Threat Database Trojans Trojan.Cridex.NC

Trojan.Cridex.NC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 15,255
Threat Level: 80 % (High)
Infected Computers: 24
First Seen: October 11, 2021
Last Seen: March 30, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Cridex.NC
Packers: UPX
Signature status: Modified signature

Known Samples

MD5: b5084c78fbbb33d8d43d86d04d3d6aea
SHA1: 4f0768eb39efc1d6d4f511e3ac3071dc0f84d395
SHA256: 97DE0CFA9F1E4A5E1296123492BE9AA0E0C66BEECE246BE84A163550D15798BC
File Size: 613.19 KB, 613192 bytes
MD5: e4d06aebf82616516ae5e90548a35744
SHA1: c666e1ed5427962977e8ba669a3a9c1e3e0db0de
SHA256: D4828307FE93D7035F324212FF4637891D87903886EFE7ED7E7FF5F8D2C6235A
File Size: 613.20 KB, 613200 bytes
MD5: 2468e70764149e4254c42b17105e4cb3
SHA1: 26dafcd72829c0d627873a240b2f90b6534714c1
SHA256: E3F8E92FEEB7FA8B0A78F1B98C732815A6F979A7AA856290AEB39A931840D20E
File Size: 613.19 KB, 613192 bytes
MD5: d49760955ec995c4a464795886ca7981
SHA1: 505e13eb0e88f0a89cdec1f800bafadc4673959b
SHA256: 0EE8E37D7A82F70FF7F1E987E13590B6F4339C1EDC174A0F89148E0A2B53EA89
File Size: 613.20 KB, 613200 bytes
MD5: 413b7b1e4b8f2c8d5cf9d1bf763a7898
SHA1: 6da5c6facd0f56f90a9fbb8b6a752738506f74d6
SHA256: 0920AFD6ED890EFE8491BD33508239AC3486973E9D22F6020900D78AE7B3B0C9
File Size: 613.20 KB, 613200 bytes
Show More
MD5: b63476e3dd8723bf788e62de471feafd
SHA1: c5c35f2e8225ac4b7c9e7255c82845a393c3b6c5
SHA256: E9A3A3CFBB2DC5CD98089B439E03E35D389570DF89A172D1E11A926F1B4F08A5
File Size: 613.19 KB, 613192 bytes
MD5: e7318fe27b5f0e37610c7f5ecf24203d
SHA1: 83b522eb9c9796496bf2e39474d2dc4aa7e2585c
SHA256: 47680D4D47D6B8E93D10E5A88DA5C31FBFC85E541A2472307904AD69F51F3E35
File Size: 613.19 KB, 613192 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Reason Software Company Inc.
File Description Reason Antivirus Installer
File Version
  • 1.0.0.34
  • 1.0.0.12
  • 1.0.0.6
Legal Copyright Copyright Reason Software Company Inc.
Original Filename master-502902f-ReasonAntivirusInstallerStub.exe
Product Name Reason Antivirus
Product Version
  • 1.0.0.34
  • 1.0.0.12
  • 1.0.0.6

File Traits

  • HighEntropy
  • Installer Version
  • packed
  • x86

Block Information

Total Blocks: 6,664
Potentially Malicious Blocks: 139
Whitelisted Blocks: 6,369
Unknown Blocks: 156

Visual Map

x x 0 0 ? 0 0 0 0 0 x 0 x 0 0 ? x 0 0 0 x 0 ? ? x 0 0 ? 0 0 0 0 0 0 0 0 x 0 ? ? ? x x ? 0 0 x x x x 0 0 0 x x x x x x x x 0 0 ? 0 0 0 0 0 0 0 ? 0 0 ? 0 x 0 0 ? ? 0 0 0 0 0 0 0 0 0 x x x 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x ? x 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 ? 0 0 ? x 0 0 ? 0 x 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 1 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 0 ? 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 x x 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 ? 0 ? x x ? x 0 ? ? 0 0 ? x x x x x 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 ? 0 x x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 1 0 ? ? x 0 ? ? ? 0 x x ? 0 ? ? x x x x ? x ? ? x x 0 x x ? x 0 0 0 0 0 0 ? 0 x x ? ? ? ? ? 0 x ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 x x ? 0 0 ? ? 0 0 x ? x ? 0 0 0 ? ? 0 0 0 ? x 0 ? 0 0 0 0 ? 0 ? ? 0 0 0 0 ? ? 0 0 0 ? 0 ? x 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x 0 x 0 x 0 0 x x 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x x 0 x x 0 0 x 0 x x 0 x 0 0 0 0 0 x 0 x x x 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 x x x x 0 0 x x 0 0 0 0 x x 0 0 x 0 0 x x x 0 x x 0 0 x 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • ByteFence.A
  • Cridex.NC

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • getaddrinfo
  • socket
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext

Trending

Most Viewed

Loading...