Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.DBA

Trojan.Rugmi.DBA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Rugmi.DBA
Signature status: Hash Mismatch

Known Samples

MD5: 72f671fcc9b51580f832c8cbe02ae3ca
SHA1: 609b9a5bd9d11717a0192159337eb7e467e9caef
SHA256: 96BF592B2A197DB48F0269CBB5F1C5E344A7F084D3FE2C0DE5C2F07B063339CA
File Size: 855.82 KB, 855824 bytes
MD5: d937752fb184e9df3114fe5cc321a383
SHA1: 51db2c96d8732bfe5e178c113325d2fac6c086d9
SHA256: B2B4A817147933A0AA6DC93C3F60C7C371232E606AB64DDC7D51B3C629BBC86A
File Size: 267.81 KB, 267808 bytes
MD5: e6850c770137332c4184dd0118f080f3
SHA1: 11e2b4e99d60b1dc5bafd2ca4e9f4b48a3ffc02e
SHA256: FC98025A94EEB0CF2D09E579189C00985EC4DE5AAA269BA32BDD06ECBC57C384
File Size: 855.82 KB, 855824 bytes
MD5: 53cb78e2a1bfa12ffb9187d4484e26bc
SHA1: f37433d26fb21d4b50489ee162dd88299eb41b34
SHA256: 5EFF7B4684D4A007CD6E0CCD1EEB7867774CF3C2A22C39425503A4D3D34062BC
File Size: 855.82 KB, 855824 bytes
MD5: 70cf9b301327576553a09641334c69d4
SHA1: aec909c82ecbc6af7630066d3d697e0951022e05
SHA256: A61E1EB88334A59FF28BF4139205A483A9EA64757985F0AC6F8ABCA5E59ABACA
File Size: 855.82 KB, 855816 bytes
Show More
MD5: a3e62d49c8c7df10d4913360604e4c4a
SHA1: 75df1dba9d35a8cbbe65eba27fdeb13a4d64049f
SHA256: CDAF6C751B974C61317112EE081E37CFCA546824C660691BA51686C0AB46D587
File Size: 855.82 KB, 855816 bytes
MD5: 46d8dca5c162b084beb3ee73f931efc2
SHA1: a76e5868f611a69aa8c0cf1f15ecf94a40b3ebae
SHA256: 96A1405084C9326E2B378DD82A42EA0358C99EE81A9B1BD3A1CD57B394634475
File Size: 855.82 KB, 855824 bytes
MD5: 4f3682a210a873e38ed6a5cb09bce3c3
SHA1: 888b30229d43c318ccbe723ea5275c03d51bb651
SHA256: 37FBD8018735D470683996BAC770750154464182E971961563E896FF74D2784D
File Size: 855.82 KB, 855816 bytes
MD5: f5e9ee7445b3d73eaf6b93ccfe5b931d
SHA1: c5b69a6a008f7494a774fe5e03cd19a5a14c4ae7
SHA256: BEE589D01516A7825B6A9364159496C6B573B4691F5B0F4F11DE944450CDE7F6
File Size: 855.82 KB, 855824 bytes
MD5: 17d6f7d371f63bbaca0eb06bcc089f6b
SHA1: a8eafeb287e9de4b3f1adee440eb184d6055f3a7
SHA256: 2E973CD968D8F2A46A189473893D7886E35EF7D84FF533DB9E99FB98E7E6984E
File Size: 145.45 KB, 145448 bytes
MD5: 5bdad28ab6e93df014cb340e3cf9ffe8
SHA1: 1071172745bc02da7c633b7ba25b1059b2517f7b
SHA256: BB9741E05DD51B5CEE78D03D9EB29CD67FC40B63270374735BF865A5687ECC61
File Size: 855.82 KB, 855824 bytes
MD5: 1ade606013de7a15c9188d97a6968185
SHA1: 4dcc973a6d3d0f317e6f66e5c251c0b848dee908
SHA256: C9537A16DC6A63C18360758DB6288ED78FEA6905F434EDB20FE504F05A6DBA13
File Size: 855.82 KB, 855816 bytes
MD5: e156f7a82844f944671c798ce1e63c29
SHA1: f0da65c53b0c128a5f5e5a4af3f64ef733205ddd
SHA256: 04FB3E3A100843A646F8041AB17BA05449B4B9FEE9E36D65246FF6DABDE4A323
File Size: 855.82 KB, 855816 bytes
MD5: 8abb3910d85533e1c640b3149e16ccd1
SHA1: 4a9c0bdd6ce1fcfe0457232a3e85a446c78246bc
SHA256: 7141B3BFCA77FF39A0B40F1C12F501F49E4830F65FFDCDF4B848BC7D13DD46BF
File Size: 855.82 KB, 855816 bytes
MD5: 84c7935a73927ea7ef2d2dc32fe8fc6e
SHA1: a2f8814e979a987520fa0ad3146389bc5799b61d
SHA256: 01B0532CE0918E562CBDCDAD7C5CB0AC6E0448F2CAD8D41F667D23AA363B8CC2
File Size: 855.82 KB, 855824 bytes
MD5: b6a0cadd19b7510c181070af45bad9bb
SHA1: 359d2a61102bc3dca9a8ae86de4f6ffb23a47852
SHA256: EC40EB10DA3A5A17845E65F10F358FECD28CC660BA19582E443B851EF7686E2D
File Size: 855.82 KB, 855824 bytes
MD5: 2f5e462ed9edf5e35e9dc96acbf1fa11
SHA1: f2603fe481362b6da3714cc1e73b5d78b3aed097
SHA256: 68532E0D9B35A78E78BDD3F4E06D81B0337D5452D098618334481C5FC4246A87
File Size: 855.82 KB, 855816 bytes
MD5: 61a415af8a13067d498e12d41bd64e53
SHA1: 95f777a9c0e1c0d8bb2d86236de2c5ce4ceecafe
SHA256: 4C1C6FB8508867E7F9BFCC2667DDC3CEE778B71E88742BFB4875A32F72097351
File Size: 467.51 KB, 467512 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name
  • Microsoft Corporation
  • TODO: <Company name>
File Description
  • Code Coverage Static Runtime
  • Microsoft Coverage Symbol Engine Interop
  • TODO: <File description>
  • Visual Studio Crypto Info
File Version
  • 17.2.25126.612603
  • 17.0.36024.17 built by: d17.14
  • 17.0.35710.127 built by: d17.13
  • 2, 1, 0, 21-d-5e94740
Internal Name
  • Microsoft.VisualStudio.Coverage.Symbols.dll
  • static_covrun32.dll
  • TSLogSDK.dll
  • VSCryptoInfo.dll
Legal Copyright
  • Copyright (C) 2020
  • © Microsoft Corporation. All rights reserved.
Original Filename
  • Microsoft.VisualStudio.Coverage.Symbols.dll
  • static_covrun32.dll
  • TSLogSDK.dll
  • VSCryptoInfo.dll
Product Name
  • Microsoft® Visual Studio®
  • TSLogSDK
Product Version
  • 17.2.25126.612603
  • 17.0.36024.17
  • 17.0.35710.127
  • 2, 1, 0, 21-d-5e94740

Digital Signatures

Signer Root Status
Tenorshare Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Tenorshare Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Tenorshare Co., Ltd. DigiCert Trusted Root G4 Root Not Trusted
Tenorshare Co., Ltd. DigiCert Trusted Root G4 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch

File Traits

  • Default Version Info
  • dll
  • fptable
  • x64

Block Information

Total Blocks: 1,520
Potentially Malicious Blocks: 2
Whitelisted Blocks: 1,458
Unknown Blocks: 60

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 1 1 0 ? 0 0 x ? 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 ? 1 ? 0 0 0 0 0 1 1 0 ? 0 ? ? ? 0 0 ? 0 1 1 0 1 0 ? 0 0 1 ? ? 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 ? ? 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Rugmi.DB
  • Rugmi.DBA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...