Trojan.Kryptik.BRGH

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	20,548
Threat Level:	80 % (High)
Infected Computers:	47

First Seen:	May 24, 2021
Last Seen:	February 18, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Kryptik.BRGH
Signature status:	Hash Mismatch

Known Samples

MD5: ff5c51916451189e168ccf1e7d3d1285

SHA1: 4d5b1586185d8ac6c700d175d22a577cd4659a60

SHA256: 4750096840542ABC8BA9EEA6BF5BE50F3A59F3DC52FC661855B8293962F6C32D

File Size: 127.49 KB, 127487 bytes

MD5: 382e205b7b468ecc565e49a959a93616

SHA1: 9e1ef0be3cc14c5977f56feb00281bfec3c28c7e

SHA256: DAD839E2F7917C867EBEC21A344322139DCAA1AA74D3C25BF5CBD0AC0E0BA651

File Size: 128.25 KB, 128255 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Hewlett-Packard
File Description	hpwuSchd Application
File Version	80, 1, 1, 0
Internal Name	hpwuSchd
Legal Copyright	Copyright (C) Hewlett-Packard 2007
Original Filename	hpwuSchd.exe
Product Name	hpwuSchd Application
Product Version	80, 1, 1, 0

Digital Signatures

Signer	Root	Status
Hewlett-Packard Company	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Hewlett-Packard Company	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch

File Traits

big overlay
x86

Block Information

Total Blocks:	143
Potentially Malicious Blocks:	9
Whitelisted Blocks:	123
Unknown Blocks:	11

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 x x 0 0 0 x x x 0 ? 0 0 x ? ? x 0 ? ? ? x ? ? x ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 2 2 0 0 1 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 2 1

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Kryptik.BRGH

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Submit Comment

Trending

Hacktool.Autoclicker.PB

Trojan.Agent.GYG

Trojan.Tasker.EA

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen