Trojan.Kryptik.CLAH
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,893 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 122 |
| First Seen: | October 2, 2024 |
| Last Seen: | April 9, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.CLAH |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
74c034f660a12b8978d80eb39c9e9399
SHA1:
8d97edd33ecfc2c52ce15ec3e0129509599af58a
SHA256:
8A719A889BAA89111C7F238462B9EBD2F2BF30158885F4C17BA09BFAB703E6C8
File Size:
4.79 MB, 4791037 bytes
|
|
MD5:
0cd65a6a68b3e007af7505979529d660
SHA1:
e0726979e34ac34badc5ac4a0456b125dba05333
SHA256:
DB244D6B8C96CD4DA67CBC1CC62EECFB0AEADCA799EBE74BAFF0F4C66DF3AB9A
File Size:
3.90 MB, 3898459 bytes
|
|
MD5:
bf04d557718fe6342fe9d317a5203e2d
SHA1:
f8123c297cb92f4b1398dec34085f35d1d83b76b
SHA256:
45C67B04977DE5AE31EB16F9FB52F7171D981104A1F56F514026BABEDAEBBE31
File Size:
3.49 MB, 3488780 bytes
|
|
MD5:
60d8a2488132e9356ef90e324009eba7
SHA1:
09541d3f55aa9fc5e35836f60cc51321eccdda56
SHA256:
20E6B213E00190B2B7D0C05CC80E7D59DEE0107B029B825C7AF4E3ACA1A3522A
File Size:
4.54 MB, 4537805 bytes
|
|
MD5:
f3a9ef2d1f2005207368611153f530de
SHA1:
430fc905c074fdff4e1fa9734ad25615b2e5d6cf
SHA256:
2B6F190381D8213FFEFC161FEE5B3208371765A008B23EADD1220F4F6AA8A842
File Size:
3.86 MB, 3856192 bytes
|
Show More
|
MD5:
9f619789e6401d12a61226d149a0b040
SHA1:
41752268f039d41e5d22dcf47850c1b10d6e1941
SHA256:
8B28A49F72523E0E40F254AF6BFE6F60508C03C1EC56A4151D77AD05D8928A6A
File Size:
3.90 MB, 3896755 bytes
|
|
MD5:
bff4387f471bf6eb1a6aa82dbd2759fc
SHA1:
da0c90c38f2713730962ca4be8d0e6a4b7782e2e
SHA256:
5CB7C3B2832B3E5052AFF28E8CAAB0F03C12983DE10E3532B5D1F32999512BBD
File Size:
4.97 MB, 4971814 bytes
|
|
MD5:
bc5e7f25c0b3cf7b44f50cb0290834f2
SHA1:
0bbca4de0c51bfe5ebc0004fd784860d4bca57ed
SHA256:
5A4ED0C211F7D22B1B188AC6D1C384E195D12D57DB2D58879519FDCDD99017A6
File Size:
4.00 MB, 4001569 bytes
|
|
MD5:
fd0dd91bebec37ccae130ccb22ee7357
SHA1:
b6d945cd517b2e30309aae2526de595386695a3d
SHA256:
E9261D35CC4AEE8AEA52844FDDC20ACA8FB9F4F61A183533DBECF20E7A0A6498
File Size:
4.98 MB, 4978804 bytes
|
|
MD5:
78b1afbf6bf6593e5b3c02112449058f
SHA1:
7d02abc5862960dfae2fe25084616ed68c057f88
SHA256:
34861B12FEF7751C30053F3D4290A67DCB57E974A7178759584984C907F144B3
File Size:
4.10 MB, 4101379 bytes
|
|
MD5:
7eca4df53db2123b9124055a08f63ba5
SHA1:
0fc6674019fbff5d727cc8940635d4f9087bbdb7
SHA256:
284E719DE45CD2C44077DAEAA6BB60EC51D4D3FCD2E786006E8573CC17CEC331
File Size:
4.79 MB, 4793080 bytes
|
|
MD5:
91056b86a8653cdb502ef6f03dfbb1c2
SHA1:
42cdc84cefc1f837e575f3b72cc5cf3e1f49ca15
SHA256:
46A8E1C69A2B8305F03D7A810E1008D62F5698E225B2ED2A985C9EDCC8298AD0
File Size:
4.15 MB, 4148939 bytes
|
|
MD5:
219d80a0e84f4ce4cfb2a21874260c38
SHA1:
5795993572fbf619caf8eda203f7530f6f4810b6
SHA256:
5098C32785D2434CD2F5AA9C8FAE8F6DD3D50C25AA5201DA7D162AE2A3B9C538
File Size:
3.68 MB, 3681767 bytes
|
|
MD5:
fae35427149ee0dcba41d823fd052761
SHA1:
2b09481810d1f8e00bc014331ca358c324befb19
SHA256:
704634779FC8A9AA07DC1CA1EE449FCA3659E4656BAB345132B0BA95FA67C0C2
File Size:
4.11 MB, 4105336 bytes
|
|
MD5:
4fcd7ca196acc65b9fb2b21678e62cbf
SHA1:
6d338388e1e7716bffa72ab3fa6563e5bef43553
SHA256:
C25873D4840EB7AEB0600A086D0D3F0AA078806A406F68829D28F69A960378E4
File Size:
3.99 MB, 3986929 bytes
|
|
MD5:
3bf35987e5062e82288d5dde5e9d3261
SHA1:
809190743698258db7432bc3bb05058eee2a6ac3
SHA256:
1E3B2312FD45B055C6EA7B7DFCA624B72F2A3601FCEB4F236F08016D0BC52FF0
File Size:
4.38 MB, 4381093 bytes
|
|
MD5:
d72ba75655321995b042b1f5c5a7559c
SHA1:
01900e5e5c2767cb3ea6784a8eeb0a2c6d7e5877
SHA256:
8EE7896DE32C0F77968C52DD00A552ED14EBFE43C47603FCA6FE1A887928CFB2
File Size:
3.98 MB, 3981152 bytes
|
|
MD5:
797b8870744a5107241b689caf93bfad
SHA1:
635c2e26ceaa65f032617574332474c6a5c7ebdd
SHA256:
DE25A03332E227D570D49B90137012246C8EE1C4DCE5BC18F15F424F86CADB70
File Size:
4.44 MB, 4442493 bytes
|
|
MD5:
5b3256dbbfd387e853d1a5b0cc815587
SHA1:
8f03fc8fa4f43f4e8603462ad5206ae58fc29d8f
SHA256:
1037E8CF12A8DF87AB74E989BA6743E8C81FABA28E15567F824031B271B10B7C
File Size:
3.85 MB, 3854252 bytes
|
|
MD5:
6d15fa07bd978abb4dae5264ecee12ec
SHA1:
7f9a6b45c13139b14afc042e4429afdcadc28feb
SHA256:
4AA8BF9E5A4081AA6B38C7E09E34C762F80CC63521E22A90777E50B5AF281DA5
File Size:
4.82 MB, 4819071 bytes
|
|
MD5:
42971b03a97473fa22ace44724975f25
SHA1:
d026c2a0bfafe089faaf8236802d76b878d20d59
SHA256:
8E276F5EE413A8D227C22255DDF307CF044097F7D836503257576C508C12B785
File Size:
4.63 MB, 4629877 bytes
|
|
MD5:
29d2764ec058869b6a8bedc065c8f983
SHA1:
3c96749536b2f26ba16e13f6f391def068192604
SHA256:
C395F97D551D0EC2B7CA930608F7171BEA07A5DFC8221A2BF3C99129CB10AF26
File Size:
4.64 MB, 4636781 bytes
|
|
MD5:
5ec3a9729724fa89854eb1e540ae745c
SHA1:
aed60ac8cd8ce0cf2bae9528fb6de632b9b6b75a
SHA256:
1B4A023B281156B60197B9EBB3B0D1ED83493543FC05284A04204C6EFBD6DE1F
File Size:
4.23 MB, 4234399 bytes
|
|
MD5:
783d4fffab14c629a523110c3d8c287b
SHA1:
f1ba1fd394f68fc2930705ad6c5cf86ff398dcf8
SHA256:
18DA03D572573D11CFA60F667EED6502ABA7909A6047A49E6116E86F58ED9B3D
File Size:
3.82 MB, 3816586 bytes
|
|
MD5:
2b506f4da21188fdaf02614e6d4325b2
SHA1:
bfa5d2881a6aad35a197b88d0a81ecff97786319
SHA256:
6DAE7CE966F8949ED7EA1855C16EE34EABC44A8F050D61F3255B75C51B17142C
File Size:
4.03 MB, 4028100 bytes
|
|
MD5:
9f70b3e8c3b45e27cee8656529a92fbc
SHA1:
49a607cc70287eae4de69d0eebd45b14fe285045
SHA256:
9783F2A5BC919318334AFA9C49ECBA4953E13AC0AA2D76206CC56E48A578C5A5
File Size:
3.84 MB, 3837026 bytes
|
|
MD5:
da3cf3725ad00635fa57eefe9aef1697
SHA1:
6d67a1186312e11c4257d9760809349da00d5971
SHA256:
910E1C67E1B7B720DEF6CF43EE10108F1176D9B46D2BF1C283C4951D6FBDDD2E
File Size:
3.94 MB, 3935419 bytes
|
|
MD5:
a59d63a428054e2655e840bfd6a467ce
SHA1:
25fca4859027d432a5c184f2f85b0232aac2104d
SHA256:
B7111DE2422A9594DE407D03DE0FB325E1CD164476A2C4FB84E35BD72A8A9F2A
File Size:
5.18 MB, 5183401 bytes
|
|
MD5:
53ed220492a4cacb564cf8e412663962
SHA1:
22c1e0a484e2bd53ea483e2eb078b6df25da0188
SHA256:
27F655964DA21C4CA177D229D9820093425A45EC84BBAFE258F792E054F21927
File Size:
4.52 MB, 4522327 bytes
|
|
MD5:
8308bc5e58f4ddcf6137f13948a1dc2f
SHA1:
e543907d8d0eb58724ee3f21c345fd17eda66215
SHA256:
CBF9F897B7A56B48B95E2721E58293C630FCC52035FACA1DA3212AE6E4E29717
File Size:
4.92 MB, 4918793 bytes
|
|
MD5:
ac3d4ee91cef1cb3f96a8ea32b9dea7c
SHA1:
d50f1dd53d75c002d8b6407bf5f8c281f26acc7c
SHA256:
6F57895CE03185AD237AAEE4FBE291FD45CAD8FEC573AAB023BE41FC324399E6
File Size:
3.99 MB, 3993611 bytes
|
|
MD5:
aa2e242ba280a7bdabc07e52e73a0705
SHA1:
29fe737ca233a818da435458a8c99247f5a5c364
SHA256:
D333D85A308DED659D86B3CB78631C69353D99D04CDCAED6013A805D6D9D44E9
File Size:
4.15 MB, 4145801 bytes
|
|
MD5:
2e2287dcdb881c5daeb9b730fb3059b7
SHA1:
03f140a69e6415dec03493bc0c421f2beb0c4def
SHA256:
A8CD5AE501F7594D2E55FF5BF176DF9A0247FE3F29A828ABD14F7DB9430DF57A
File Size:
5.07 MB, 5068176 bytes
|
|
MD5:
7a6eb3773201da5405c69a5bd715ea5e
SHA1:
a41c81ee7e56726209604544016893ffaa67c8c2
SHA256:
193A1042BB4216D273EC0BF2D4C94EB7481C26B5EBE7B1C4F02137FBBB3B996A
File Size:
4.24 MB, 4235009 bytes
|
|
MD5:
9c82b646268680d423093d968082a054
SHA1:
985155ee495b3737197e380a047a25d8c1a47922
SHA256:
49055A271DCD4C2B1171CBEAF066A6D3B99095D3A2B7674B6CC883921C5E99E6
File Size:
5.20 MB, 5197785 bytes
|
|
MD5:
c1af8df3d0ca81f4d6ba8b26ba863165
SHA1:
b8a37b39195e5dc2e9cf8a441df457e0fc8dad23
SHA256:
62E670AC7B83A2F7D27BB8A9752F6EADBD784FA14AC83A8C98AE27203BBBA60B
File Size:
4.10 MB, 4103829 bytes
|
|
MD5:
03f299200c48f02b8abca7a70ffab5a8
SHA1:
6c893fb87904fc2a7d2e2dfa813d6ad21655f03a
SHA256:
B553B70A500E2277DFFE6899B97F5DC6A580872507EE8B73EF1999C4ACA15A91
File Size:
3.51 MB, 3505088 bytes
|
|
MD5:
dd64f70298640670634d55440a487546
SHA1:
6052bd44d464430c4c62f4d2e7b3cc5927c3a5c3
SHA256:
11B261FABA0973F782F9F06941D4A15C582AAEC4BC6C9E8F1D39BFB079D449EC
File Size:
4.51 MB, 4507438 bytes
|
|
MD5:
598e6bc31683e6cbb804957249ae1db3
SHA1:
fbd8bd7531a6abea7acd20ef3c96e583e358bdc6
SHA256:
715F2B5B532AF7D3DE489BF57C6CE45839D9F79E2E7310C130F124EC38FF4922
File Size:
4.98 MB, 4978011 bytes
|
|
MD5:
903e616c1c7f9f4043a8f39852a31de2
SHA1:
76aad2af70fce87e5a14559af5bc015b4727f691
SHA256:
E096B079BAAB6ED2F630943C06FFAA08520C87E5DAE853F7959CBF09B5BDF83D
File Size:
3.58 MB, 3583319 bytes
|
|
MD5:
c39869386d4e2b63a610d0b721a14759
SHA1:
e0b3c6088dcf8804e60fdfac1a4f3e9131f37786
SHA256:
B1E7B0C929BCA4A35208B0D782BA9A62669A0689514FE78FF6F9EFCC92824FCB
File Size:
3.74 MB, 3743434 bytes
|
|
MD5:
f6b64457940ef41d6bfcc1f2cdbdbe20
SHA1:
0b2b2236503d0bdb5ff05ac06a4b5c6e44435c61
SHA256:
781B49B4B35CB89688443BBFCD872B58AB22018BDF87F5D058876872E203760E
File Size:
3.93 MB, 3925269 bytes
|
|
MD5:
92fb8d98a52ef65826ff45014b47be10
SHA1:
b9c3ef24525c8b439d9c5621218ca52a918cc2c2
SHA256:
AA7BF6D1333A018DC9282621F662040F50C8AC95D16E95B85D81DEF9A6DAA443
File Size:
4.05 MB, 4048568 bytes
|
|
MD5:
86189864ae6bd087a0ad280dc85bfb8a
SHA1:
672712d42ce59ecbf8c7c1ebab9a8936fa8f6415
SHA256:
2E1E9F9228A8BF0D2A5D4B308D45DD367BB7D299B6AA112BD083E404608ED2FB
File Size:
4.05 MB, 4052086 bytes
|
|
MD5:
dc0e08c049a7a07bc40b1b7407a50d8e
SHA1:
3030352846a279553d64ce3a0be5862bf22e4516
SHA256:
9757C7B82664B7C3EBD7A36ECF723CEA2C5955CFB6F1D5E89F891E10D854356B
File Size:
3.92 MB, 3919721 bytes
|
|
MD5:
1fcaa3ef2a1fdc0b4c7b8caf78201d37
SHA1:
fa281ef2a9e40639937fec1307ddaf007612e745
SHA256:
02789CA6B592A479287266F67435FC525E3068076F6121C6D0EA08A0CD75BCFF
File Size:
4.44 MB, 4439433 bytes
|
|
MD5:
18b41ae675de73779c1c453a05eb1a86
SHA1:
2e6714ec6d22e3c78e3becac077cd25bbe5fbb53
SHA256:
72981E36742A2DA5221172EB24C2A35E9EF150D38526AF636858FF00FDE1D2AF
File Size:
4.04 MB, 4038976 bytes
|
|
MD5:
306348e69a882893812284b736f9c907
SHA1:
742456ea9f2f5175d8d88482a90e6c6c3a6d11cc
SHA256:
7E4F37C0FF2192EE8C3449CB7D2762A90C9657E973E1EAF72CAF543BBE7A232D
File Size:
3.86 MB, 3864528 bytes
|
|
MD5:
a3e5784a4177fccc5ad5064f3774fae1
SHA1:
aa98373905248e6096d285087822cada65332e95
SHA256:
F70BC0FC4FAA5C8E346F2C7759471FF83CE2A27B9337C08CEDA3968DF7EC96C4
File Size:
3.98 MB, 3979736 bytes
|
|
MD5:
730dd3af455ffe6a344be21a160a1c08
SHA1:
cf23d496b13324910ece12b9132625ec811e1b17
SHA256:
BFADCE31304D2328EF46D687C317102333982FEAED345618351CAAD9B6A4CC41
File Size:
3.86 MB, 3857423 bytes
|
|
MD5:
712b8ff270cfb5d796ae11f45754f6ba
SHA1:
018c2d098dcb9f35cc4f0ae28d9a48c0d1340d88
SHA256:
F3668738B0773F3267C911B560CB92369DF2938E1266F79A726DF39412810DB3
File Size:
3.90 MB, 3903359 bytes
|
|
MD5:
2a201af3c65d6917af12231b16add902
SHA1:
03e18281dfa8ccf5633634c9eed2674cb5046c41
SHA256:
E9C897A99EE38D3203C61BF7EFB0F698F9217D1DCF1D1D0599F105B9680E3AC3
File Size:
3.84 MB, 3838912 bytes
|
|
MD5:
4060279e2bf8efb2fbfa8da0ad5f5997
SHA1:
c55447125c51c0f928fbee03629f9180f8d4af02
SHA256:
9B3C14C1FBA6B62200A5EC32202E11B22FB52D31E3E5E271E68504EE3621855A
File Size:
4.18 MB, 4181946 bytes
|
|
MD5:
65bee2e890ed9919843651b5ac3e0093
SHA1:
63a46082516b5352c05100618e36c0611c1aea4f
SHA256:
153A2307A4256EDBFCE3D3515618C0EA157D4A91E277BB0D7BB843D46C0346A1
File Size:
4.36 MB, 4362620 bytes
|
|
MD5:
0f51fb0a450e66d5447068f0afea318b
SHA1:
b97f8e45e77b1fffbaff71cff7d372e7775b6136
SHA256:
DE4E6A29125628F54B0ACECF6223CF126036EF494C0D5C76ADB09DFFBF552E75
File Size:
4.50 MB, 4499246 bytes
|
|
MD5:
a35afb9d93b418e066e4d115798e7e55
SHA1:
e5d6a52c1492a8d606bf5587373afdc3a50ed6a3
SHA256:
2B801B107230415584D98C109DD3ABBDC0A5EFDA44D88A7090C91E34AF0C5AAF
File Size:
4.05 MB, 4052715 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
382 additional icons are not displayed above.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Auto It Version | 3.3.16.1 |
| Comments | Complete Internet Repair |
| Company Name |
|
| File Description |
|
| File Version |
Show More
|
| Home Page | https://www.rizonesoft.com |
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | CWTuning Software |
| Original Filename |
|
| Product Name |
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- Autoit
- HighEntropy
- imgui
- No Version Info
- VirtualQueryEx
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 4,906 |
|---|---|
| Potentially Malicious Blocks: | 325 |
| Whitelisted Blocks: | 1,925 |
| Unknown Blocks: | 2,656 |
Visual Map
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
x
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
0
0
0
?
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.CLAY
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\programdata\plug\logs\log1442.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Keyboard Access |
|
