Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.CBLB

Trojan.Kryptik.CBLB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 27,015
Threat Level: 80 % (High)
Infected Computers: 2
First Seen: August 17, 2023
Last Seen: February 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.CBLB
Signature status: No Signature

Known Samples

MD5: 09dd6cbd7fcef9f7c3b06a86fe87670f
SHA1: ebbe6dbfb38d474fac3ae913ce8f39b5943efbc2
SHA256: E404C5373AB82C0E99E2A0F8E673A97284954818D3ECFAFE0C761E9998E72CA4
File Size: 2.26 MB, 2256896 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name SeiTbNao
File Version 7.6.1.0
Internal Name DBsrv.exe
Legal Copyright Copyright (C) 2020
Original Filename DBsrv.exe
Product Name DBsrv
Product Version 7.6.1.0

File Traits

  • 2+ executable sections
  • JMC
  • x86

Block Information

Total Blocks: 8,443
Potentially Malicious Blocks: 101
Whitelisted Blocks: 7,590
Unknown Blocks: 752

Visual Map

0 0 0 0 x 0 0 ? 0 0 0 0 0 0 ? x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? ? 0 0 ? 0 ? ? 0 ? ? 0 0 ? ? ? ? 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? x ? x ? 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? ? x ? x ? 0 0 0 ? ? 0 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? ? ? 0 ? ? ? 0 0 0 x ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? x ? 0 ? 0 ? ? 0 ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 x 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? 0 0 0 ? 0 0 0 ? x ? 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? 0 ? 0 0 0 0 ? 0 ? ? ? ? ? 0 0 ? ? 0 0 ? ? ? ? 0 0 ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 ? x ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 0 ? ? ? ? ? x x 0 ? x x 0 ? x x 0 ? x x 0 ? x x 0 ? x x 0 ? x x 0 ? x x 0 ? 0 ? ? 0 ? x ? ? ? ? x x 0 0 x x 0 0 ? 0 0 0 ? ? ? ? 0 ? 0 0 ? 0 ? 0 0 ? 0 ? ? x x 0 0 x x 0 0 ? ? 0 ? 0 ? 0 x ? 0 0 0 0 0 0 ? 0 0 x 0 x 0 ? 0 0 x x 0 0 x x 0 0 ? x 0 0 ? x 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 ? ? ? ? 0 0 0 x 0 x 0 ? 0 0 0 ? ? ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 x ? ? ? ? ? ? ? ? ? ? 0 0 x ? x ? x ? ? ? 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 ? 0 ? x x x 0 0 x x 0 0 ? 0 ? ? ? ? 0 ? ? x 0 0 x 0 0 0 ? ? 0 ? ? 0 0 x 0 0 0 x 0 x ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 x 0 x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Kryptik.CBLB

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 刕⨭髷ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...