Trojan.Pepex.C
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 3,662 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 957 |
| First Seen: | September 3, 2022 |
| Last Seen: | April 12, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Pepex.C |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
6d54a7b75b25f0c5e6366a2bfdb36b5e
SHA1:
b804fa4fe536851b885c297aa8c02463d9481c92
File Size:
527.85 KB, 527848 bytes
|
|
MD5:
b2e69a61871c501fd2324f24b7e24b52
SHA1:
5ca2a212e67809a80de1d2a411de219f20ccf565
File Size:
1.72 MB, 1722266 bytes
|
|
MD5:
14fc8b40808325a0f7d652d287ba98b4
SHA1:
4182fc8e0a92d65ae344ca09e5e2eb56ea8bdbc7
File Size:
484.68 KB, 484678 bytes
|
|
MD5:
419d8d9676f17782318d0b80bda94933
SHA1:
6688d3b0ccb222646c25c0df10cb7909826d1641
SHA256:
06CF09DFB485711E622F9ABF3B0ADE211AA9E6BB786EDD7BADEC11BCEF9E4E19
File Size:
59.22 KB, 59220 bytes
|
|
MD5:
79ea272e885d00bc713c3e4622ce4ad8
SHA1:
f095341b72656a9d510a39d4160b5141f68a2f8a
SHA256:
4E739D88BF52B4221CA558FFD9A573FF05E3FB64515589F83047786452DA2D05
File Size:
354.82 KB, 354816 bytes
|
Show More
|
MD5:
bf1d54907149f42132bd3c79e6127641
SHA1:
4ca5a15a792d41323ff9d5579a8f88ce11a4a9a4
SHA256:
B6DBBCD2A94E60BCBB760747CE5708D42FCAD344E4E9E514941062CCC42E4CC5
File Size:
837.04 KB, 837039 bytes
|
|
MD5:
b265b583769a5977e62bf2b95076cfeb
SHA1:
22c6b2e33e34481b6a1aca6296e620f36965fd5d
SHA256:
781FCA3A4F36B9BF8A028764D8502E4508169AED2870CD5101CF20530A651653
File Size:
480.47 KB, 480472 bytes
|
|
MD5:
8a952bb5d5bd856929286c7fea562ea8
SHA1:
05c4742b7c881072848ca232fd1b871854bfb408
SHA256:
34E3079A4190DDBDD703D7DA8CD7D84D3A745652D93350C01CFE8A6B0E09CE64
File Size:
7.02 MB, 7023256 bytes
|
|
MD5:
b13351922b4ba5b205b9ac8081920434
SHA1:
6674306571e3c7d5efa21dbda7e70a049aa831c6
SHA256:
76ECF8AF3F394E6EB0BF86401916358B5976D122C45011DDC99DA7000D9FAB9F
File Size:
606.80 KB, 606802 bytes
|
|
MD5:
710829a5211aaaeb84859fc933190a6a
SHA1:
4e3a0fc6277df7dce6ae2605a40912c926c5407c
SHA256:
306CEF1685B9107632543A7435158D6A8E7359437E1C71984CA32139F8F3F25F
File Size:
384.14 KB, 384142 bytes
|
|
MD5:
d517232357b31335b5d47685632751fc
SHA1:
ef6e34718d5b09b59878f1ef2e5fa96203652779
SHA256:
36EDB028533774312EA7EF9639A621CA6E997D18C90EA73A0D5E3CB39D42FB34
File Size:
519.95 KB, 519952 bytes
|
|
MD5:
f4f3fad502b7048a0ceae6763a995815
SHA1:
969584307b7a353ce8422afc11db36609d1b154c
SHA256:
A24E2902DA5AB84F755D6C8D365C7D0DE94A0E06F17621FA7DF7653036120A71
File Size:
240.18 KB, 240176 bytes
|
|
MD5:
4752534ea7128f78a75cd78dea7b8bc1
SHA1:
880366105c9829f0b612567b73efe98a64f2cf7a
SHA256:
354803A30F8F4E0FE634E10C057F79793948956461CA8D9B63511F1CC14482DB
File Size:
573.94 KB, 573936 bytes
|
|
MD5:
12440c165ed5953c099255132ce3167a
SHA1:
dfb6b5539d4408661afaf1a87e1b6ec80ff23a91
SHA256:
DEB86EF917F51E165506A282D50CAD8E21A4DEC5A1F34598286BE63B004D249E
File Size:
317.22 KB, 317223 bytes
|
|
MD5:
2ae7e3ddc29d7b0b43df3c812b1245e1
SHA1:
a99f33958b986fc88f26d434623ffdb3b0448cd7
SHA256:
03618BBAF5ABE91283374CDCF0C24A044B6411C702F0CB6EA55092EE0701024D
File Size:
474.79 KB, 474785 bytes
|
|
MD5:
97947abe60f935be7a48a3936a2af485
SHA1:
d0a0dde869a2909cbfde320218a9c08dee99eb01
SHA256:
6831BDC623B1664C574F6C4E33A0C9AAA3F53CF03AE48E0C460866ACC1203F9F
File Size:
593.63 KB, 593634 bytes
|
|
MD5:
b57b26b4d1773a72c8b5c79f35fe7512
SHA1:
50069ac8a4cc9c6392645704603432012adc4a1d
SHA256:
E6B6F3C40AAA44B060E6D7C1798831E1D24A6E142DBBC70B9E62292D8777CABA
File Size:
532.61 KB, 532614 bytes
|
|
MD5:
d7c16850b74c0445d80a5ae3218c1edd
SHA1:
ad28c8a3ca3118055e0538fb4870e3cb0754e999
SHA256:
951DD7D3B35773DE7514404B326F27DDD66216BCDC095A913FE84161A312E240
File Size:
497.32 KB, 497325 bytes
|
|
MD5:
ba33d2d79c7bb65600fbf2306b563cab
SHA1:
f18780025f2fc260896ac2bd59018e78132f31ea
SHA256:
62BA8BC394300D9768DC4F92C3AED797C3E4BFD1339C368792A3CCA49B3F8988
File Size:
7.02 MB, 7023192 bytes
|
|
MD5:
2648b5301891804c91ad480fb789028c
SHA1:
121f081c82e9a1620dbc669f3d14ff95645afc82
SHA256:
4EDA5BA90F1D40D01EB1BCE3E17B80DE57B36D436B5C5914C0C5846FA9DF88EE
File Size:
387.74 KB, 387736 bytes
|
|
MD5:
01d59ae3f1e59c3bb3731e650632a1d5
SHA1:
5f848b34ea99b41e596c69f4f4abeb4ad39eae6a
SHA256:
BB6C56B9633C3F12234FDD971E7E66E59A1D639368B1BC7CC002F6C465193DFD
File Size:
448.12 KB, 448115 bytes
|
|
MD5:
cb072e8c01890b823df0ba4eff8414c8
SHA1:
c943185c2454e4d7668ab0a07eace3e97bf81ac0
SHA256:
7ABC5EB91BC92369254A3BE0A1AB50BB49D3B586C0B0AD345E8C87F6DC049CB5
File Size:
454.65 KB, 454651 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
|
| Private Build |
|
| Product Name |
|
| Product Version |
|
| Special Build |
|
File Traits
- .petite
- 00 section
- 2+ executable sections
- big overlay
- HighEntropy
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 9 |
|---|---|
| Potentially Malicious Blocks: | 5 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 4 |
Visual Map
?
x
?
?
?
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Banker.J
- Banker.JJ
- Banload.Z
- Keygen.FG
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\downloads\trace.log | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Other Suspicious |
|
| Anti Debug |
|
| User Data Access |
|
