Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.PGA

Trojan.Rugmi.PGA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,972
Threat Level: 80 % (High)
Infected Computers: 74
First Seen: October 7, 2025
Last Seen: May 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Rugmi.PGA
Signature status: Hash Mismatch

Known Samples

MD5: e9e85be27131fea863e9d3bdb56029c2
SHA1: 4b23938ba81320560e496d4b063432f4bb5e487b
SHA256: 17CDCE13C75E205AAFAE58F23BBC6E7B22E573A0E275000EE7306D373DCE9D07
File Size: 974.21 KB, 974208 bytes
MD5: c83fb9c3435de5a2d90d4cdadfe78ff6
SHA1: 9f402a279a459e088a05619316a7a42caea367b3
SHA256: 85BED34A57BA7EA1BD01CE830F4A6E6C0527C67F855BE0E1D7B5D612EF461ED6
File Size: 1.83 MB, 1825352 bytes
MD5: 25efba0e07c3c90649bec51285ec371a
SHA1: f9e46df4ea2c5cbc065a081b422bbf3f354a3ebf
SHA256: 588C27A8BE32807FD2DC94824A4B9FA62F0F4AFEEBC8A4F073E05DF70E57E7DA
File Size: 4.72 MB, 4717656 bytes
MD5: 8de20a5bef59a23e3b211e23382285b0
SHA1: 72b64c94a366d01bb3bf4cc1a7ed4cd11e7e632a
SHA256: 01F1A82EB17EFCE94D28763E4582597A40692E0025C74EC5CF9D600513EED322
File Size: 223.62 KB, 223624 bytes
MD5: 94b1d34efb234ffca5943fe5b0fc2b17
SHA1: 16b5bddf1dab06c4b107b6f479e6450581f75e19
SHA256: 8968104A0D9A2B7E321ECAFB271BB0319871E2DB2AC0DB29DF96856BEBEA46D6
File Size: 341.95 KB, 341952 bytes
Show More
MD5: e0acc05a8eb863040525e4580c558c35
SHA1: 98cc47990ad18cd10d183e9c9fd5312e08e903d1
SHA256: 488CADDC83490FF5ED91BC56DDB45D9850BC170A345E82D30C4AB83E25DF23F2
File Size: 3.01 MB, 3013590 bytes
MD5: 7f1864ab6a5feb376719ed1376b40c30
SHA1: fccf4fcd38838c646375c3befbde11248851af91
SHA256: C6B0AA2A34A5500FB89FF58948B62083694E3A710B5575D392093B8C455F7704
File Size: 1.76 MB, 1755720 bytes
MD5: 77a7847bab5806f4259045b7f9413ea7
SHA1: 907812320f5f060c36583ca3b96ac52df28bd276
SHA256: 60CF5967B65CA9048450FC35E4BCCF38A20A7A58F1DB3BA9BE2C4316936C50B1
File Size: 6.93 MB, 6927632 bytes
MD5: 32e87a6e7dfc5b822577f635f43c9ffd
SHA1: 3151397d0cf30e2b435a75e65e3040b7efc9633e
SHA256: 535DCE2491E148D38AC2C4F16D3497C09C10C7B5F3784B011582922FC8E4122E
File Size: 2.14 MB, 2142464 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • For more information visit http://libgit2.github.com/
  • FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today's multimedia applications.
  • SQL
Company Name
  • FreeImage
  • Microsoft Corporation
  • Oleg N. Scherbakov
  • SQLite Development Team
  • The OpenSSL Project, https://www.openssl.org/
Division Name Natural Language Group
File Description
  • 7z Setup SFX (x86)
  • FreeImage library
  • libgit2 - the Git linkable library
  • Microsoft® Disassembler
  • Natural Language Hyphenation Service
  • Natural Language Spelling Service
  • OpenSSL library
  • SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
  • XMLRW
File Version
  • 2019.0150.4382.01 ((sql2019_rtm_qfe-cu27-gdr3).240702-0232)
  • 14.44.35207.1
  • 14.0.4763.1000
  • 3.36.0
  • 3.3.2
  • 2, 2, 0, 10
  • 1.7.1
  • 1.4.0.1795
Golden Bits True
Internal Name
  • 7ZSfxMod
  • FreeImage
  • git2-a2bde63.dll
  • libcrypto
  • mshy7fr
  • mssp7en
  • MSVCDIS140.DLL
  • sqlite3
  • XMLRW
Legal Copyright
  • Copyright (C) the libgit2 contributors. All rights reserved.
  • Copyright 1998-2024 The OpenSSL Authors. All rights reserved.
  • Copyright ?2003-2018 by FreeImage
  • Copyright © 2005-2010 Oleg N. Scherbakov
  • http://www.sqlite.org/copyright.html
  • Microsoft. All rights reserved.
  • © 2010 Microsoft Corporation. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Legal Trademarks
  • Microsoft SQL Server is a registered trademark of Microsoft Corporation.
  • See http://freeimage.sourceforge.net
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Original Filename
  • 7ZSfxMod_x86.exe
  • FreeImage.dll
  • git2-a2bde63.dll
  • libcrypto
  • mshy7fr.dll
  • mssp7en.dll
  • MSVCDIS140.DLL
  • XMLRW.DLL
Platform NT
Private Build June 27, 2010
Product Name
  • 7-Zip SFX
  • libgit2
  • Microsoft SQL Server
  • Microsoft® Visual Studio®
  • Natural Language Components
  • SQLite
  • The OpenSSL Toolkit
  • TsFreeImage
Product Version
  • 15.0.4382.1
  • 14.44.35207.1
  • 14.0.4763.1000
  • 3.36.0
  • 3.3.2
  • 2, 2, 0, 10
  • 1.7.1
  • 1.4.0.1795
Raw File Version 3, 18, 0, 0
Raw Product Name FreeImage
Raw Product Version 3, 18, 0, 0
Source Id 2021-06-18 18:36:39 5c9a6c06871cb9fe42814af9c039eb6da5427a6ec28f187af7ebfb62eafa66e5

Digital Signatures

Signer Root Status
ORANGE VIEW LIMITED DigiCert High Assurance EV Root CA Hash Mismatch
Tenorshare Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Tenorshare Co., Ltd. DigiCert Trusted Root G4 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
Show More
LWKS Software Ltd. Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • x64

Block Information

Total Blocks: 6,594
Potentially Malicious Blocks: 775
Whitelisted Blocks: 5,817
Unknown Blocks: 2

Visual Map

x x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 1 x 0 0 x 1 0 0 0 1 x 0 0 0 x 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x x 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 1 0 0 x 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 1 0 0 0 x 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x 0 x 0 0 x 0 0 0 x 0 x x x 0 x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 x x 1 0 0 0 0 0 0 1 0 0 x 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 x 0 x x x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 1 0 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 x 0 x x 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.GAE
  • CsgoInjector.PD
  • Downloader.Agent.BTPC
  • Gamehack.UFB
  • Injector.GDB
Show More
  • Rugmi.PGA
  • Rugmi.RE
  • SpyLoader.L

Files Modified

File Attributes
c:\users\user\appdata\local\temp\ackbreershees.gy Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ackbreershees.gy Synchronize,Write Attributes
c:\users\user\appdata\local\temp\c-drive.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c-drive.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jli.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jli.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\kaemkrat.fpec Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kaemkrat.fpec Synchronize,Write Attributes
c:\users\user\appdata\local\temp\microsoft.intellitrace.profiler.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\microsoft.intellitrace.profiler.dll Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vcruntime140.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 降ȁਪˣ鈯ˣ遙̃豤̃অˣ炑̃濖̃賬̃獖}਷ˣ邯̃뫯ʃ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueryWnfStateNameInformation
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUpdateWnfStateData
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Hsiwykns\AppData\Local\Temp\C-Drive.exe

Trending

Most Viewed

Loading...