Trojan.Kryptik.CLAS
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.CLAS |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
915075946b468864196fa375bea29714
SHA1:
926e22d0b260c06875fb4e8c90b9c509e5d97fd3
SHA256:
EC1596B92EF8BE76BDB4FDDAEF8E42EF8A5B7F4FD097C0148945561339D0F505
File Size:
4.78 MB, 4783083 bytes
|
|
MD5:
03aa19bc335af59d451a5f8f1b6a0ed0
SHA1:
3c167641960587eeccb297b4ef9b5f34f177e171
SHA256:
A7CD1910146D870058F492B3EFBAF30AB8301F0473413F7B134A587EF0ECA04D
File Size:
4.49 MB, 4486539 bytes
|
|
MD5:
bb7d8f58909373133385dff12b701b56
SHA1:
c72a1eb7c4a535daadd16bacc8459b934684a39c
SHA256:
435E9A82F2140E1A3D1E95D583771F9CB2995C1E484FCADD1BAF8DE59528D0EF
File Size:
4.02 MB, 4018412 bytes
|
|
MD5:
9f04badcbed6798c1d238dac33aaeabe
SHA1:
eaafa14fd5342754264a56cf139f019eb7d71eed
SHA256:
F405C3F2A6981C6C375BFDF8571DE5DD78262C42A7799D42FA8A43B6DE160E0B
File Size:
4.22 MB, 4224883 bytes
|
|
MD5:
01e92c2c6dfad11342f33f8cb27de5b0
SHA1:
71d1062c817d1b525ffc06b76fe7bfaf7b8a2a46
SHA256:
19134AAEE909184C5DC1E0529038D6A8F32C8D9931B649998B2AA4BDB265A4FC
File Size:
3.83 MB, 3828056 bytes
|
Show More
|
MD5:
4bd8e56f1818687f97465dcf257959ab
SHA1:
4f1cedcfab22386fe266d2e14f558d96d9d6f9ca
SHA256:
CD28F9221ADF18BEE1C1F11A776DB6128E740A52350D5B45400B7C568B40138A
File Size:
4.17 MB, 4169322 bytes
|
|
MD5:
76faf00090fe42b0778d360de208d635
SHA1:
6da6772788c91b128698e7818459be007b20bd6b
SHA256:
88E4BD3FDEC93BBFB52623985D4FE5E16BAFEF9908D0555D1BEFD41F67C2498E
File Size:
4.63 MB, 4634442 bytes
|
|
MD5:
ca8742bfcc32921390587179be0d1abb
SHA1:
4fcf3b4900dc31e114df3dc7ff93723914bed2e2
SHA256:
A30FB8F3E6B3C6426F4E7859C09319928CE2E4F643E5A97C7BC8763E8124D2C5
File Size:
5.98 MB, 5978800 bytes
|
|
MD5:
9a808d34d3c238d02475611a81c234fa
SHA1:
651985fc13a7501237bbe1ae1be3c62cf40b1609
SHA256:
85D542793E70E228FF7C702A42B9F13253BC3EC865D2BF80DA40A5ACF8A034D6
File Size:
4.87 MB, 4869196 bytes
|
|
MD5:
a6b728308745c2ca07a817a0cb3db495
SHA1:
2e1ca2111f5f4882141db538cf482cdfcdd026d1
SHA256:
07BE9BF1A292E13CC8D5DBE72D8B5473BED02A13ED87BA4CC22960DA55E56560
File Size:
4.34 MB, 4337661 bytes
|
|
MD5:
193ea57aa073931049879ee5dec8d738
SHA1:
6b2f03b1cd4e22fa597e50ab14da00f5fb3012a0
SHA256:
5A50EA6F08B7EC6B8B8AD4B3C67CFF5D4C34FD34F0C38ED19DB1E58F12856D47
File Size:
4.40 MB, 4399041 bytes
|
|
MD5:
27fb8b3e7c227175fc330fcec061970b
SHA1:
dc026761ac7a387579ca904bcedc2ca9158e2598
SHA256:
DDFE83AED5428B3758114C9B5F6850AF1AA010487B23D6FBD2DEEFC16BE39A68
File Size:
4.04 MB, 4042180 bytes
|
|
MD5:
9c6bc3320ebbb232d2955e6d24c5fb97
SHA1:
1e92941c082e3cc46c08605abdf7df902bb149ff
SHA256:
344289DCE60CF2736D2C10617A9FF3CA17D0259FD1A31F39C4E605B355589424
File Size:
3.58 MB, 3579791 bytes
|
|
MD5:
458585eabe8eaa3da6cea8eb19f0645a
SHA1:
ed4f407920a282acf32ed7503d98f693038f5ae7
SHA256:
B0DA87FBB98225310C9549641E518E383040E9F856C11CF1CFF1EBF04AD1DBF8
File Size:
4.01 MB, 4005872 bytes
|
|
MD5:
e063f5d5e09fdc78e6a4a0364426ac88
SHA1:
acbac90d3af18033dd57b37bb504410c97a07b52
SHA256:
DF5FD0E0083C9AB011F4655E35C031D113AD08C8D0B212C0D203B3C2704BB045
File Size:
4.03 MB, 4026881 bytes
|
|
MD5:
737fee7e2641672be2751637911ba39b
SHA1:
7915f5a6f3fae8815ade8fc13d6cb612bde5925b
SHA256:
A76DD4DA94CAD8181A6C73D8993D3FE059843497197DCF7A7BFFE868F36F4D64
File Size:
3.72 MB, 3718685 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
5 additional icons are not displayed above.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Description | PPoint Repair Tool |
| File Version |
Show More
|
| Internal Name | PPoint Repair Tool |
| Product Name |
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 4,844 |
|---|---|
| Potentially Malicious Blocks: | 321 |
| Whitelisted Blocks: | 1,895 |
| Unknown Blocks: | 2,628 |
Visual Map
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
x
0
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
?
0
0
0
0
?
0
?
0
?
0
?
0
0
0
?
0
0
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
x
x
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
?
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.CLAY
