Trojan.Shutdowner.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 17,177 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 24 |
| First Seen: | July 31, 2024 |
| Last Seen: | March 9, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Shutdowner.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0c9822727b6fb2221a42c333c87004ec
SHA1:
411b8fc5451dd6c6857a699d03cf3ca95ec064a1
File Size:
131.00 KB, 131000 bytes
|
|
MD5:
e1681e1a53d9917c23051f02cb5ba660
SHA1:
8d6f882da5a7e6c5603cddeebbad4934f46af754
SHA256:
855519B836A38DD8ADE85AB57EC5781E443D81771A69CDB1FBDDFD59CC175CB7
File Size:
131.00 KB, 131002 bytes
|
|
MD5:
a9377d5b8f167e11c11dc3c2b10e465c
SHA1:
134fd7739fd9375d77dc2e48b66a73714f1ed93b
SHA256:
309ACDB1D29FDEC388F596783E9B530BD13FD4558ED14172F083AEA7A465522C
File Size:
131.00 KB, 131000 bytes
|
|
MD5:
2a096543192424535c588b06f9be1c3b
SHA1:
27c6197af968f1642712baeb0c4642e148d05720
SHA256:
3B350288661A457568561D08BC57CE66C07CDEF1F16DC443F3C5055D532B958A
File Size:
131.00 KB, 131002 bytes
|
|
MD5:
81afbff2ff17afdddf0e7e38ce5d9be3
SHA1:
a2f9dfd23dd3f4716a1960af672af370e0f3c31f
SHA256:
777DCED9EF3A7649701838465C76DFEE12170B6DA6A036A72E29EBBC9EDB80F8
File Size:
131.00 KB, 131002 bytes
|
Show More
|
MD5:
ede514b27ad4f5be598392b755f4f061
SHA1:
b3bba6f4591f20a745d2edc065b3d30eddbbde70
SHA256:
434E67C60EF3A79C00A3694E1FB6C6600909820C46648192E0DF1C65B59E7F61
File Size:
131.00 KB, 131000 bytes
|
|
MD5:
afc688a88157222fafd10d4783e143dc
SHA1:
a46482e04f9a73ea6666b32ff086519febfe65d4
SHA256:
465BCF027AFEAC5E40E763A8F72EC96E74F69861DC00005D8C1F4BFC13A7281C
File Size:
156.84 KB, 156844 bytes
|
|
MD5:
41f02fa04a8b9aae18d25135038e826d
SHA1:
610cf2f447b55487989ece73c25be145382d9836
SHA256:
C9E9B394160579B82248820CBFCBA56B5A61F84B4B63D574DC9817E65E1FFBA5
File Size:
131.04 KB, 131036 bytes
|
|
MD5:
e9c844581c153e2d0e21e9ec259a8147
SHA1:
31df24113a5fec2d1ef21242074fff4b8d3b761d
SHA256:
D4BA93CB92DE7CD436974BCF37AA26186DD884059A877C01448843B76FC69969
File Size:
131.00 KB, 131002 bytes
|
|
MD5:
f2e44ca9a45f1b1fe1bbf756aed3bd2c
SHA1:
4dad49f6543dd8eec666984ee32f592e32eea5f0
SHA256:
44BECCB65B30443E828BEA276A0C1162DF07FE5FCC634767CEF6AB06DE592098
File Size:
131.00 KB, 131002 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 115 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 114 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.JGE
- Agent.KJSA
- Agent.KPEC
- Agent.LPG
- BadJoke.FKA
Show More
- BadJoke.GF
- BadJoke.LMD
- BadJoke.LME
- Badjoke.FDA
- DiskWriter.R
- Diztakun.P
- Rozena.BU
- Rozena.FTA
- Rozena.TEH
- Rozena.TXA
- Rozena.UAA
- Rozena.XT
- Rozena.XTA
- ShellcodeRunner.DR
- ShellcodeRunner.XK
- Shutdowner.B
- Trojan.Agent.Gen.ASX
- Trojan.Agent.Gen.TJ
- Trojan.ShellcodeRunner.Gen.BW
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
