Trojan.Kraddare.AB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	26,593
Threat Level:	80 % (High)
Infected Computers:	7

First Seen:	January 6, 2023
Last Seen:	November 2, 2025
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Kraddare.AB
Signature status:	No Signature

Known Samples

MD5: fdfb854882a71aa5f65e3259f50fbdca

SHA1: ae7d31acb984f1b341015396000c32ae41ce8206

SHA256: E74B0034AB087833788D7B368D272449F5B3ABD00652CEF38BC9F66DE4B364E3

File Size: 32.77 KB, 32768 bytes

MD5: 006acaa9b79fef5e366611af43e473c3

SHA1: 587d3bdb67967961c034c8dbfb3cc731ec166f43

SHA256: E665FB39496146896F9414B45530002680E36A2E664387574267EA565EE1E352

File Size: 61.44 KB, 61440 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
File Description	CameraController Microsoft 基础类应用程序
File Version	1, 0, 0, 1
Internal Name	CameraController
Legal Copyright	版权所有 (C) 2002 版权所有(C) 2025
Original Filename	CameraController.exe DialogTest.EXE
Product Name	CameraController 应用程序
Product Version	1, 0, 0, 1

File Traits

Block Information

Total Blocks:	9
Potentially Malicious Blocks:	7
Whitelisted Blocks:	2
Unknown Blocks:	0

Visual Map

x x x x x x x 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

GhostRat.F
Kraddare.AB

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.134137156700761587.7272.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134137220889641956.5616.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_rdcnmbkw.p3r.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_rvaeoe2t.dkz.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_u0123wd2.jf5.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_xhondmwr.fff.psm1	Generic Write,Read Attributes
c:\users\user\downloads\Ø§w	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	뮗衛贈ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	긆穓贗ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject Show More ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges

Shell Command Execution


							powershell -Command "$regPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run'

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Kraddare.AB

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

4Arcade

Ansusseau.club

Trojan:Win32/Malex.gen!E

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...