Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.BFITF

Trojan.Kryptik.BFITF

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 23,500
Threat Level: 80 % (High)
Infected Computers: 1,122
First Seen: July 1, 2023
Last Seen: August 30, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.BFITF
Packers: UPX
Signature status: Self Signed

Known Samples

MD5: a2e7d63b046bac96749c113d5ba7a318
SHA1: 36731a627b68cc1c1f72623f734c1955ab9e96bd
SHA256: C98F5695D66F4B8324A2656330966FE261FB387D06C02F9CD51027ABCCFF82A4
File Size: 3.55 MB, 3549184 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Builder host 22:17:38 13/09/2023
Comments http://www.sminstall.com/
Company Name InstallBuilders
Created 7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798)
File Description Smart Install Maker
File Version 5.0.4.10
Internal Name Smart Install Maker
Legal Copyright InstallBuilders
Legal Trademarks Shareware
Original Filename sim.exe
Product Name Smart Install Maker
Product Version 5.0.4.10

Digital Signatures

Signer Root Status
Smart Smart Self Signed
Smart Smart Self Signed

File Traits

  • HighEntropy
  • x86

Files Modified

File Attributes
c:\users\user\appdata\roaming\kmspico\kmspico.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\kmspico\kmspico.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\kmspico\megasync.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\kmspico\megasync.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\kmspico\script.vbs Generic Write,Read Attributes
c:\users\user\appdata\roaming\kmspico\script.vbs Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname Microsoft ® Windows Based Script Host RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) script.vbs

Trending

Most Viewed

Loading...