Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Lefimy.A

Trojan.Lefimy.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 13,521
Threat Level: 80 % (High)
Infected Computers: 22
First Seen: March 28, 2025
Last Seen: May 5, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Lefimy.A
Signature status: No Signature

Known Samples

MD5: 0d853b382746e7b22d99baeb1cc4d9fa
SHA1: e58eaea35d749d454307be8f9014f70bf8f3924e
SHA256: 2AF92C02377ACACA3C387D8A807A56BB29B1B223F1197EC84E7EB965BB21CD0B
File Size: 1.74 MB, 1737216 bytes
MD5: 47b1f6dbde1d3570cf5b26adccdd4af5
SHA1: 9d2eea3dbb61d4bb28ac0788fd3edf11fb887688
SHA256: A9763A7DAA98B1D3CBE9156BA5535DD23355DFBFF63EF1174EF7FAE95B353DBA
File Size: 494.08 KB, 494080 bytes
MD5: 3bc4f29c441a8429abd5f43c686fa1b7
SHA1: dc5cf69cbf9e6b1891d68671a710a806f26773da
SHA256: 27D18C32AEF965BAF52D3672C3E1CD639E3FFE10D9EF271788F7D3859C9B702A
File Size: 220.16 KB, 220160 bytes
MD5: af53a35c5b12746d8c521c5b0926c0cf
SHA1: 70fa61a5fd8175ca65736e6e721d97f3ae2970d3
SHA256: 91DE78011ED3463BF4F517FB2F5CE955B18B79BF1F02397E2E26845580CCA6CA
File Size: 4.21 MB, 4213760 bytes
MD5: ebe2d6bd97d3b72d8ae04a25afbdebde
SHA1: c69308a4b8206c09d07e1bbcc0399d2dea27089d
SHA256: 5E03682DB635978B2746BAEABE92BCA3057C68F76DD9BB9C1747EEA279928F02
File Size: 1.74 MB, 1736192 bytes
Show More
MD5: e4035b23de5df525b4378a8e65d65548
SHA1: f6a8c8276cca8706dfdc9225996dcb4581260695
SHA256: F4FF06BC6BC8429D52E026B9CD454E3865C2D430451F9414A46F46DB13899477
File Size: 2.51 MB, 2508800 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Build Date 14.01.2009
Company Name Bank's Soft Systems
Company Name Synaptics
File Description
  • BSS system file
  • Synaptics Pointing Device Driver
File Version
  • 3.17.3.1020
  • 1.0.0.4
Legal Copyright (C) 1998-2009 Bank's Soft Systems
Product Language RUSSIAN
Product Name DBO Bank-Client
Product Name Synaptics Pointing Device Driver
Product Version
  • 3.17.3.1020
  • 1.0.0.0
Sale Release 17.3
V S_ Version 3

File Traits

  • No Version Info
  • packed
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\bs-internetclient\bssetuplog\bssetup.log Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxfc28.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\7vdq5li.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l5\5\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\._cache_f6a8c8276cca8706dfdc9225996dcb4581260695_0002508800 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_f6a8c8276cca8706dfdc9225996dcb4581260695_0002508800 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 陌ȁ獖} RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

runas c:\users\user\downloads\._cache_f6a8c8276cca8706dfdc9225996dcb4581260695_0002508800
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...