Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Cridex

Trojan.Cridex

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 20,218
Threat Level: 80 % (High)
Infected Computers: 172
First Seen: February 11, 2012
Last Seen: September 11, 2025
OS(es) Affected: Windows

SpyHunter Detects & Remove Trojan.Cridex

File System Details

Trojan.Cridex may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. dutsikerte.jpg d1a9c19ea705f1c24218549200baf1b4 0
2. file.exe eaa5115124e0fb7864a54cb0c2a4c8aa 0
More files

Analysis Report

General information

Family Name: Trojan.Cridex
Signature status: No Signature

Known Samples

MD5: 7c167dc69f04458490cdf2f003ea156a
SHA1: 033eb80550df70fb0145a20bc27f3914c7b13f26
SHA256: ECFC6CCD9ECF5D6A5FA838DF1181B35EB94CB01FA6F63750588031FAB1B4570D
File Size: 1.69 MB, 1691136 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Build 20140425
Company Name Safer-Networking Ltd.
File Description Dummy
File Version 2.4.40.151
Legal Copyright © 2009-2014 Safer-Networking Ltd. All rights reserved.
Legal Trademarks Spybot® and Spybot - Search & Destroy® are registered trademarks.
Original Filename blindman.exe
Product Name Spybot - Search & Destroy
Product Version 2.4.40.0

File Traits

  • HighEntropy
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 14
Potentially Malicious Blocks: 11
Whitelisted Blocks: 2
Unknown Blocks: 1

Visual Map

x x x ? 0 x x x x x x x x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Dridex.G

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • VirtualAllocEx
Encryption Used
  • BCryptOpenAlgorithmProvider

Related Posts

Trending

Most Viewed

Loading...