Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.Y

Trojan.Rugmi.Y

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 7,652
Threat Level: 80 % (High)
Infected Computers: 217
First Seen: August 9, 2024
Last Seen: April 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Rugmi.Y
Signature status: Hash Mismatch

Known Samples

MD5: 237811635df1572b58bf15cbea39a133
SHA1: 4233e1d30b9fe981a0ded8a03c572799f728cb37
File Size: 5.96 MB, 5955608 bytes
MD5: 063981817daa45594e9666cfc8bc4c70
SHA1: 788be3ac950220e8872a4b500d7eab0357eef2a1
SHA256: 3235922CA4037D604567182877CE67B3289FC2894346BDF131CD5420561446E5
File Size: 301.06 KB, 301056 bytes
MD5: b5ed745252e3e3a2491037acd4bc4f1e
SHA1: 445041d123f1bad9211e8fc63bd06393a4f5eb22
SHA256: F2653DCB67EE623E3714291D77BCAFB38A0D095AD03ED043FB3D8CB51D44AEFD
File Size: 60.93 KB, 60928 bytes
MD5: d715c0194f290367dec532eacebffef2
SHA1: aa828e837d79b688795dfd2c185e060d8a127edc
SHA256: D9AEE48A72F9311B68EE9E1CD7F7BB376316148E6A4FA421DB146E8950848EE2
File Size: 729.54 KB, 729543 bytes
MD5: f7727214f56e79031e0231f6ba9f0431
SHA1: efa4f83fb1a00058d2e991e52a4e95df7880549d
SHA256: 9D470C084800BEABCA5F4F7514AACB6F2202144D9C849323AA668042693266E3
File Size: 60.93 KB, 60928 bytes
Show More
MD5: fbe35391764d6e035896aa777cd9ad8b
SHA1: 8f03590cf29a36d29ba0d46294eecf8a73d4f633
SHA256: 6E74CD76635ADAF8D34B1D80DED21E880753EAFADEF2FAE911E10646AC3CE17F
File Size: 651.26 KB, 651264 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Alexander Roshal
  • DivX, LLC
  • iTop Inc.
  • Oleg N. Scherbakov
File Description
  • 7z Setup SFX (x86)
  • DivX Download Manager
  • iTop datastate
  • RAR decompression library
  • Runtime Library
File Version
  • 7.1.0
  • 2.0.0.1
  • 1.4.0.1795
  • 1.2.0.195
  • 1, 0, 3, 4
Internal Name
  • 7ZSfxMod
  • datastate
  • DivX Download Manager
Legal Copyright
  • Copyright © 2005-2010 Oleg N. Scherbakov
  • Copyright © Alexander Roshal 1993-2024
  • © 2000-2011 DivX, LLC.
  • © iTop Inc. All rights reserved.
Legal Trademarks iTop Inc.
Original Filename
  • 7ZSfxMod_x86.exe
  • datastate.dll
  • DivXDownloadManager.dll
  • Unrar.dll
Private Build June 27, 2010
Product Name
  • 7-Zip SFX
  • DivX Download Manager
  • iTop Data Recovery
  • iTop Screen Recorder
  • RAR decompression library
Product Version
  • 7.1.0
  • 2.0.0.1
  • 1.4.0.1795
  • 1.2.0.195
  • 1.0.0.0

Digital Signatures

Signer Root Status
XII CNC Inc. Class 3 Public Primary Certification Authority Hash Mismatch

File Traits

  • big overlay
  • dll
  • HighEntropy
  • x86

Block Information

Total Blocks: 1,696
Potentially Malicious Blocks: 407
Whitelisted Blocks: 1,274
Unknown Blocks: 15

Visual Map

x x x 0 0 0 0 0 0 0 x x x x x 0 x x x x 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 x x x x x 0 0 x 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 x x x x x x x x 0 x x 0 0 0 x 0 x 0 x 0 0 x x x x x 0 x x x 0 0 0 0 0 0 x x x x x x 0 x x x x x x x x x x 0 0 x x x x x x 0 x x x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 x x x x x x x 0 0 x 0 x 0 x x x x 0 0 0 0 0 x x x x x x x x 0 x x x x x x x x x 0 x x x x 0 0 x 0 0 x 0 x x x x x x x x 0 x x x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x x x x x 0 0 x x x x x x 0 0 x x x x x 0 x x x x 0 0 x 0 x x x 0 x 0 x x x x 0 x 0 x x x x x x 0 x x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 x x 0 x x x x x x x x x 0 0 x x x x 0 x 0 0 0 0 0 0 0 x x x 0 x x x 0 0 0 0 0 x x 0 0 x x x x 0 0 0 x x x x x 0 x x x x x x x x x 0 x x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x 0 x 0 x x x x x 0 0 x x x x x x 0 x 0 x x x x 0 x 0 x x x x 0 x x x x x x x x 0 0 x x 0 x x x 0 x x 0 x x 0 x 0 x x 0 x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 0 x x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 x x x x x 0 0 x x 0 x 0 x x 0 x x x x x x x x 0 0 0 0 0 0 0 x x x x 0 0 x x 0 0 x x x x x 0 x x 0 0 0 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 1 0 1 0 1 0 0 0 0 1 1 1 0 2 0 0 1 1 3 2 3 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Rugmi.JC
  • Rugmi.Y

Files Modified

File Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\programdata\mbsdk\7za.exe Read Attributes,Synchronize,Write Data
c:\programdata\mbsdk\divxdownloadmanager.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\mbsdk\fredpreertkan.tzae Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\mbsdk\kildonpluk.nro Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\mbsdk\msvcp80.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\mbsdk\msvcr80.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\c1bf568.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c2ffdb6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicecmdlock Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicecmdlock Generic Write,Read Attributes
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicecmdserializelock Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicecmdserializelock Generic Write,Read Attributes
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicecmdshared Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicelock Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\boost_interprocess\ddm0servicelock Generic Write,Read Attributes
c:\users\user\divxdownloadmanager.dll Generic Write,Read Attributes
c:\users\user\divxdownloadmanager.dll Synchronize,Write Attributes
c:\users\user\fredpreertkan.tzae Generic Write,Read Attributes
c:\users\user\fredpreertkan.tzae Synchronize,Write Attributes
c:\users\user\kildonpluk.nro Generic Write,Read Attributes
c:\users\user\kildonpluk.nro Synchronize,Write Attributes
c:\users\user\msvcp80.dll Generic Write,Read Attributes
c:\users\user\msvcp80.dll Synchronize,Write Attributes
c:\users\user\msvcr80.dll Generic Write,Read Attributes
c:\users\user\msvcr80.dll Synchronize,Write Attributes
c:\users\user\nahimicsvc64.exe Generic Write,Read Attributes
c:\users\user\nahimicsvc64.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

(NULL) C:\Users\Evionfsu\NahimicSvc64.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\788be3ac950220e8872a4b500d7eab0357eef2a1_0000301056.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\445041d123f1bad9211e8fc63bd06393a4f5eb22_0000060928.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aa828e837d79b688795dfd2c185e060d8a127edc_0000729543.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\efa4f83fb1a00058d2e991e52a4e95df7880549d_0000060928.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8f03590cf29a36d29ba0d46294eecf8a73d4f633_0000651264.,LiQMAxHB

Trending

Most Viewed

Loading...