Trojan.Shellcode.FEA
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Shellcode.FEA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3ad03edc550b5f4241b60af1cdba0f4e
SHA1:
0c1ad65361991ace9724aa91a680ce8ad379950d
SHA256:
6D4004BFBBB6F991484C5D68F395BA1972F9F675BA99C6BF88BBF2D3FA6A0011
File Size:
137.03 KB, 137027 bytes
|
|
MD5:
80da5f6020b2ed45f2875ef486cd7f13
SHA1:
1ed2c8a08c08034d9a558ad3928db276187613b2
SHA256:
CE6F9FC85AC1DFCCCAA7999FDD11E1ACC3408232400140D08E01BB0BF526EC0C
File Size:
134.58 KB, 134581 bytes
|
|
MD5:
3f7477f2cc31b30dcfadf9a6257beadf
SHA1:
c8ad2a7b0a72e6bf6596787356b9018dce88dc5c
SHA256:
11695351D80BDD8BE5CFD3491CBE440F31A0B67864DCC31FB52586760660ED44
File Size:
133.29 KB, 133291 bytes
|
|
MD5:
c34eef28a5ed5c0d312801bfdec75b46
SHA1:
d1bad7d824daae198f41542e349b3398e87d6dfa
SHA256:
6D54740BDCA5ECCB7C2CB72FC08B576C09DA79935DD6BCA2397AC53673710C3B
File Size:
129.02 KB, 129017 bytes
|
|
MD5:
41b055365fcd32b32969dd472535e61d
SHA1:
321e1b6b1885d1fb4a46c255adb7e4365aedb43c
SHA256:
6E18DE916B0ED519667E0B1B9F65AEC0DB507329B60224D0DCAC150424B63C60
File Size:
132.86 KB, 132859 bytes
|
Show More
|
MD5:
0ad3dab64c33848d0ac8e06eefdfa2c0
SHA1:
4fdded1c496ea16571c5626fd338d73be6512c26
SHA256:
92E3D0E549202EDFA22245F704815622D949AE14B67233EB2E2951FDD345A766
File Size:
131.25 KB, 131247 bytes
|
|
MD5:
091e5aef52c1b87f82b79ea44a4d3f32
SHA1:
6b6ed63af9a904b5f71629fff836a9a76fb9e89a
SHA256:
30B7E376BBEAE7BE924FA0CDC76A984ED5DEDC5F554D3F0CBC026AF563946B8A
File Size:
134.58 KB, 134581 bytes
|
|
MD5:
1685594e9acc8fc34d537449e6d3e78f
SHA1:
39405f4ca8d8094af6f13a0c44331023443cf20f
SHA256:
7857A2F60906644C0677EF6BCBB9CF4DF11895BA70691AB975783865A5DE91A0
File Size:
133.29 KB, 133291 bytes
|
|
MD5:
0760f779d2a65bea4f353e56f1e14755
SHA1:
45ec2b7c0d5fc35212a8fa15625acdd3224f0999
SHA256:
02B8739EE004824B7D87C7CC18DFAC23A069BFD63270CD008D69BBFF55157604
File Size:
129.02 KB, 129017 bytes
|
|
MD5:
2697e36e63c1f05664446b2f623d0761
SHA1:
7a0d74340a5334fe9fcb472df929814890e7829b
SHA256:
2EFC1ADAE36072A465E759F4A8D7AC61F8389182A3C0C33DAB230C086DEC0F49
File Size:
138.06 KB, 138057 bytes
|
|
MD5:
f89b4a93b25fde4fc6c81e0a1e424153
SHA1:
778269fd9e9826beccdd352e20548bb8cfd93ce4
SHA256:
D48957E1DEB07AAA251308653A5FE962631EB89D4179587DAC664AEF7C8B54BC
File Size:
136.53 KB, 136535 bytes
|
|
MD5:
27013001cbdb347b2d4ea37f22964cce
SHA1:
01a2d0529470fe1ff3b63756be6fd569cf4f1f69
SHA256:
DE98DD900D07A10980AEB74CDBD5B27B37862E29B99B25F9D8F54ADBC253F562
File Size:
164.95 KB, 164952 bytes
|
|
MD5:
14dda38947b13f64fe337ac894d49578
SHA1:
25cf60fe976b563f6a93b165025f28486dd5167b
SHA256:
6D4EF9236B6908B0C17DF5DE681ABE1049397D52CAF1382DAFF610325B1C766D
File Size:
158.49 KB, 158488 bytes
|
|
MD5:
d5f5d8e5368aec89e8e0056217589b81
SHA1:
40ab67352cd6bd022c4612ba884d507147510253
SHA256:
F62C70141F278E3AF6D94ADB4026B2700DE534954DE664336EE028FD27387A8D
File Size:
128.80 KB, 128801 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 103 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 102 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.FRWR
- Agent.GOD
- Agent.IFGF
- Agent.KORA
- Agent.KPEC
Show More
- Agent.KPED
- Agent.KPSF
- Agent.PDFA
- Agent.PDFD
- Agent.PDFE
- Agent.PDFG
- Agent.RAC
- Agent.UFSF
- CobaltStrike.FSC
- CobaltStrike.GP
- Downloader.Agent.RCA
- HackAgent.GT
- LockScreen.IA
- LockScreen.KA
- Metasploit.Gen.H
- Phave.D
- ReverseShell.GDA
- Rozena.FDA
- Rozena.XV
- Shellcode.FEA
- ShellcodeRunner.FO
- ShellcodeRunner.RF
- ShellcodeRunner.RFA
- ShellcodeRunner.RFB
- Trojan.Agent.Gen.AFP
- Trojan.Agent.Gen.ALS
- Trojan.Agent.Gen.BBK
- Trojan.Agent.Gen.BEU
- Trojan.Agent.Gen.FK
- Trojan.Agent.Gen.ME
- Trojan.Agent.Gen.OE
- Trojan.Agent.Gen.OF
- Trojan.Agent.Gen.PO
- Trojan.Injector.Gen.DIU
- Trojan.Kryptik.Gen.AZJ
- Trojan.Kryptik.Gen.BDJ
- Trojan.Kryptik.Gen.CGG
- Trojan.Kryptik.Gen.CMI
- Trojan.Kryptik.Gen.CWB
- Trojan.Kryptik.Gen.KR
- Trojan.ReverseShell.Gen.AC
- Trojan.ReverseShell.Gen.F
- Trojan.ReverseShell.Gen.V
- Trojan.ShellcodeRunner.Gen.DS
- Trojan.ShellcodeRunner.Gen.FR
- Trojan.ShellcodeRunner.Gen.LA
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
|
