Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kreapixel

Trojan.Kreapixel

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 12,297
Threat Level: 80 % (High)
Infected Computers: 559
First Seen: November 5, 2014
Last Seen: February 28, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kreapixel
Packers: UPX
Signature status: Root Not Trusted

Known Samples

MD5: acf0309f93e25ff91eb302e3d42c1488
SHA1: e81be89c192d6d94b18687387ed258d9c46b13e2
SHA256: 3102E275A37D7E8D31A9F86F4561B2CBB099EC3473936A33EF1AE928330C3274
File Size: 5.95 MB, 5951568 bytes
MD5: 7d8034b1a8fd44ba3a1cf693776a95b3
SHA1: 9979e61c41ad1a5d30cd60186aabcc4f2f687afe
SHA256: 5DB78F23C149AF3D14685604CF5FB9118381AF3EA19AAAD803CFF9899EC17BC5
File Size: 5.67 MB, 5674568 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name 3 Mo
File Description Webplayer setup Setup
Product Name Webplayer setup
Product Version 1.0

Digital Signatures

Signer Root Status
Kreapixel thawte Primary Root CA Root Not Trusted

Block Information

Total Blocks: 444
Potentially Malicious Blocks: 0
Whitelisted Blocks: 444
Unknown Blocks: 0

Visual Map

0 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Crack.K
  • Trojan.Agent.Gen.AAT
  • Trojan.Agent.Gen.DE

Files Modified

File Attributes
c:\users\user\appdata\local\temp\7za.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\__tmp_rar_sfx_access_check_2926265 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\extract.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\extract.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\lanceur.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\lanceur.vbs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pack.7z Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pack.7z Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\winrar sfx::c%%users%oebogignc:\users\user\appdata\roaminglocal%temp C:\Users\Oebogign\AppData\Local\Temp RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname Microsoft ® Windows Based Script Host RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Oebogign\AppData\Local\Temp\Lanceur.vbs

Trending

Most Viewed

Loading...