Trojan.Rugmi.GE
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Rugmi.GE |
|---|---|
| Signature status: | Hash Mismatch |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
46b8abeee9d7aeae53c4f9f20931cffb
SHA1:
e2361e6f76415b0018a70d805573ed1148c5b704
SHA256:
CE42AD239D792EEE8DDC114E5FA33CD11C8F1EAA4C254988BC98F392F90C7F9F
File Size:
436.22 KB, 436224 bytes
|
|
MD5:
9d38221c1dcf4ec9d994c14930fc7188
SHA1:
6940446798967cf44396e47901e30060c48a26b2
SHA256:
89E7AB631ADFA4050505A2E10C04077B2D38569E7AA279FB8352F4AE8EBF9FE5
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
83cb08b1ce207038fcd63d8b44baacdb
SHA1:
0c5814dd22013f4152b3b6877f16ffb6e3d9a2dc
SHA256:
953FBB66A005DFC4AD91B67AA570F54AFB8A61D0176F0136015773DD36955AD0
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
a8fd0ea53bb6bb5fabd54a47e5c6f921
SHA1:
8352866a8cc87b8855a72cfc9e47ffe00b33199e
SHA256:
CC41C9556ADCB194F3A2E80801EC0DE6861A8EC7E667DAFF69BF4E541534834B
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
f586f11f3191107dda8597b30cfd514c
SHA1:
a80af83230bedb3d2cec849030eee20fee0712a4
SHA256:
5AF18BDF118C0B3907B290A8F31717D511CEE01FB18D1AFA94821E5372192266
File Size:
472.98 KB, 472984 bytes
|
Show More
|
MD5:
d9c63a05aaf87ef2a13169f295c2be3c
SHA1:
9420ab375062d468706c35fcae280d58243edce9
SHA256:
1043D7EDCD035B6F0147F00CE11E20226EFE0E2FBD500585BF5B431631870631
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
fcf09a4425b4ef6c0f9688ed25eb7e3a
SHA1:
18b949953baa1276bf55d3efaf79b258fe8ee6a9
SHA256:
D649CB76921E355F9CC3542EAE434D1DC29661D2DE9CD5E3CCD055F7DCBCC65B
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
57d40b3effd7eddb7e5d158aa3c3de44
SHA1:
e336d1440d742fa2858a38edf388536cdce94f54
SHA256:
20FF163977526BFDEC593D818D583210D16D84A09BDC850ABA581C37FFC2E0C2
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
2136101df587f02635d252dcb3a939d7
SHA1:
d3212bdb6c4987f000e1138d3403d47c061e994d
SHA256:
536FE5F00FE96458A66331C9EC8F123C27CE900C76129C91B29255A2FF88FEEC
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
2eeede3296278f46134e4a9e56002c3f
SHA1:
5fd6504f6743a3340ae98d0473588a860d693a22
SHA256:
649F8DC606F6428A546C9CF107DF1D424035D8723A39F36F5CE089DF9794CF3C
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
9258632793571f029ce5927465ccd5ee
SHA1:
901d79f4cdceaf5b30c3e441b2ca2fe520b60f71
SHA256:
6A8CBF51DE94F65E590559F10A2CB9C30FCC61824F7DD0F58F57D8491BBBAF69
File Size:
6.10 MB, 6101831 bytes
|
|
MD5:
570d7d99d844b1ae0cb069b64e327994
SHA1:
1f81deaf302ff6131090433812afdd7daba1c7bc
SHA256:
C2C6B1611AB4B4277BD581613B35DF0F28BBAFF4BACDA66DF01A40A1C2785761
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
80392f49e8c1ec0a46eef1666bee0940
SHA1:
d7659b741db4e0422386e0d7e3c7e33e3e0d5bbd
SHA256:
F88797710C3BBEECFB0434E4328E6B1CEB6D572005C42FE27417B095D1BEBA6E
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
8e4c167c1f89adc65758187c37844bba
SHA1:
90034e1604e6b3f044d5044b1ef8b0196da549a0
SHA256:
35CEC5BC5A02598970F00FFFC5533738060059D45239B3A354738A3E8A8FCF46
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
735e80edeba9435af76a49d852b68b69
SHA1:
a96055ab8e9eb143a0534b6dc77f629332892217
SHA256:
152EA3DCA4EF34D26007050587D344EDA71C8BD65E1A640423198EE382495077
File Size:
472.98 KB, 472984 bytes
|
|
MD5:
4168145a6ba2fbf27c80ab32f8ceb173
SHA1:
d697317f595e9ded4a7162825bd6ab473f8237ff
SHA256:
40A191D9DF24F960A53E798B11C16C4BE15576716DC351CF6FC7F9ED4E9C1F4B
File Size:
472.98 KB, 472984 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name | setup |
| Legal Copyright |
|
| Original Filename | iconolatry.exe |
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Comodo Security Solutions Inc. | Microsoft Identity Verification Root Certificate Authority 2020 | Hash Mismatch |
| Comodo Security Solutions Inc | Sectigo Public Code Signing Root R46 | Hash Mismatch |
File Traits
- dll
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 460 |
|---|---|
| Potentially Malicious Blocks: | 28 |
| Whitelisted Blocks: | 431 |
| Unknown Blocks: | 1 |
Visual Map
x
0
x
x
0
x
x
x
x
0
0
0
0
0
x
x
0
x
x
0
x
0
0
0
0
0
0
0
0
x
x
x
0
x
x
0
1
0
0
1
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
