Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.GD

Trojan.Rugmi.GD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 179
Threat Level: 80 % (High)
Infected Computers: 4,560
First Seen: May 7, 2025
Last Seen: May 19, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Rugmi.GD
Signature status: No Signature

Known Samples

MD5: 69a7fdb8f9f22f166f23920c1cbfd2b3
SHA1: d872f7b5212188d9ce3300801ed3f7aeb3d003fd
SHA256: 87B2EF3FACBDA2045AAF6A9052F3E1F4EECFEB8EA6B27FBB5FEBEA3C6351BB01
File Size: 3.85 MB, 3845120 bytes
MD5: f57afcaed5dabd287d56cd382f447dcb
SHA1: 99d5b3b0b69108415797a14156ef80a1ee291665
SHA256: DB702D6043B30CCDE040D6E615C0E587E4C7919CE9B64451239CF91413145AA9
File Size: 3.85 MB, 3845120 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • CryptUnprotectData
  • fptable
  • HighEntropy
  • No CryptProtectData
  • No Version Info
  • x86

Block Information

Total Blocks: 13,816
Potentially Malicious Blocks: 4,067
Whitelisted Blocks: 8,695
Unknown Blocks: 1,054

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 x 0 0 x 0 0 0 x 0 0 0 x 0 0 x x 0 0 x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 ? 0 x x 0 0 x x 0 0 x x x 0 x 0 x 0 x 0 ? 0 x 0 x 0 x 0 ? 0 x 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x x 0 0 x x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 x x x ? ? ? x x x x x x x 0 x x 0 0 0 x x x x x 0 x x x ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 x x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 ? x 0 x 0 x 0 ? ? ? x 0 x 0 0 0 0 0 0 x 0 0 ? ? 0 ? ? 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 ? 0 x 0 0 0 0 0 ? 0 ? 0 0 0 0 x 0 0 x x 0 x 0 x x x 0 x x 0 x 0 0 0 0 x 0 0 0 0 0 ? 0 0 ? ? ? x 0 0 x 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? ? x 0 0 x 0 0 0 0 x x ? ? x ? ? ? x x x 0 0 ? x 0 0 0 0 x 0 0 0 ? ? x 0 0 0 0 0 0 ? 0 ? 0 ? ? ? ? ? 0 ? x ? 0 0 0 ? ? x x 0 x x x x x 0 x x 0 x ? ? x ? 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 x 0 x x ? ? x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? x x ? ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? 0 x 0 0 0 x x 0 ? 0 x x x x x 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 x x x x x x x 0 x 0 ? 0 0 x x x x x x x ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x ? ? ? 0 ? x x 0 ? 0 0 ? 0 0 ? ? ? ? x x x x ? x 0 0 0 0 ? 0 ? ? ? 0 0 0 0 ? 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? x 0 0 0 x x ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 x 0 ? 0 0 0 x x ? x x ? ? ? ? ? x x x ? x ? ? 0 ? x x ? 0 0 x x 0 x x ? ? ? 0 0 0 x 0 0 x x 0 0 x x x 0 0 0 0 0 x ? 0 0 x 0 x x x 0 x x x 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 0 0 0 x x x x x x x 0 x 0 0 x 0 0 0 x x x x x x ? 0 x ? 0 x 0 0 0 0 x x ? ? ? x 0 ? x x x x 0 x 0 0 0 x 0 0 0 x x 0 0 ? x ? 0 ? ? ? ? 0 x x ? 0 ? 0 0 0 0 x x x 0 1 x x x x x 0 0 0 0 0 0 x x ? ? ? ? ? 0 0 x x 0 x 0 0 0 0 0 0 x 0 0 ? x 0 ? 0 ? x 0 0 ? 0 0 0 0 x 0 x 0 x 0 x 0 0 0 ? x x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x 0 0 0 x x 0 0 0 0 0 x x 0 0 x 0 x 0 x x x x 0 0 x x x 0 0 0 0 0 ? x ? x x 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 x ? 0 0 0 0 x 0 0 0 0 x 0 0 x x 0 x x x 0 0 0 0 0 0 x 0 0 x x 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 x 0 0 x x x x ? 0 0 x 0 x x x x 0 0 0 0 x x 0 0 0 x 0 0 0 x 0 0 0 0 0 ? 0 0 ? 0 ? ? ? x 0 0 0 x 0 x x 0 0 x x x x 0 x ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x ? x x ? 0 0 0 0 0 0 0 0 x 0 0 x x x x x 0 0 0 x x 0 ? 0 0 0 x ? x ? 0 0 x x 0 0 ? x x x x ? x x ? ? ? x 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 ? ? ? x ? ? ? x ? ? ? ? 0 0 ? 0 0 0 ? ? x 0 x 0 0 ? 0 ? ? 0 ? x ? ? ? 0 0 x 0 0 0 0 ? 0 x 0 0 0 0 0 ? ? x 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 x x 0 ? 0 ? x x 0 x x x ? ? 0 0 0 0 0 0 0 0 0 0 0 x x ? ? ? 0 0 ? 0 x ? 0 0 0 0 0 0 x ? 0 0 0 x 0 0 0 0 ? x x 0 x x x x x x x x 0 ? 0 ? ? ? 0 ? ? ? x 0 0 0 0 x 0 ? 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 x 0 0 0 x x 0 x 0 0 0 0 0 x 0 x x x x x x x x x x x x 0 x 0 x 0 x x x x 0 x x x x x x x 0 x x 0 0 x x 0 x 0 0 x x x x x 0 0 x 0 x x x x x ? ? ? ? ? x ? x x ? ? x x x x 0 0 x ? x x x x x 0 0 x x x 0 0 x x x 0 0 x x 0 0 x x x x 0 ? x x 0 0 x 0 x 0 0 x 0 x x x x x 0 x 0 x 0 0 0 0 x 0 0 0 x 0 x x 0 0 x 0 0 x 0 0 0 x x x x x 0 x x x x x 0 0 0 x x x x 0 0 0 0 x 0 x 0 x 0 x 0 x 0 0 0 0 x x 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x 0 x 0 x x x x x 0 0 0 0 0 x x x x x x x 0 x x x 0 x x x x x x x 0 0 0 0 0 0 x x 0 0 0 x x x 0 0 0 x 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? 0 0 0 ? x ? x ? ? ? 0 x 0 x 0 0 x x ? ? x 0 0 0 ? x x 0 x ? x ? x 0 0 0 0 ? ? x 0 x x x x 0 x x 0 0 0 x x 0 0 x x x x ? x x x 0 ? ? x x x 0 0 0 x 0 0 0 0 x x x x 0 0 0 0 x ? 0 0 x x x x x x x x x 0 ? x x ? x x x x x x 0 x x x 0 0 x x 0 0 0 0 0 0 ? ? x ? ? 0 x 0 0 0 0 0 0 0 0 x x x x x x x x x x ? 0 x x ? 0 x 0 x 0 0 0 0 0 x x 0 0 0 0 0 x ? x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 ? 0 ? ? 0 ? 0 x ? 0 x 0 0 ? x 0 x 0 0 x ? x 0 0 ? ? ? ? ? ? ? 0 ? ? x ? x ? 0 0 x x x x 0 0 0 x x x ? x x ? ? ? ? x ? x ? 0 ? ? 0 ? x 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 x x 0 ? x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Crysteb.BA
  • Kryptik.UBWB
  • Rugmi.GD
  • Stealer.KF

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserName

Trending

Most Viewed

Loading...