Trojan.Spy.Agent.BP

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Spy.Agent.BP
Signature status:	No Signature

Known Samples

MD5: 535a9b870f9ef872b6ed8fef3beab8da

SHA1: c4664dbbce504b538c4ac0706d690916283c47d5

SHA256: 8201551520D88DA852863C340230DA37FEFF7E3F0A99D983C29BAF315AF37A49

File Size: 147.97 KB, 147968 bytes

MD5: 7a3a14b78bca9a80e1b67b7a4c8c2eda

SHA1: 7192c6aea68aa66a3757b078e1f8552a153e25ed

SHA256: 6BEEEFFD74398FB4435004503348C210C838F3D6F955B7DBA54A85E9AE5CEAB3

File Size: 137.22 KB, 137216 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

No Version Info
VirtualQueryEx
x64

Block Information

Total Blocks:	54
Potentially Malicious Blocks:	48
Whitelisted Blocks:	2
Unknown Blocks:	4

Visual Map

x x x x 0 x ? x x x x x x x x x x x x x x x x x x x x x x x ? x x ? x 0 ? x x x x x x x x x x x x x x x x x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Trojan.Agent.Gen.ADE
Trojan.Agent.Gen.SN

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	143.0.3650.80	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateKey ntdll.dll!NtCreateSection ntdll.dll!NtCreateThreadEx Show More ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtEnumerateKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest
User Data Access	GetComputerName GetUserName
Process Shell Execute	CreateProcess
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Terminate	TerminateProcess
Anti Debug	OutputDebugString

Shell Command Execution


							"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --log-level=3


							"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --headless --log-level=3


							"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --log-level=3

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Spy.Agent.BP

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Traffic-media.co

Trojan.Agent.OPA

Streaming Lab Tab

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...