chk::checkfailures RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\chk::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\chk::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::filedones RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::urltime RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::urlsize ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::storedfile RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\chk::checkfailures RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\chk::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\chk::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::filedones RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::urltime RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::urlsize ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::storedfile RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\chk::checkfailures RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\chk::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\chk::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler::starttime 七楚 RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler::starttime 七楚 RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\gator\stat::guid BAD6A22A-DFDF-424F-97F2-FDEF572738CC RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::gmg BAD6A22A-DFDF-424F-97F2-FDEF572738CC RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Wininet
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
Network Winhttp
  • WinHttpOpen

Trending

Most Viewed

Loading...