Trojan.Rugmi.PG

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Rugmi.PG
Signature status:	Hash Mismatch

Known Samples

MD5: 942bab1d080fab2998f2ecad541483cd

SHA1: 4b649cdc61ebf505d1e0f093e7d232b9627af70e

SHA256: 45BE212A6934E5F0C8925C1397D3BD86CA3CC605B08AE6891270AD36B350EA75

File Size: 138.14 KB, 138144 bytes

MD5: 4bf80b7b46c4975b3d9f81c3e602889f

SHA1: 8aaf71c6501dc499bc969b637b38875ae61c050e

SHA256: 725ED3A6DA2DEEBCA3E9B4C1A9732E54BA1CA1D4CECB2FA0B9F1BAA99A63FB6F

File Size: 361.47 KB, 361472 bytes

MD5: 3b974a81be016bbf4ef2c1fd0a54b9c4

SHA1: fe1a3a2c7c91cfeaf93bedd10d5a6cdb77ddc6d0

SHA256: A14F474E41C9A2EEC82E9D914FDA660FAEADF9BCEDE2345CE5B4832E6F70B017

File Size: 138.14 KB, 138144 bytes

MD5: adb200d6d0f461d318e43287caffae4f

SHA1: f78c68cf788c39d6cd945ce54191abcf4deba036

SHA256: 41B77998223A23D8896727DCFF00B6AADACD2FD151D175184C9D8B50A17411AC

File Size: 555.08 KB, 555080 bytes

MD5: 7f89d502e2203060834f2855cbbb4aa8

SHA1: cd3ac6a1ba7f695625a18046805df947979fa29a

SHA256: 3FCA3B8B27D9BB441662F398B70EA02C986845353D636F9E488A35061FDC07F2

File Size: 555.08 KB, 555080 bytes

MD5: 35f9a9405000d95f803764f814e0ae09

SHA1: cd847d7373604c0453ba0fc7b99e145136c132e4

SHA256: CF824813C9CE23EE477DD6610B20E8FE86F72E58F3AFADDE5AF21D8FF89464D5

File Size: 138.14 KB, 138144 bytes

MD5: 6aa0ad50410e1a86002e1b15717811c9

SHA1: c547926553e7f837a257c2b2ea30bc3b264e1fdb

SHA256: A88D54FB3FB17152E57A11B7AA1A159150E902658CF60F6E3412DB24760B8C65

File Size: 1.12 MB, 1115256 bytes

MD5: 4ec496ad212e2ccf1e849fde8144136e

SHA1: 9f880ffdabc1e2d014f9abaef4a74ab5859d333e

SHA256: 1DB1EB4622E1781B7461D37DE7AD99A885125795BB1152F4B1261D0E59114499

File Size: 555.08 KB, 555080 bytes

MD5: 6a93de7b6a23b7f302876124ae75a316

SHA1: 29877bb033c523d472458c5388e36ccdf966a493

SHA256: 482F63DA965AAE42F19FC9C1FF3B6D12F52682F1409DF20FF2873ECD742C536E

File Size: 555.08 KB, 555080 bytes

MD5: 32cd09287ffe4301bde5bd25b1af9dbb

SHA1: 3943200493c58501b567e1cdd8cdb552c202b84d

SHA256: 55614FAB0EE8F061C2DF1F6A1227E3B713DE13E866A5E443FE4BEB8535F52E59

File Size: 555.08 KB, 555080 bytes

MD5: b6b2f9306e1467a73e392b5e99eb0612

SHA1: fe7a9f6d4f202f57943d97fdc580d236608b23ad

SHA256: A959D91601C648C00A7EF795B74961AA805E3F55578D06B2B6656C2943F46D4E

File Size: 805.41 KB, 805408 bytes

MD5: 2437c10877220275c207bbe70c65d0b3

SHA1: cca75819d4822519bd008b218d1ea90d9b9658e0

SHA256: 963C26B83526B4846107C450647828A94DA5C803EAC37AEAAF3612BA8FD5B691

File Size: 669.80 KB, 669800 bytes

MD5: e192a8f7d934e7c4de0da3884511aace

SHA1: 2329d0294716fe06bbfc96379b9fb44c757f5d93

SHA256: CA94FBBBEF0635346DB7CA84C3F6DD4FE7D1BC7C19A77B973AC930964AA5FB35

File Size: 669.80 KB, 669800 bytes

MD5: 00d747264e5373bddd6bc7633508434a

SHA1: ed6acdaea96fe9f15e0393060d9d91198ce2a8c2

SHA256: 14C56050DBF5ECB00E9C230FA488F7BE6DA55FF3752BA90641635449795606F8

File Size: 138.14 KB, 138144 bytes

MD5: 01e1d97371a63ac619af2b2e91d15fd4

SHA1: 756e458f5497521a3ab9dc7fe4cf70022d59dd2a

SHA256: E20B71607E071734973CECAF8121A3034E202135C8AD35F2FB08AADF160BA0A4

File Size: 421.92 KB, 421920 bytes

MD5: c4377955a26e4563b9e873761a3f1c6a

SHA1: 75ddd661383fcc2103f6ff75268f7d84ddccfe3d

SHA256: 29450A827229FB42A9F485C5E42A5361EF3DDCC2F30E335ED20F9AE9F2105235

File Size: 369.92 KB, 369920 bytes

MD5: d9e2aa73bfb6c2387c0db0cfcc9322c3

SHA1: 0d4361350016f3f414c8792f984080f20693ccfa

SHA256: 92BC30B73A347F9380FD9A1A332DA7895EAD1F8470FF05B922600C2695B97184

File Size: 996.56 KB, 996560 bytes

MD5: 7c68ee53be68e79878d1ba6e22755e31

SHA1: 4ad43ef6c116ff96cd9a06df33ae3ad9db8e77ea

SHA256: C594D603E5B06168CA6DA3A90F59D9216B28E0BE392EF1355A970093AC527A77

File Size: 138.14 KB, 138144 bytes

MD5: 5e6bc0e0ced418634e28e3bf4654bdca

SHA1: 6a68974f838f342d3aaeafafd327a49a7fa1e5cc

SHA256: 5D00EBB7D6D11EC9053E3C6874F813904EB8D1C96369416DF6FBDB58510264A6

File Size: 996.56 KB, 996560 bytes

MD5: edcd74c3e37f2928e84b7879e4800e76

SHA1: 2d4474bf8373588a8485688bfe79b24d797f2ef8

SHA256: 4B41FDBE135EF04839FCAE5CCE9AB480F01F2EF2BC1D699CC4C3250E25D13C9E

File Size: 669.80 KB, 669800 bytes

MD5: 826563feffa6e33265eeb760986ae6cc

SHA1: c4bc6f36de50e332438001d5e6c9b703925a8256

SHA256: 4152FE1B7B1B8D1A49FD816999BC23EA34F9C6D5D8FFB7FDB2BD30DE5B2C536C

File Size: 369.92 KB, 369920 bytes

MD5: dd73a3987bd00703b5506a2691b6858b

SHA1: 384ebc7c357a8c58d690beb7d3e0e4d97f19f014

SHA256: EA2E2703D6F2C66BDFEF24F9A45B4637DE55FACB857562AE498253BC32270D41

File Size: 555.08 KB, 555080 bytes

MD5: 525c2e3f679720a039574bde111f0330

SHA1: aa9d5cfd60f385b370398090959647a160d40be3

SHA256: 378092B7F114903FF80C76910F8D6BD503E1D05DA6BC9B68B4E58913D8E64206

File Size: 555.08 KB, 555080 bytes

MD5: e425c1759d5cffc2ae3a6bba06ab2b75

SHA1: e9ee70b6a79224b37e484782dca5fd2dcb001fb4

SHA256: CE292727154BDC5CA3CAB44F8207A559D23334C0EE8C7CC91337A60BB18DF5E2

File Size: 555.08 KB, 555080 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have resources
File has exports table
File has TLS information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Comments	Intel(R) Integrated Performance Primitives. Core Library. This module is part of Zoner products.
Company Name	Intel Corporation. Microsoft Corporation RapidSolution Software AG The curl library, https://curl.se/ The OpenSSL Project, http://www.openssl.org/ The Qt Company Ltd The Qt Company Ltd. ZONER software
File Description	C++ Application Development Framework C++ application development framework. CDWizard Library Module Conduit.Broker [v10.88] ippcore-7.0.dll is the core dynamic library libcurl Shared Library OpenSSL shared library Zoner support library
File Version	18.0.1.10 10.88.2411.08001 8.4.0-DEV 7,0,205,1022 5.14.2.0 5.7.0.0 1.2.3306.0 1.1.0e
Internal Name	CDWizard Conduit.Broker ippcore-7.0.dll libcurl libssl-1_1
Legal Copyright	Copyright (C) 2015 The Qt Company Ltd. Copyright (C) 2020 The Qt Company Ltd. Copyright (C) Daniel Stenberg, <daniel@haxx.se>. Copyright(C) Intel Corporation, 1999-2011 Copyright 1998-2016 The OpenSSL Authors. All rights reserved. Copyright 2006,2007 Copyright © 1995-2016 ©Microsoft Corporation. All rights reserved.
Legal Trademarks	Zoner is trademark of ZONER software
License	https://curl.se/docs/copyright.html
Original Filename	CDWizard.dll Conduit.Broker.dll ippcore-7.0.dll libcurl.dll libssl-1_1.dll Qt5Network.dll
Product Name	CDWizard Library Module core. Intel(R) Integrated Performance Primitives. Core Library. Qt5 Test Authoring and Execution Framework The curl library The OpenSSL Toolkit Zoner support library
Product Version	18.0.1.10 10.88.2411.08001 8.4.0-DEV 7.0 build 205.58 5.14.2.0 5.7.0.0 1.2.3306.0 1.1.0e

Digital Signatures

Signer	Root	Status
Planestate Software AB	COMODO RSA Code Signing CA	Hash Mismatch
ORANGE VIEW LIMITED	DigiCert High Assurance EV Root CA	Hash Mismatch
Audials AG	DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1	Hash Mismatch
Plex, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Intel(R) Software Products	Equifax Secure Certificate Authority	Hash Mismatch

Microsoft Corporation	Microsoft Code Signing PCA 2011	Hash Mismatch
ZONER software, a.s.	Symantec Class 3 Extended Validation Code Signing CA - G2	Hash Mismatch
The Qt Company Oy	thawte SHA256 Code Signing CA	Hash Mismatch

File Traits

dll
HighEntropy
ntdll
x86

Block Information

Total Blocks:	832
Potentially Malicious Blocks:	610
Whitelisted Blocks:	216
Unknown Blocks:	6

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x 0 x 0 0 0 x x 0 x x x x x x 0 0 x x x x x x x 0 x x x x 0 0 0 0 0 0 0 x x 0 0 0 x x x x x x x x 0 0 x x x x x x x 0 0 x x 0 0 0 0 0 x 0 x x x 0 x 0 0 0 0 x x x x x 0 x x 0 0 0 x 0 x x 0 x x x x x x 0 x x 0 x x 0 x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x x 0 0 x x x x x x x 0 0 0 x x 0 x 0 x x x 0 0 x 0 x x 0 x x x x x x x x x x x 0 0 x x x x x 0 0 x x 0 0 x x x x x x x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x 0 x x x x x x x x 0 0 0 0 x x 0 x 0 x 0 x x 0 0 x 0 x x 0 0 x 0 x 0 x 0 0 x 0 0 x x 0 0 0 0 0 x x x 0 x x 0 x x x x 0 0 x x x 0 x x 0 0 x x x x x x x x x 0 x 0 x 0 x 0 0 0 0 x x x 0 0 1 x x x x 0 0 0 x 0 0 0 x x x 0 0 0 x 0 0 1 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x 0 x 0 x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? ? ? ? ? 0 ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 2 0 0 1 1 0 0 0 0 2 1 0 0 1 0 0 1 0 0 0 0 2 3 1 3 1 0 2 2 1 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Kryptik.YB
Rugmi.FC
Rugmi.FD
Rugmi.FG
Rugmi.FH

Rugmi.LDA
Rugmi.OO
Rugmi.PG
Rugmi.TB
Rugmi.TD

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtProtectVirtualMemory Show More ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4b649cdc61ebf505d1e0f093e7d232b9627af70e_0000138144.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8aaf71c6501dc499bc969b637b38875ae61c050e_0000361472.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fe1a3a2c7c91cfeaf93bedd10d5a6cdb77ddc6d0_0000138144.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f78c68cf788c39d6cd945ce54191abcf4deba036_0000555080.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cd3ac6a1ba7f695625a18046805df947979fa29a_0000555080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cd847d7373604c0453ba0fc7b99e145136c132e4_0000138144.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c547926553e7f837a257c2b2ea30bc3b264e1fdb_0001115256.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9f880ffdabc1e2d014f9abaef4a74ab5859d333e_0000555080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\29877bb033c523d472458c5388e36ccdf966a493_0000555080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3943200493c58501b567e1cdd8cdb552c202b84d_0000555080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fe7a9f6d4f202f57943d97fdc580d236608b23ad_0000805408.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cca75819d4822519bd008b218d1ea90d9b9658e0_0000669800.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2329d0294716fe06bbfc96379b9fb44c757f5d93_0000669800.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ed6acdaea96fe9f15e0393060d9d91198ce2a8c2_0000138144.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\756e458f5497521a3ab9dc7fe4cf70022d59dd2a_0000421920.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\75ddd661383fcc2103f6ff75268f7d84ddccfe3d_0000369920.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0d4361350016f3f414c8792f984080f20693ccfa_0000996560.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4ad43ef6c116ff96cd9a06df33ae3ad9db8e77ea_0000138144.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6a68974f838f342d3aaeafafd327a49a7fa1e5cc_0000996560.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2d4474bf8373588a8485688bfe79b24d797f2ef8_0000669800.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c4bc6f36de50e332438001d5e6c9b703925a8256_0000369920.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\384ebc7c357a8c58d690beb7d3e0e4d97f19f014_0000555080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aa9d5cfd60f385b370398090959647a160d40be3_0000555080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e9ee70b6a79224b37e484782dca5fd2dcb001fb4_0000555080.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Rugmi.PG

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trojan.Rugmi.PGA

Trending

Nextgeeker.com

Mr Beast Discord Scam

Bear Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen