Trojan.Rugmi.OO

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Rugmi.OO
Signature status:	Hash Mismatch

Known Samples

MD5: 5933b5d58fb70ac4d505088e5f1f3624

SHA1: a6c82dbb97bed8ca1c3d5da9d39af380e4407cfb

SHA256: 261412AA093D557633337055831B46CA4777EDF0692B65C50C3D7E5B8BACF791

File Size: 1.07 MB, 1065984 bytes

MD5: 87a5d2bc276557988a4284a5d97b7b2b

SHA1: aba1427306addfcf12d0368c9d2a4c04cec21df2

SHA256: 49AB2E9805C8BE61ECE1FBBE19E4E4FAA8D30D9660075C98F1024714D900CEF3

File Size: 6.77 MB, 6766564 bytes

MD5: 651615d9e7c48ffd071338d053a42833

SHA1: 15a32b3a3eff12e9eca7b8f517b6f45a7d3882d8

SHA256: 486A27D4F7C750B748CC8A69106D707508FB54760894D8B46BD01572511D7D7C

File Size: 1.07 MB, 1065984 bytes

MD5: 7146558848afa3059b91d03e731ad437

SHA1: d254062d7053568101578829dd0d93138900aac3

SHA256: 7C9925347A515E19500524AA1C9E2A331345DAB92AB7FC9A95CD226377E3C829

File Size: 7.31 MB, 7306080 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Cryptlex, LLC.
File Description	LexActivator
File Version	3.19.1
Internal Name	LexActivator.dll
Legal Copyright	Copyright (C) 2020 Cryptlex, LLC.
Original Filename	LexActivator.dll
Product Name	LexActivator
Product Version	3.19.1

Digital Signatures

Signer	Root	Status
Shenzhen Tengke Technology Co., Ltd.	GlobalSign Code Signing Root R45	Hash Mismatch

File Traits

2+ executable sections
dll
HighEntropy
x86

Block Information

Total Blocks:	13,646
Potentially Malicious Blocks:	43
Whitelisted Blocks:	7,383
Unknown Blocks:	6,220

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 x 0 ? x x ? 0 0 0 0 ? ? ? ? x 0 0 0 x 0 0 0 ? ? x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? 0 0 0 0 0 x 0 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 ? 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 1 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 1 1 1 1 1 1 1 1 1 1 1 1 ? 1 1 1 1 1 1 1 ? ? ? ? 0 ? 0 0 ? 0 ? 0 0 ? ? 0 0 ? 0 0 ? 0 ? ? 0 0 ? ? 0 0 0 0 ? ? 0 ? ? ? 0 ? 0 0 ? 0 0 0 ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? 0 ? 0 ? ? ? 0 ? ? ? 0 0 ? 0 ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? 0 0 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? 0 ? ? 0 0 ? ? ? 0 ? 0 0 0 ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 0 ? 1 1 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? 0 ? 0 ? ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 0 ? 0 ? 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 ? 0 0 ? ? ? ? 0 0 ? ? 0 0 0 ? ? 0 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? ? ? 0 0 0 ? 0 0 ? ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 ? 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? x 0 0 ? 0 ? ? 0 ? ? ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 x 0 ? ? 0 ? ? ? ? 0 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Rugmi.FC

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtCreateThreadEx ntdll.dll!NtDuplicateToken Show More ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a6c82dbb97bed8ca1c3d5da9d39af380e4407cfb_0001065984.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15a32b3a3eff12e9eca7b8f517b6f45a7d3882d8_0001065984.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d254062d7053568101578829dd0d93138900aac3_0007306080.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Rugmi.OO

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Troj/Bredo-RK

PUP.MSIL.Dumper.A

Captcha2u22.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...