Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.HA

Trojan.Rugmi.HA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Rugmi.HA
Signature status: Hash Mismatch

Known Samples

MD5: 869bc39dd7c87a63bbb1613f2dbfc323
SHA1: e3fe962200dd964c79b909da9747128ed047ce99
SHA256: 37A84AF70FC79265FFE9AA45FD9BAFD092858EEA729FFB1F4D8E714C60674770
File Size: 603.38 KB, 603376 bytes
MD5: a8bee658e80c3a2cb7951b0734ca79cb
SHA1: 28e3de30632d37e397be8125603d7ed6c3740037
SHA256: AB97432D8F502152E0FC9AB448EB22827BDCE19577B976B6455D00E3A0939F64
File Size: 614.40 KB, 614400 bytes
MD5: 335535e7e1a6764462281634321d73bc
SHA1: 40ff6ede8bb467fce0d0c8403b6962592809e020
SHA256: A5EC3263A3F937E4A674BA1BC221058C8C330E13195FC9729D63995D3A3F35B0
File Size: 603.38 KB, 603376 bytes
MD5: dcc7999a2f91dde547836f875b427584
SHA1: 0f727dd29987fc01db85741fc4fa01f6ea38e1d8
SHA256: 3DB406D9FB6BE578DDC32184E680B1B4F5EC0D9B94E12204912AD2B10CD22EF4
File Size: 603.38 KB, 603376 bytes
MD5: 2ec224903d989b3a8f8c575518254d21
SHA1: c4c77e9b9b4d1d5dbdc33000910a89f8da67899e
SHA256: 25EF89B072E18B2781F6FE07B167934C7B7A01630E5F0B388358F40BEE1A5789
File Size: 603.38 KB, 603376 bytes
Show More
MD5: 7bd0dfa3723e065bedb053d1659be134
SHA1: 46872e351c7efdb4eb1c50e3078bb2bf0b4debac
SHA256: 019FDC2A35922B47C887D94D5E0513818DD83E916AE504AAE93BF688388701BB
File Size: 603.38 KB, 603376 bytes
MD5: ea458eb88cb18c6e02899fe51d025c96
SHA1: f89df599bc80e3b8a71c58f2a70de4277fed4335
SHA256: 4181A4BD3AF025815CD3ADD574E8395A7882866A385D778FD26F25062B43D3E6
File Size: 603.38 KB, 603376 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
AOMEI International Network Limited Sectigo Public Code Signing Root R46 Hash Mismatch
AOMEI International Network Limited Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • dll
  • HighEntropy
  • ntdll
  • x86

Block Information

Total Blocks: 1,520
Potentially Malicious Blocks: 631
Whitelisted Blocks: 887
Unknown Blocks: 2

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x 0 x x x 0 0 x x x 0 0 x x 1 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x 0 x x x x x x 0 x x 0 x x 0 x x 0 x x x x x 0 x x x 0 x x x 1 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 x 0 0 x 0 0 x x x 0 x x 0 x 0 0 x x x x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 x x x x 0 0 x x x x x x x x x 0 0 x 0 0 0 x x x x x x x x x x x 0 x x x 0 x 0 x x x x x x 0 0 x x x x x x x x x x x x 0 0 x x x 0 0 x x x x x x x x 0 0 0 x x x x x x x x 0 0 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 x 0 x 0 0 x x x 0 x 0 x x 0 x 0 x x x x x 0 x x x x x x x 0 0 0 x 0 x 0 x x 0 x x x x 0 0 x x 0 x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x 0 x 0 x x 0 0 0 0 0 0 0 x x x x x x 0 0 x 0 0 x x 0 0 0 x x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 x x 0 x x x x x x x x x x x x x 0 0 x 0 x 0 0 x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 x x x x x x x x 0 0 x x x x x x x 0 x x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 x x x 0 0 x x x x x 0 x x x x 0 x x 0 0 x 0 0 x x x 0 x 0 0 x 0 x x x x x x x x x x x 0 0 x 0 0 0 0 x x 0 0 0 x 0 0 x x 0 0 0 x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x x x x x 0 x x x 0 x x x x x x x 0 x 0 x x 0 0 x 0 x 0 0 0 x x x 0 x 0 x x x x x 0 0 0 0 x 0 x 0 x x x x x x 0 x 0 0 x 0 x x 0 0 x x 0 x 0 x x 0 0 x x x 0 x x 0 x x x x 0 0 x x x 0 x x x 0 0 x x 0 x 0 0 x x x x 0 x 0 0 x x 0 0 0 x 0 0 x x x 0 0 x 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 x 0 x 0 0 0 0 x 0 x x x x x x 0 x 0 0 0 0 x x 0 0 0 0 x 0 0 0 x x x 0 0 0 x 0 0 x 0 x 0 x 0 0 0 x 0 x x 0 x 0 0 x 0 x 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 x x x 0 x x 0 x 0 x 0 x 0 0 x x x 0 0 x x 0 0 x 0 0 x x x x x x x x 0 0 0 0 x 0 0 0 x x 0 0 0 x 0 x 0 x 0 0 x x x x x x x x x 0 x 0 0 x x x 0 x 0 0 0 0 0 x x x 0 x 0 0 0 0 0 x x x 0 x 0 0 x x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 x x x 0 0 0 0 0 x x 0 0 0 x x 0 0 x x x x x x 0 0 0 x x x x x x x x x x x 0 0 0 x x 0 x x x 0 x x x x x x 0 x x 0 0 x 0 x x 0 x x 0 0 0 x x x 0 0 x x 0 0 x 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x 0 x 0 0 x 0 0 0 0 0 x 0 0 x x x 0 1 x x x 0 x 0 0 x 0 0 x 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 x 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 ? ? 2 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 2 0 0 1 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\windows\syswow64\log\reg.log Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e3fe962200dd964c79b909da9747128ed047ce99_0000603376.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\28e3de30632d37e397be8125603d7ed6c3740037_0000614400.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\40ff6ede8bb467fce0d0c8403b6962592809e020_0000603376.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f727dd29987fc01db85741fc4fa01f6ea38e1d8_0000603376.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c4c77e9b9b4d1d5dbdc33000910a89f8da67899e_0000603376.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\46872e351c7efdb4eb1c50e3078bb2bf0b4debac_0000603376.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f89df599bc80e3b8a71c58f2a70de4277fed4335_0000603376.,LiQMAxHB

Trending

Most Viewed

Loading...