Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Downloader.Gen.JK

Trojan.Downloader.Gen.JK

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,401
Threat Level: 80 % (High)
Infected Computers: 11
First Seen: January 20, 2026
Last Seen: June 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Downloader.Gen.JK
Signature status: Hash Mismatch

Known Samples

MD5: 47b53199b7eadb3fa9492ec563710da9
SHA1: 45be1eb66726c7b44bd5082a454ca40fcb86dceb
SHA256: C4BC8BA1D8A3ECE2FE2F2A459FA842F23E80AD4E7BFB708F678BFA1F74985879
File Size: 3.94 MB, 3941648 bytes
MD5: 7c1fa1c5c2fdf2a3360fe61e9aba1879
SHA1: e610af97761ba1373698fc174514570403e2691f
SHA256: 471BA940DC3632E7DDE64D50FC627D69332A486C3339826DF7E7ECF31739E0C4
File Size: 4.93 MB, 4931072 bytes
MD5: 19337e797b6667d9473348e06fea57ae
SHA1: 7154e5ae198a361cef4cc7514400567bc55a189c
SHA256: ED7A4F8C0687522880956CC094E7290ADE1D83293E5B3118F64A9DBC1C7B486E
File Size: 1.76 MB, 1755720 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Comments For more information visit http://libgit2.github.com/
Company Name
  • Python Software Foundation
  • Tenorshare Co.,Ltd.
File Description
  • AnyDataRecoverySDK.dll
  • libgit2 - the Git linkable library
  • Python Core
File Version
  • 3.10.4
  • 2.2.0.2199
  • 1.7.1
Internal Name
  • AnyDataRecoverySDK.dll
  • git2-a2bde63.dll
  • Python DLL
Legal Copyright
  • Copyright (C) the libgit2 contributors. All rights reserved.
  • Copyright © 2001-2022 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
  • Copyright© 2007-2018 Tenorshare Co., Ltd
Original Filename
  • AnyDataRecoverySDK.dll
  • git2-a2bde63.dll
  • python310.dll
Product Name
  • AnyDataRecoverySDK
  • libgit2
  • Python
Product Version
  • 3.10.4
  • 2.2.0.2199
  • 1.7.1

Digital Signatures

Signer Root Status
Tenorshare Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Tenorshare Co., Ltd. DigiCert Trusted Root G4 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch

File Traits

  • dll
  • x64

Block Information

Total Blocks: 6,538
Potentially Malicious Blocks: 2,961
Whitelisted Blocks: 3,569
Unknown Blocks: 8

Visual Map

x x 0 0 x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x x 0 x x x 0 0 0 0 x 0 0 0 0 x 0 x x 0 x x 0 x 0 x 0 0 x 0 0 0 0 x 0 0 x x x x x x 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x 0 x x 0 x x 0 0 0 0 1 0 0 x x x x x 0 x 0 x 0 0 0 0 x x 0 0 x x 0 0 x 0 x 0 x x x 0 x 0 x x x x 0 0 0 x 0 x x 0 0 x x x x x 0 x 0 x 0 x x 0 x 0 x x 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x x x x 0 0 0 0 x 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x 0 0 0 0 0 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 x 0 0 x 0 0 x x 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x 0 x x x x x 0 x 0 0 x 0 0 0 x x x 0 x x x 0 x x 0 x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x 0 0 x 0 x 0 x 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 x 0 x x 0 x 0 x 0 x x 0 0 0 0 0 x 0 0 0 0 x 0 0 x x x 0 x x 0 x 0 0 x x 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 x x x x x x 0 x x 1 0 x x x x 0 x x 0 x 0 x 0 x 0 0 0 0 x 0 0 x 0 x 0 0 0 x x 0 0 0 x x x x 0 x x 0 x x 0 x x x 0 0 0 0 x x 0 x x x 0 0 x x x x 0 0 0 0 x 0 0 x x x x x 0 0 0 0 x x 0 x 0 0 0 x x x 0 x x 0 x 0 x 0 x x 0 x x 0 x 0 x x x x x x 0 x 0 x 0 x x 0 x x 0 x 0 x x x x 0 x x x x 0 x x x x 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x x 0 x x x 0 x 0 0 0 x x 0 0 0 x x x 0 x 0 0 x x x x x 0 x x x 0 0 0 x x 0 x x x x x 0 x 0 x x 0 x x x 0 0 x 0 0 x x x x x 0 x x 0 0 x 0 0 x x x x 0 0 0 x x x x x x 0 0 0 x 0 x x x 0 x x 0 0 x 0 0 x x 0 1 0 x x x x x 0 x 0 0 x x 0 x x 0 x x x x x x x x x 0 1 0 x 0 0 x x 0 0 0 x x 0 0 x x x x x x 0 x 0 x x x 0 x x x x x 0 x x x x x x x x x x x x x x x 0 x 0 0 0 x 0 x 0 0 x 0 0 x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 x x x x 0 0 0 0 x 0 x x x x x 0 x x 0 x x 0 x 0 x x 0 x 0 0 x 0 0 x x x 0 x x 0 0 0 0 x x x x 0 x x 0 x 0 x x x x 0 x x x x 0 0 x 0 x x x 0 x 0 0 0 x x x x x 0 0 x 0 x x x x 0 0 x x 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 x x x x x x 0 0 0 x x 0 0 0 0 x x x x x 0 x x 0 0 x x x 0 x x 0 x 0 0 x x 0 0 x x 0 0 x x x 0 0 0 x x 0 x x x 0 x x x x x x 0 0 x 0 x x x x x 0 0 x 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 1 x x x x x x x 0 x x x 0 x x x x x 0 0 x 0 x x 0 0 0 0 0 x x x x 0 0 0 0 0 0 x x x 0 0 x x 0 x x x 1 x 0 0 0 x x 0 x x x x x x x x 0 x 0 x x x x 0 x 0 0 0 x 0 x x x 0 x x x 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 x 1 0 0 0 0 0 0 0 x x 0 x x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x x 0 x x 0 x 0 x x 0 0 x x x 0 x x 0 x 0 x x 0 0 x x x 0 x x 0 x 0 x x 0 0 x x x x x x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 x 0 x x x 0 x 0 x 0 0 x 0 0 x x 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 1 x 0 0 x x 1 0 x x 0 x 0 0 x 0 0 x x x 0 0 0 0 x 1 x 0 0 x x 0 0 0 0 x x x x 0 x 0 0 0 0 0 x x x x x x 0 0 0 0 0 x x 0 0 x x x 0 x 0 0 0 0 x 0 0 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 x x x x x x x 0 x x 0 x x x x 0 x x x 0 x x x 0 x x x x 0 x 0 0 0 x x 0 0 0 0 0 0 x x 0 x x x 0 0 x x 0 0 0 0 0 x 0 x x 0 0 0 x x 0 0 0 x 0 0 x x x x x 0 x 0 x 0 x 0 0 0 x x 0 1 x x 0 x x x x 0 x x x 0 x x x x x 0 0 x x 0 0 0 0 0 0 x x x 0 x x x 0 x 0 x 0 0 1 x x x x 0 x 0 x x 0 0 0 x 0 0 0 x 0 x x x 0 x 0 x x x x 0 0 x x x 0 0 0 0 x x x x x x x x x 0 0 x 0 x x 0 x 0 x x 0 0 x x 0 0 0 x x 0 x x x 0 0 x x x x x 0 x x x 0 0 x x x 0 x x 0 x x x x x x 0 0 x x x x x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x x x 0 x 0 0 x x x x 0 0 x 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x x x 0 0 0 x x x x 0 0 x x x x x x x 0 0 0 0 0 0 x x x 0 x 0 0 x x x 0 0 x x x 0 0 x 0 0 x x x x x x 0 0 x x x x x 0 x x x 0 x x 0 0 0 0 0 0 x x x x 0 x x 0 x 0 0 x x 0 x x x x x 0 x x 0 x x 0 x x 0 x 0 0 x x 0 x 0 0 x x x x x x x 0 x x x x x 0 x x 0 x x 0 x x 0 x x 0 0 0 x 0 x x x x 0 0 0 0 x x x x x 0 x 0 x x 0 x x 0 0 x 0 0 0 0 x x x x 0 x x 0 0 0 0 x x 0 0 0 x x x x x 0 0 x x x x 0 x 0 x x x 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 x 0 0 0 x 0 x x 0 x x 0 x 0 0 0 x 0 x x x 0 x 0 x x 0 x x x x x x x x 0 x 0 0 x 0 1 x 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 x x 0 x 0 x 0 x x 0 0 0 0 0 x 0 0 1 0 x x 0 x 1 x x 0 x x x x 0 0 1 x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Rugmi.FL
  • Rugmi.PGA
  • Rugmi.TB

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �m �� �v(�*�"1�1HO@V�H[u_�zb"hc�w{b��P������������m��V����$წ���=�S)�B1_T�Vw��`���%�������AE��"��D��&��$���LA*�" RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
Show More
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Related Posts

Trending

Most Viewed

Loading...