Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Krypt.Gen.MF

Trojan.Krypt.Gen.MF

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 7,093
Threat Level: 80 % (High)
Infected Computers: 27
First Seen: March 27, 2026
Last Seen: May 18, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Krypt.Gen.MF
Signature status: Self Signed

Known Samples

MD5: c3287c5cb75e4d599011f050a988a7a3
SHA1: 1ec6cf3e8c443d79e6b5190d38ad767927c6a3b1
SHA256: 4219BA0E67CCA8EA4A2FC28C67ED0D0458B13D5F69CF1C3085F351E740F8E25E
File Size: 1.85 MB, 1849040 bytes
MD5: 99cb85198a5f42c44b7984338bbe51c7
SHA1: 1a806d99ff6cb24b36665236c825645d9c7b1b2c
SHA256: 8BF12546B1F419BCF1F8830A09FE5D6A4D2F069CADAFA9608D7AC664EB6E7ED9
File Size: 1.85 MB, 1851088 bytes
MD5: 85986f3bcdd5b60f9175a5b1c449cf13
SHA1: de613fae9d3d7bccde29166509c10018d7016013
SHA256: 305274FB38B9EC9EC7BC173CB08D51BCA07733D825210B5B13B572FFBC2B5E9C
File Size: 1.94 MB, 1935048 bytes
MD5: a1e11b53147d69afc9dff0ca27fc2d67
SHA1: 5bd4dfab82431d0e12c209dd5e60a20018079fdd
SHA256: 564B95E4F2BC5AF41DDBDF60A397A09549E88AA7777D6B3194A30382B70B8918
File Size: 1.92 MB, 1924608 bytes
MD5: fa3f67f209d5b441d427462afba3e64c
SHA1: 05461184a525b54fff2f2e121d50d52699fffae0
SHA256: 686C698B2E8FBFF01318943AAA74067BFB7316CB1717C6A155747AFFA8C7D7FB
File Size: 1.97 MB, 1974272 bytes
Show More
MD5: f263f4c0e88f956e24ab208f46d9d100
SHA1: e37f9c797b05afc5ad71318db63a415fc359afef
SHA256: 230158E67315F920D3ACAE5885FFB416FDA65B1341F60B8645D266BBA6AC603F
File Size: 2.18 MB, 2179272 bytes
MD5: cd4498de5256187c30b00af658e3342d
SHA1: 3c520ef35f12eb4b8e1b25098a1769a1afda128e
SHA256: 7FAD7DC28D928DF12498A043CBA620D37DE8E10EDE4C0EA9725550D9F6DA4C49
File Size: 2.18 MB, 2180296 bytes
MD5: f8905f77dd784414844d8585fa85b0a3
SHA1: 3b38579d814c88daded66b8217d49e6f1b5f2b60
SHA256: EE84D3F0434C27ADF695555C8D9B97F40AF590487E37C2D07587AF74A2D45EDE
File Size: 5.38 MB, 5384392 bytes
MD5: 84061d8ff12c9b77fac1d7be6f33b4ec
SHA1: 9791af598dba41ed5ad555befacb6c72d92c978a
SHA256: A8B891385F5453FAB03DCE028E9D501AFB95FC96E8541B1B04BD47FB833946D9
File Size: 2.17 MB, 2170056 bytes
MD5: 5e79893ea9fde2d6ec3d8d8eb7d35a79
SHA1: e083d2df501c460c146da618cbc97274ed77bf69
SHA256: 0A24ED6EE331EB898069725D1A2E7CE41150DCC92E8BE7AC329CED17E18EDE39
File Size: 4.15 MB, 4154048 bytes
MD5: c3125fe064520b9c145d71be7703bbb5
SHA1: cb390a8becd13705482e7118c79ec2e42395e6e6
SHA256: 80A5FCE7B3176CD4B998BA3AD8F061B0F51A0E1536C2F0A757F31A62CEE7AF67
File Size: 4.17 MB, 4167872 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name validationretrieved
File Version 1.0.0.0
Internal Name programmerelsewhere
Legal Copyright universalknowledgestorm
Original Filename veterinary.exe
Product Name presentedpredictions
Product Version 1.0.0.0

Digital Signatures

Signer Root Status
*.ae.com *.ae.com Self Signed
*.issuu.com *.issuu.com Self Signed
*.ss.com *.ss.com Self Signed
itunes.apple.com itunes.apple.com Self Signed

File Traits

  • golang
  • No Version Info
  • x86

Block Information

Total Blocks: 930
Potentially Malicious Blocks: 1
Whitelisted Blocks: 929
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Files Modified

File Attributes
c:\users\user\appdata\roaming\microsoft\protect\oobeldr.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\Windows\System32\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Ydluxgnh\AppData\Roaming\Microsoft\Protect\oobeldr.exe"

Trending

Most Viewed

Loading...