Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.LF

Trojan.Rugmi.LF

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Rugmi.LF
Signature status: No Signature

Known Samples

MD5: 2a95ad72c92a85ace654e6fdf920880f
SHA1: 48d276c23fb7f8ff71e20bae58156eb6c349e71d
SHA256: 38A87D275385DDBF0149ED3A1FD777F190E77B90C2415C1CFD1CB7DFA0A2463C
File Size: 3.16 MB, 3160442 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Oleg N. Scherbakov
File Description 7z Setup SFX (x86)
File Version 1.4.0.1795
Internal Name 7ZSfxMod
Legal Copyright Copyright © 2005-2010 Oleg N. Scherbakov
Original Filename 7ZSfxMod_x86.exe
Private Build June 27, 2010
Product Name 7-Zip SFX
Product Version 1.4.0.1795

File Traits

  • 7-zip Installer
  • 7zSFX
  • Installer Manifest
  • Installer Version
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\dik.ymo Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dik.ymo Synchronize,Write Attributes
c:\users\user\appdata\local\temp\hashrate-supervisor16.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hashrate-supervisor16.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\iert.dwhp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\iert.dwhp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msvcr100.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msvcr100.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\python34.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\python34.dll Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\videouploader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\videouploader.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Voacnlkl\AppData\Local\Temp\Hashrate-Supervisor16.exe

Trending

Most Viewed

Loading...