Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.PGA

Trojan.Rugmi.PGA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 5,859
Threat Level: 80 % (High)
Infected Computers: 67
First Seen: October 7, 2025
Last Seen: April 29, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Rugmi.PGA
Signature status: Hash Mismatch

Known Samples

MD5: e9e85be27131fea863e9d3bdb56029c2
SHA1: 4b23938ba81320560e496d4b063432f4bb5e487b
SHA256: 17CDCE13C75E205AAFAE58F23BBC6E7B22E573A0E275000EE7306D373DCE9D07
File Size: 974.21 KB, 974208 bytes
MD5: c83fb9c3435de5a2d90d4cdadfe78ff6
SHA1: 9f402a279a459e088a05619316a7a42caea367b3
SHA256: 85BED34A57BA7EA1BD01CE830F4A6E6C0527C67F855BE0E1D7B5D612EF461ED6
File Size: 1.83 MB, 1825352 bytes
MD5: 25efba0e07c3c90649bec51285ec371a
SHA1: f9e46df4ea2c5cbc065a081b422bbf3f354a3ebf
SHA256: 588C27A8BE32807FD2DC94824A4B9FA62F0F4AFEEBC8A4F073E05DF70E57E7DA
File Size: 4.72 MB, 4717656 bytes
MD5: 8de20a5bef59a23e3b211e23382285b0
SHA1: 72b64c94a366d01bb3bf4cc1a7ed4cd11e7e632a
SHA256: 01F1A82EB17EFCE94D28763E4582597A40692E0025C74EC5CF9D600513EED322
File Size: 223.62 KB, 223624 bytes
MD5: 94b1d34efb234ffca5943fe5b0fc2b17
SHA1: 16b5bddf1dab06c4b107b6f479e6450581f75e19
SHA256: 8968104A0D9A2B7E321ECAFB271BB0319871E2DB2AC0DB29DF96856BEBEA46D6
File Size: 341.95 KB, 341952 bytes
Show More
MD5: e0acc05a8eb863040525e4580c558c35
SHA1: 98cc47990ad18cd10d183e9c9fd5312e08e903d1
SHA256: 488CADDC83490FF5ED91BC56DDB45D9850BC170A345E82D30C4AB83E25DF23F2
File Size: 3.01 MB, 3013590 bytes
MD5: 7f1864ab6a5feb376719ed1376b40c30
SHA1: fccf4fcd38838c646375c3befbde11248851af91
SHA256: C6B0AA2A34A5500FB89FF58948B62083694E3A710B5575D392093B8C455F7704
File Size: 1.76 MB, 1755720 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • For more information visit http://libgit2.github.com/
  • SQL
Company Name
  • Microsoft Corporation
  • Oleg N. Scherbakov
  • The OpenSSL Project, https://www.openssl.org/
Division Name Natural Language Group
File Description
  • 7z Setup SFX (x86)
  • libgit2 - the Git linkable library
  • Microsoft® Disassembler
  • Natural Language Hyphenation Service
  • Natural Language Spelling Service
  • OpenSSL library
  • XMLRW
File Version
  • 2019.0150.4382.01 ((sql2019_rtm_qfe-cu27-gdr3).240702-0232)
  • 14.44.35207.1
  • 14.0.4763.1000
  • 3.3.2
  • 1.7.1
  • 1.4.0.1795
Golden Bits True
Internal Name
  • 7ZSfxMod
  • git2-a2bde63.dll
  • libcrypto
  • mshy7fr
  • mssp7en
  • MSVCDIS140.DLL
  • XMLRW
Legal Copyright
  • Copyright (C) the libgit2 contributors. All rights reserved.
  • Copyright 1998-2024 The OpenSSL Authors. All rights reserved.
  • Copyright © 2005-2010 Oleg N. Scherbakov
  • Microsoft. All rights reserved.
  • © 2010 Microsoft Corporation. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Legal Trademarks Microsoft SQL Server is a registered trademark of Microsoft Corporation.
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Original Filename
  • 7ZSfxMod_x86.exe
  • git2-a2bde63.dll
  • libcrypto
  • mshy7fr.dll
  • mssp7en.dll
  • MSVCDIS140.DLL
  • XMLRW.DLL
Platform NT
Private Build June 27, 2010
Product Name
  • 7-Zip SFX
  • libgit2
  • Microsoft SQL Server
  • Microsoft® Visual Studio®
  • Natural Language Components
  • The OpenSSL Toolkit
Product Version
  • 15.0.4382.1
  • 14.44.35207.1
  • 14.0.4763.1000
  • 3.3.2
  • 1.7.1
  • 1.4.0.1795

Digital Signatures

Signer Root Status
Microsoft Corporation Microsoft Code Signing PCA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
LWKS Software Ltd. Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • dll
  • HighEntropy
  • x64

Block Information

Total Blocks: 6,541
Potentially Malicious Blocks: 2,974
Whitelisted Blocks: 3,565
Unknown Blocks: 2

Visual Map

x x 0 0 x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x x 0 x x x 0 0 0 0 x 0 0 0 0 x 0 x x 0 x x 0 x 0 x 0 0 x 0 0 0 0 x 0 0 x x x x x x 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x 0 x x 0 x x 0 0 0 0 1 0 0 x x x x x 0 x 0 x 0 0 0 0 x x 0 0 x x 0 0 x 0 x 0 x x x 0 x 0 x x x x 0 0 0 x 0 x x 0 0 x x x x x 0 x 0 x 0 x x 0 x 0 x x 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x x x x 0 0 0 0 x 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x 0 0 0 0 0 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 x 0 0 x 0 0 x x 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x 0 x x x x x 0 x 0 0 x 0 0 0 x x x 0 x x x 0 x x 0 x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x 0 0 x 0 x 0 x 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 x 0 x x 0 x 0 x 0 x x 0 0 0 0 0 x 0 0 0 0 x 0 0 x x x 0 x x 0 x 0 0 x x 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 x x x x x x 0 x x 0 0 x x x x 0 x x 0 x 0 x 0 x 0 0 0 0 x 0 0 x 0 x 0 0 0 x x 0 0 0 x x x x 0 x x 0 x x 0 x x x 0 0 0 0 x x 0 x x x 0 0 x x x x 0 0 0 0 x 0 0 x x x x x 0 0 0 0 x x 0 x 0 0 0 x x x 0 x x 0 x 0 x 0 x x 0 x x 0 x 0 x x x x x x 0 x 0 x 0 x x 0 x x 0 x 0 x x x x 0 x x x x 0 x x x x 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x x 0 x x x 0 x 0 0 0 x x 0 0 0 x x x 0 x 0 0 x x x x x 0 x x x 0 0 0 x x 0 x x x x x 0 x 0 x x 0 x x x 0 x x 0 0 x x x x x 0 x x 0 0 x 0 0 x x x x 0 0 0 x x x x x x 0 0 0 x 0 x x x 0 x x 0 0 x 0 0 x x 0 0 0 x x x x x 0 x 0 0 x x 0 x x 0 x x x x x x x x x 0 1 0 x 0 0 x x 0 0 0 x x 0 0 x x x x x x 0 x 0 x x x 0 x x x x x 0 x x x x x x x x x x x x x x x 0 x 0 0 0 x 0 x 0 0 x 0 0 x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 x x x x 0 0 0 0 x 0 x x x x x 0 x x 0 x x 0 x 0 x x 0 x 0 0 x 0 0 x x x 0 x x 0 0 0 0 x x x x 0 x x 0 x 0 x x x x 0 x x x x 0 0 x 0 x x x 0 x 0 0 0 x x x x x 0 0 x 0 x x x x 0 0 x x 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 x x x x x x 0 0 0 x x 0 0 0 0 x x x x x 0 x x 0 0 x x x 0 x x 0 x 0 0 x x 0 0 x x 0 0 x x x 0 0 0 x x 0 x x x 0 x x x x x x 0 0 x 0 x x x x x 0 0 x 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 1 x x x x x x x 0 x x x 0 x x x x x 0 0 x 0 x x 0 0 0 0 0 x x x x 0 0 0 0 0 0 x x x 0 0 x x 0 x x x 1 x 0 0 0 x x 0 x x x x x x x x 0 x 0 x x x x 0 x 0 0 0 x 0 x x x 0 x x x 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 x 1 0 0 0 0 0 0 0 x x 0 x x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x x 0 x x 0 x 0 x x 0 0 x x x 0 x x 0 x 0 x x 0 0 x x x 0 x x 0 x 0 x x 0 0 x x x x x x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 x 0 x x x 0 x 0 x 0 0 x 0 0 x x 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 1 x 0 0 x x 1 0 x x 0 x 0 0 x 0 0 x x x 0 0 0 0 x 0 x 0 0 x x 0 0 0 0 x x x x 0 x 0 0 0 0 0 x x x x x x 0 0 0 0 0 x x 0 0 x x x 0 x 0 0 0 0 x 0 0 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 x x x x x x x 0 x x 0 x x x x 0 x x x 0 x x x 0 x x x x 0 x 0 0 0 x x 0 0 0 0 0 0 x x 0 x x x 0 0 x x 0 0 0 0 0 x 0 x x 0 0 0 x x 0 0 0 x 0 0 x x x x x 0 x 0 x 0 x 0 0 0 x x 0 1 x x 0 x x x x 0 x x x 0 x x x x x 0 0 x x 0 0 0 0 0 0 x x x 0 x x x 0 x 0 x 0 0 1 x x x x 0 x 0 x x 0 0 0 x 0 0 0 x 0 x x x 0 x 0 x x x x 0 0 x x x 0 0 0 0 x x x x x x x x x 0 0 x 0 x x 0 x 0 x x 0 0 x x 0 0 0 x x 0 x x x 0 0 x x x x x 0 x x x 0 0 x x x 0 x x 0 x x x x x x 0 0 x x x x x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x x x 0 x 0 0 x x x x 0 0 x 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x x x 0 0 0 x x x x 0 0 x x x x x x x 0 0 0 0 0 0 x x x 0 x 0 0 x x x 0 0 x x x 0 0 x 0 0 x x x x x x 0 0 x x x x x 0 x x x 0 x x 0 0 0 0 0 0 x x x x 0 x x 0 x 0 0 x x 0 x x x x x 0 x x 0 x x 0 x x 0 x 0 0 x x 0 x 0 0 x x x x x x x 0 x x x x x 0 x x 0 x x 0 x x 0 x x 0 0 0 x 0 x x x x 0 0 0 0 x x x x x 0 x 0 x x 0 x x 0 0 x 0 0 0 0 x x x x 0 x x 0 0 0 0 x x 0 0 0 x x x x x 0 0 x x x x 0 x 0 x x x 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 x 0 0 0 x 0 x x 0 x x 0 x 0 0 0 x 0 x x x 0 x 0 x x 0 x x x x x x x x 0 x 0 0 x 0 0 x 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 x x 0 x 0 x 0 x x 0 0 0 0 0 x 0 0 1 0 x x 0 x 0 x x 0 x x x x 0 0 0 x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.GAE
  • CsgoInjector.PD
  • Downloader.Agent.BTPC
  • Gamehack.UFB
  • Injector.GDB
Show More
  • Rugmi.PGA
  • SpyLoader.L

Files Modified

File Attributes
c:\users\user\appdata\local\temp\ackbreershees.gy Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ackbreershees.gy Synchronize,Write Attributes
c:\users\user\appdata\local\temp\c-drive.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c-drive.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jli.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jli.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\kaemkrat.fpec Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kaemkrat.fpec Synchronize,Write Attributes
c:\users\user\appdata\local\temp\microsoft.intellitrace.profiler.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\microsoft.intellitrace.profiler.dll Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vcruntime140.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 降ȁਪˣ鈯ˣ遙̃豤̃অˣ炑̃濖̃賬̃獖}਷ˣ邯̃뫯ʃ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueryWnfStateNameInformation
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUpdateWnfStateData
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Hsiwykns\AppData\Local\Temp\C-Drive.exe

Trending

Most Viewed

Loading...