Trojan.Crackonosh

By CagedTech in Trojans

Threat Scorecard

Ranking:	2,088
Threat Level:	80 % (High)
Infected Computers:	128,059

First Seen:	June 28, 2021
Last Seen:	April 20, 2025
OS(es) Affected:	Windows

File System Details

Trojan.Crackonosh may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	ServiceInstaller.msi	156dab1b32859a3b90bdbfa51e7559e2	721
Name: ServiceInstaller.msi MD5: 156dab1b32859a3b90bdbfa51e7559e2 Size: 54.78 KB (54784 bytes) Detections: 721 Type: Windows Installer Package Path: C:\Windows\System32\ServiceInstaller.msi Group: Malware file Last Updated: October 18, 2024
2.	startupcheck.vbs	b6a58f7b79567b6aa575a807840f5cbd	490
Name: startupcheck.vbs MD5: b6a58f7b79567b6aa575a807840f5cbd Size: 410B (410 bytes) Detections: 490 Path: C:\Windows\system32 Group: Malware file Last Updated: February 24, 2025
3.	maintenance.vbs	4cb3b51e35ad2e8039152008f966061e	297
Name: maintenance.vbs MD5: 4cb3b51e35ad2e8039152008f966061e Size: 1.24 KB (1240 bytes) Detections: 297 Path: C:\Windows\system32 Group: Malware file Last Updated: August 21, 2022
4.	winrmsrv.exe	e5ec4f6b803a7025e0278da1b54feae0	47
Name: winrmsrv.exe MD5: e5ec4f6b803a7025e0278da1b54feae0 Size: 731.13 KB (731136 bytes) Detections: 47 Type: Executable File Path: %WINDIR%\system32\winrmsrv.exe Group: Malware file Last Updated: April 6, 2022
5.	wksprtcli.dll	c7308958986fe345e3576f49fc4fc153	12
Name: wksprtcli.dll MD5: c7308958986fe345e3576f49fc4fc153 Size: 2.35 MB (2351104 bytes) Detections: 12 Type: Dynamic link library Path: %WINDIR%\System32\wksprtcli.dll Group: Malware file Last Updated: April 28, 2022
6.	windfn.exe	165b5b6f085f735ec8bf30be40be0598	6
Name: windfn.exe MD5: 165b5b6f085f735ec8bf30be40be0598 Size: 2.03 MB (2036736 bytes) Detections: 6 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: September 9, 2021
7.	winlogui.exe	186dfb9f55b62e7739a773024050dee3	2
Name: winlogui.exe MD5: 186dfb9f55b62e7739a773024050dee3 Size: 2.09 MB (2098688 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: September 9, 2021
8.	startupchecklibrary.dll	38421cd27b886d8627c28fd64faa7b68	2
Name: startupchecklibrary.dll MD5: 38421cd27b886d8627c28fd64faa7b68 Size: 2.61 MB (2619392 bytes) Detections: 2 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: September 9, 2021
9.	ServiceInstaller.msi	79538329ec6c83d3539c71210e5648c4	2
Name: ServiceInstaller.msi MD5: 79538329ec6c83d3539c71210e5648c4 Size: 54.78 KB (54784 bytes) Detections: 2 Path: C:\WINDOWS\System32 Group: Malware file Last Updated: September 9, 2021
10.	ServiceInstaller.exe	e0b559ff1b7b4873d9e229b91039884e	2
Name: ServiceInstaller.exe MD5: e0b559ff1b7b4873d9e229b91039884e Size: 3.05 MB (3054592 bytes) Detections: 2 Type: Executable File Path: C:\Windows\System32\ServiceInstaller.exe Group: Malware file Last Updated: September 9, 2021
11.	winscomrssrv.dll	6ee92d315a2d53d4b878ec913443dd6f	1
Name: winscomrssrv.dll MD5: 6ee92d315a2d53d4b878ec913443dd6f Size: 526B (526 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32\winscomrssrv.dll Group: Malware file Last Updated: September 9, 2021

More files

Registry Details

Trojan.Crackonosh may create the following registry entry or registry entries:

File name without path

7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450

7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B

UserAccountControlSettingsDevice.dat

Regexp file mask

%windir%\system32\maintenance.vbs

%windir%\system32\startupcheck.vbs

%windir%\system32\tasks\microsoft\windows\application experience\startupchecklibrary

%windir%\system32\tasks\microsoft\windows\maintenance\installwinsat

%windir%\system32\tasks\microsoft\windows\wdi\srvhost

%windir%\system32\tasks\microsoft\windows\windows error reporting\winrmsrv

%windir%\system32\tasks\microsoft\windows\wininet\winlogui

%windir%\system32\tasks\srvhost

%windir%\system32\tasks\sysinfo

%windir%\system32\tasks\winlogui

%windir%\system32\tasks\winrmsrv

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Crackonosh

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

Submit Comment

Trending

CVE-2025-26633 Vulnerability

Derenmon.co.in

Mightytechy

Most Viewed

Discord Is Stuck on Gray Screen

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen