Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.AAZF

Trojan.Kryptik.AAZF

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 8,228
Threat Level: 80 % (High)
Infected Computers: 5,576
First Seen: August 22, 2023
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.AAZF
Signature status: No Signature

Known Samples

MD5: 9ea1c727ec62894e2a0a3ad482a00626
SHA1: e58550caaa537addd6b1ef6b6cfd27d0ee1937f9
SHA256: 2B0B53D678585DD49D209CDAFD298BC1A352AA95D5ECD8CCFEA7810F4F16FB58
File Size: 2.26 MB, 2255856 bytes
MD5: 3ce82e63ba79a685f86d68fd3d4fb6e0
SHA1: b98708a6478203cc72a3c443d941a9c91b093d55
SHA256: B9DCC0C1A107C121EC4518733B35964315DA99DFB752C1AD59659F6A1AD42D09
File Size: 3.38 MB, 3375104 bytes
MD5: 91b4da222f84ae620bf09da2e975b524
SHA1: 36419277fc9e187390db722ace8cf8ce3dbc9502
SHA256: EB168647C24D2CD40EFC24B32411D4EB6E86588531DE8D6CC4C9AB2A47954A97
File Size: 3.40 MB, 3395584 bytes
MD5: 94d2649285df98919f54ec9db83f726e
SHA1: f8b7e803b2307accca5a570da1ea1686075ee1af
SHA256: B032BB18A8A7CEF2F4D0C5BD4F6F44BC3A0CBFCC8A21B1159DC88F9A6024E378
File Size: 2.13 MB, 2129920 bytes
MD5: 65011afcc918d216e1ce346dfea8f51e
SHA1: 5e5d87b927d53aabc056ec405deb7e7d5dc8daed
SHA256: 8A15D2C035577BEE272422D53AECC9D6AD00AF72490B4B2F441AF12A5BBA579F
File Size: 2.58 MB, 2576384 bytes
Show More
MD5: 7ac3e4681848fb87fd3286a30a27526f
SHA1: f13f361b22ad02e3e9e20ee9714d3273e601d93b
SHA256: 44786769AE4D9B0993B1CFC46C9E729E471DD785C53C79A7F75B2D0569F2ABE3
File Size: 2.23 MB, 2229231 bytes
MD5: d06ce329b54418849b1e5423fba20109
SHA1: aa8f51493850c572e9b210fd8f1362664e192474
SHA256: 356D83BBDC46A0EEC222D7A553EF3803244334E6E09454B2919890DEB39E19D3
File Size: 5.62 MB, 5620224 bytes
MD5: c91e72769d5cc7f145ea5ffebc69a3da
SHA1: f2620c0a947eee7f39d148c2ccf6d2a4d8aa791f
SHA256: 6EBE0E5BC6223F03D23A74FFEE0D94EB0E95F728DD461B4324DA73E486314F59
File Size: 1.93 MB, 1929216 bytes
MD5: fa3acee055e72a0a99e0ae2c7fea8f2b
SHA1: ccce3f2727c21c987b6cddad0cecbcdb4c823a20
SHA256: 2C7A23A9852960E8A52DAFE4C3FCBD132435BA43E19A0A5137265C68F1462EEA
File Size: 3.97 MB, 3973120 bytes
MD5: 5d5b36d49bde91dcd86e3a9eccfb07e5
SHA1: 977936bf2ba41f29e0746316a33e75c6c26db757
SHA256: D682CF51164E300C650710AE762D49ABDF033A93AD2F39B8703ECC912E458AB9
File Size: 2.06 MB, 2057626 bytes
MD5: 065d7e95bedd4f76e7ff7e6a54c8a10f
SHA1: 3f842dd978dfa3f300f4b9c73f8ad74522e5bd47
SHA256: 2F9547D1E9D14E4F498FBCFB1F832708A5071C66A2186D996F22395F645416B3
File Size: 4.74 MB, 4743168 bytes
MD5: 340521df671998264d929d6b3224b504
SHA1: 11c3eb8a8b7c9fe0e54bf5f74dd6b7bb1d18986e
SHA256: 8D3E9B6C861E05AEB77699CCC21AE95397E2CA5BF4244C2EFF409ECAFA1CE754
File Size: 2.61 MB, 2613248 bytes
MD5: aa98b4d2811b173a2c35a455ce7451d8
SHA1: 282fd2435e74535bbb6c64d9b06a9bb8e61b07e0
SHA256: D2D9397E75F42F050CE252477F62AF6E2BDB6E859BBB8909373EDC1A44CA7389
File Size: 2.54 MB, 2539520 bytes
MD5: e3826557138f9223e572a1f1a6e4cfcc
SHA1: a54a0342cf891d90b5cf7966702f73de207a2135
SHA256: 3B52E7E9F857952DFC3107FB084E6009742B008CFE44E2723E7F47F9F8A1557A
File Size: 6.60 MB, 6598656 bytes
MD5: 12f353653149556bd930c3fa78c3685b
SHA1: de2a1c17be72204837bd577ab6d0a48b40618c90
SHA256: 0246AA2C10BD026B98D9BDB7095854A158AD98E4707DC69FADCCEE55F0F48A62
File Size: 5.90 MB, 5902336 bytes
MD5: 7c1d29ad278a82af5b40eab47929e66e
SHA1: eb1985c04cc9f3094bf2826af7b868794c490b62
SHA256: 1B20767B50A7B21FB35A86C92557B5C3F0D26CBF8511C3FDC98FB4B48B11FD35
File Size: 6.06 MB, 6061493 bytes
MD5: 263fcff6c130a607cf6316716de6b6fb
SHA1: 7974f5e9cb366d5cf8a15e9b237ff2cad0cdc054
SHA256: E500C0650D0E1213F976D26FE4BDED851551FC5D00E87592CEA7FCB3EFB56D55
File Size: 5.81 MB, 5812224 bytes
MD5: 2c7e9c2651d904ad7a3b8d4737dfe80a
SHA1: 33b3cf335a0c825b5f2325a5bffdfb029411f03d
SHA256: 93F4D9678008236A534CB7893594C8914756E22A5EA95DBB39024A13146DBFC4
File Size: 6.20 MB, 6201344 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
00.0 D
Assembly Version 0.041..
Company Name
  • BellSoft
  • BlueStack Systems
  • MaresWEB
  • Microsoft Corporation
  • Oracle Corporation
  • The Qt Company Ltd.
File Description
  • BlueStacks Sensor Native Library
  • C++ Application Development Framework
  • EULA
  • HRWaw.SkinEditor.Design
  • Microsoft® C Runtime Library
  • OLE DB Simple Provider
  • OpenJDK Platform binary
  • OptimFROG add-on for the BASS library
File Version
  • 96.0.20080.0 (WinBuild.400002.9700)
  • 80.64.88000.0 built by: REL
  • 13.020.9.00
  • 8.8.3000.0
  • 7.035.00.4000
  • 2.4.0.2
  • 0.1.0.0
  • 0.09.2.0
Full Version
  • 13.020.9.00
  • 8.8.3_000-b00
Internal Name
  • abtfwar.dll
  • ATNN
  • BASS_OFR
  • ejyth
  • HRWaw.SkinEditor.Design.dll
  • llhcu120.dll
Legal Copyright
  • 2003-2006, MaresWEB
  • Copyright (C) 2017 The Qt Company Ltd.
  • Copyright 2011 BlueStack Systems, Inc. All Rights Reserved.
  • Copyright © 2021
  • Copyright © 2022
  • Copyright © 2007
  • © Microsoft Corporation. All rights reserved.
Original File Name HD-Sensor-Native.dll
Original Filename
  • abtfwar.dll
  • atnn.dll
  • bass_ofr.dll
  • ejyth.dll
  • HRWaw.SkinEditor.Design.dll
  • llhcu120.dll
  • oatlderkdkrltabsidbht.dll
Product Name
  • Abtfwaranta Inztohe\sot Ghwihheqd ST
  • AeetPdsxsl
  • Atnn(ES) Frikhzoe DN 8 H321
  • BASS_OFR
  • EjytHLU Twskecue 8
  • IPDev.SkinEditor.Design
  • Llhcueroc ll Teokes Deealy so
  • Oa5
Product Version
  • 80.64.88000.
  • 8.8.3000.0
  • 7.035.00.4000
  • 2, 4, 0, 0
  • 1.3.0209.0
  • 0.1.0.0
  • 0.09.2.0
Froduct Version 70.0.00001.0

Digital Signatures

Signer Root Status
The Qt Company Oy DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • imgui
  • x86

Block Information

Total Blocks: 39
Potentially Malicious Blocks: 8
Whitelisted Blocks: 5
Unknown Blocks: 26

Visual Map

? x ? ? ? x 0 ? ? 0 x ? ? ? ? ? ? ? ? ? ? ? x ? x ? 0 ? x x ? 0 ? x ? ? ? 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autoit
  • Delf.Q
  • Kryptik.AAZF
  • Philadelphia.A
  • Philadelphia.B

Files Modified

File Attributes
c:\users\user\appdata\local\temp\autbef0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\windowsloader.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\windowsloader.exe Generic Write,Read Attributes

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Network Winsock2
  • WSAStartup

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e58550caaa537addd6b1ef6b6cfd27d0ee1937f9_0002255856.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b98708a6478203cc72a3c443d941a9c91b093d55_0003375104.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\36419277fc9e187390db722ace8cf8ce3dbc9502_0003395584.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f8b7e803b2307accca5a570da1ea1686075ee1af_0002129920.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5e5d87b927d53aabc056ec405deb7e7d5dc8daed_0002576384.,LiQMAxHB
Show More
C:\Users\Rhcnwlwn\AppData\Local\Temp\WindowsLoader.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f2620c0a947eee7f39d148c2ccf6d2a4d8aa791f_0001929216.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ccce3f2727c21c987b6cddad0cecbcdb4c823a20_0003973120.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3f842dd978dfa3f300f4b9c73f8ad74522e5bd47_0004743168.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\11c3eb8a8b7c9fe0e54bf5f74dd6b7bb1d18986e_0002613248.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\282fd2435e74535bbb6c64d9b06a9bb8e61b07e0_0002539520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a54a0342cf891d90b5cf7966702f73de207a2135_0006598656.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\de2a1c17be72204837bd577ab6d0a48b40618c90_0005902336.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7974f5e9cb366d5cf8a15e9b237ff2cad0cdc054_0005812224.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\33b3cf335a0c825b5f2325a5bffdfb029411f03d_0006201344.,LiQMAxHB

Trending

Most Viewed

Loading...