Threat Database Trojans Trojan.Rozena.Y

Trojan.Rozena.Y

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 673
Threat Level: 80 % (High)
Infected Computers: 4,123
First Seen: April 24, 2024
Last Seen: February 28, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Rozena.Y
Signature status: No Signature

Known Samples

MD5: 4926afc02407386a83d524a4fdab04c4
SHA1: fc5b9cddfe560235fd9472eb95c9649d3f6bb193
SHA256: 00A79A6B857F5DAACA03EE53EF9A25E1F9AA4D5A0D4B3B9E876B7DA1096A8C9C
File Size: 469.86 KB, 469856 bytes
MD5: 20f3f3079da243cf4416e580fa9faa84
SHA1: a0554981622450caad48a2bc22b70ab7701e53d0
SHA256: 2B5C6764408FEE5F6D2475D72ADDD84F43FAD48A63F72D4020F50746F245E693
File Size: 1.07 MB, 1071736 bytes
MD5: c8b508ef87da78d60b19eaa575431a17
SHA1: 094820d3c0ca1015ed8ef7e4aa56386c576b7c1d
SHA256: F3E29B4AEDBEEBE11048A31805DADEF9B02FB7D7304FDD60CA7B8D1BF946C2C3
File Size: 691.58 KB, 691582 bytes
MD5: 69f561eae19ca85d79ab53e79925dfc0
SHA1: 3fa616ecb2a93e3eeaef12a11d11b3bafbcaa9a2
SHA256: C74D334E5C664609D2F5EA595D347FF4E430906C427219E7935246C837CC3A4C
File Size: 557.06 KB, 557056 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • For additional details, visit PortableApps.com
  • This installation was built with Inno Setup.
Company Name
  • Igor Pavlov
  • PortableApps.com
  • Prefeitura Municipal de Santos
  • Simon Tatham
File Description
  • 7z Setup SFX
  • Folha_de_Pagamento Setup
  • PuTTY Portable
  • SSH, Telnet and Rlogin client
File Version
  • Release 0.62
  • 9.20
  • 1.1
  • 0.61.0.0
Internal Name
  • 7zS.sfx
  • PuTTY
  • PuTTY Portable
Legal Copyright
  • Copyright (c) 1999-2010 Igor Pavlov
  • Copyright © 1997-2011 Simon Tatham.
  • PortableApps.com Installer Copyright 2007-2010 PortableApps.com.
Legal Trademarks PortableApps.com is a registered trademark of Rare Ideas, LLC.
Original Filename
  • 7zS.sfx.exe
  • PuTTY
  • PuTTYPortable_0.61_English.paf.exe
Portable Apps.com App I D PuTTYPortable
Portable Apps.com Format Version 2.0
Portable Apps.com Installer Version 2.0.8.0
Product Name
  • 7-Zip
  • Folha_de_Pagamento
  • PuTTY Portable
  • PuTTY suite
Product Version
  • Release 0.62
  • 9.20
  • 1.1
  • 0.61.0.0

Digital Signatures

Signer Root Status
Rare Ideas, LLC Rare Ideas, LLC Self Signed
Steffen Hoehne Steffen Hoehne Self Signed

File Traits

  • 2+ executable sections
  • HighEntropy
  • imgui
  • x86

Block Information

Total Blocks: 1,172
Potentially Malicious Blocks: 0
Whitelisted Blocks: 1,172
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Rozena.Y
  • Tenga.A

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nsp5e6e.tmp\findprocdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5e6e.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5e6e.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsp5e6e.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5e6e.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5e6e.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5e6e.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz5e5d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
User Data Access
  • GetUserName
  • GetUserNameEx
Keyboard Access
  • GetKeyState

Trending

Most Viewed

Loading...