Trojan.Kryptik.CLAY
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.CLAY |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
4d7ffe9a1bff51950095272010533865
SHA1:
9c569c1006f239db2e516efafa19ab742831c13e
SHA256:
12A0117A0DDB243EDAE6E4B54B9B28AFEA09F05A48C59D75E6457F7237102E28
File Size:
3.97 MB, 3967958 bytes
|
|
MD5:
e165dbc107ed721a18d30fe6dcbd8223
SHA1:
745b55aa2d752430409b552067456be5892efe3d
SHA256:
CEBED60D553DCC6F52652E72A0E5C55B56662AF9500960DB4C28432840915FBC
File Size:
3.80 MB, 3803656 bytes
|
|
MD5:
e94e16f82078e14bf1c6b563834131e2
SHA1:
f17d48ce4c527c96b85e01dda4f5553fc0a3b405
SHA256:
350D81F0A1E4EBF1ADC7474FD0DA488F26AFA1ACCEABEED49218F187E30469BD
File Size:
4.73 MB, 4734596 bytes
|
|
MD5:
e7addd1e1008150e9cbc7ceb5e31e8c6
SHA1:
0de452a8147bd5ba579b05b475fa272e21f4d10f
SHA256:
5E8EFE0B71E57FF90952D427C3CB4FCFF0D68840C8D917EF1F7BB4FF637434BE
File Size:
4.66 MB, 4661876 bytes
|
|
MD5:
6bdb3c473f7cd83f1bffc3db177f3d6e
SHA1:
29e1044034b76d67482fb1ddb68b2d2a382a4d21
SHA256:
57F8149A49240E233139B24E89C128623527790520E46BB10BD48A6E0A37DABD
File Size:
3.94 MB, 3935934 bytes
|
Show More
|
MD5:
04865327c1f789def340cd98b1effb3a
SHA1:
6398c89370f9a19c4623eab99e2609457db69fd9
SHA256:
28028752E4EDA09E3AF7C2ECCE47370FE01921CFD41B1B8F07D879FAE33FFABF
File Size:
3.57 MB, 3565170 bytes
|
|
MD5:
97d43aed0328b6db51841a2a79c7f1ec
SHA1:
bbc1138ea332d6f9008a958f4eeac857df591633
SHA256:
97A7EFF6798BA01FD414CDC80089281F5462B99EDBD4B28191662C5EDB0187E2
File Size:
5.00 MB, 5000415 bytes
|
|
MD5:
d813a31b5e08e9550c6e717c2f2c647f
SHA1:
a84c441386e2ecab3ddeadd475939d7214f90df3
SHA256:
0E8ABBDF7CBF2FEC4E188BF3974B0B9BFD75A89B9BB1D8FB6C9D7B626FF2FCDD
File Size:
4.18 MB, 4181895 bytes
|
|
MD5:
456a686684707e45fc8a395df2cfb059
SHA1:
a9261be6cdcaad2bd47a067187716601f0a8ba25
SHA256:
DDE83C18A5747BE48CAFCECF405A3A18138A2E5B482438F7B229EA99BA29E213
File Size:
3.90 MB, 3901551 bytes
|
|
MD5:
57c083142beba1f46b8ae756a68253ef
SHA1:
978bced1dfdaa55e6a2771f7bb702378e816d380
SHA256:
12BE982AD2BA89983EC9FB96D2828785C0E652C2EA4ED9D45D94B5B41AABE2AD
File Size:
3.98 MB, 3980834 bytes
|
|
MD5:
80e82e6d89f8b5044143f66ae98ab796
SHA1:
c7c0fa0a9ca68e9ecd97ec6124db9c5690197fcb
SHA256:
8A08AFE0537F89ADF7E19555191925A577AC1570D6C5E05CD001DB6A5C130B73
File Size:
3.93 MB, 3930762 bytes
|
|
MD5:
c47ca22658b3dbc3f580b6a02ac36360
SHA1:
26c0575ce86f3658e51e40b30f6142bc117b7de0
SHA256:
74293DC1E256C89932CFA55939732335A879E48FFC9F58FA5909C9C5A40E88CF
File Size:
4.54 MB, 4537963 bytes
|
|
MD5:
a46b9383190ec1c3fba02a50c688d32d
SHA1:
1249ce761b934271c8ba035ab0ecb7e856212c32
SHA256:
42EE80155512A0451162E0992042036BF736B52127AB4A01FC1CF92E40B8A4DA
File Size:
3.87 MB, 3874806 bytes
|
|
MD5:
547cad0cc02f7da23523abcf6c7726f2
SHA1:
f5349c388ac946ac7204e1c41bb67a3cb8c09242
SHA256:
D1C351EBAC8F6517B54076B0D241BB36E3FB4C280EF130C518AD1505657811E6
File Size:
4.40 MB, 4403187 bytes
|
|
MD5:
84a71706d4e0482eb67564cb7e9bff58
SHA1:
b3dbbcf8759cf3dcb268dfefbfce8c4cc5b44f50
SHA256:
1F5902A4ADB641D6AF930B70B71FD68BF5AE65DFD3AE7203DF9DE7D04A873932
File Size:
4.16 MB, 4160369 bytes
|
|
MD5:
dfcc0e8cffe527f137adfe108e4497b3
SHA1:
27e66eee7c8d710329c29b57c356fb277ed63c8d
SHA256:
6F80EC2F1EEAA388B7A349743A8870973970E252D8F36C85ED3802BB93C5C550
File Size:
3.85 MB, 3845994 bytes
|
|
MD5:
75231291ea2003cccbf9b58c031974cd
SHA1:
28894a12c01efb8a0f4a1991f8d80d1252b71f8d
SHA256:
D80822839CC39C709288F14F2582923F4EC90CE097AB4C45C30654D9E6BC4524
File Size:
4.68 MB, 4683934 bytes
|
|
MD5:
32d3bd41a06a66ed395713dd03825e86
SHA1:
efd3b7046845f1e6b0121cb7758bb5aeb2e19133
SHA256:
8A6BD839FE65C0BBFDF76C1753685CC0BCC8952FE59CD1F223625681E9D4DC64
File Size:
4.18 MB, 4184276 bytes
|
|
MD5:
4af07f9a87e3269a605458caa8bc2397
SHA1:
8ce9e35a8fe06c05cfa712063563c4f56c9446ce
SHA256:
ACE87AC7AE513BCA63FB3033CEED640FCB0A6FAE9449C1E548D3DFCB8D3295E8
File Size:
3.95 MB, 3954091 bytes
|
|
MD5:
fa674c89c1eef66cea741cd0de5412c3
SHA1:
791f73f23068a2417e632f28b2a2f143991f959a
SHA256:
E49A41244DCBDBB88C0125775196D3F8B2925E34B992617F7A28050D690C5C67
File Size:
3.90 MB, 3896514 bytes
|
|
MD5:
ceabd5197a3689fc4ee8d61b23b80cd9
SHA1:
3695d242b7c9d434dc18a5689bdcebf273c6a2e4
SHA256:
435DF287F8662C355F56559EBC37F0A24331470642433DE383849D8FEC740AC4
File Size:
4.88 MB, 4878258 bytes
|
|
MD5:
0d4ed5321aa7cc739f745cbd637cd828
SHA1:
71f8e097253a689547ba86fb6343194c34887c2c
SHA256:
9FF4E0DF297AD0B350F0CBB2785F02690FDCDC1D8F0C1B5615694CE510B80E44
File Size:
3.97 MB, 3969706 bytes
|
|
MD5:
f29c4b3275a19987d2c87ac9c83bfa8f
SHA1:
286fd6a14c3d15053ba812d54d292b8b87e07127
SHA256:
90CB5621B5F4212DFEB5679954C531BB30944778E0C31364D841A2F2A85FDE24
File Size:
3.58 MB, 3579747 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
116 additional icons are not displayed above.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Version |
Show More
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- HighEntropy
- imgui
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,417 |
|---|---|
| Potentially Malicious Blocks: | 1,690 |
| Whitelisted Blocks: | 727 |
| Unknown Blocks: | 0 |
Visual Map
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
1
0
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
0
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
1
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
0
x
0
0
0
0
x
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
0
0
0
0
0
x
x
x
x
x
x
0
0
0
x
0
0
x
x
x
0
0
0
x
0
0
0
0
x
x
x
0
x
0
0
x
x
x
x
x
x
0
0
x
0
x
x
x
x
x
x
x
0
0
x
x
x
0
0
x
x
x
x
0
0
0
0
x
x
0
x
0
0
x
0
x
0
x
x
0
0
x
x
0
x
x
x
0
x
x
0
0
x
x
x
x
x
0
x
0
0
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
0
x
x
0
x
0
0
x
0
0
0
0
x
x
x
x
x
x
0
x
x
0
x
x
x
0
0
0
x
0
x
x
0
x
x
x
x
0
0
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
x
0
x
0
0
x
x
x
x
0
x
0
x
x
x
x
0
0
0
x
x
x
x
x
0
0
x
x
0
0
0
x
x
x
x
x
x
x
0
x
x
0
x
x
x
x
0
x
x
x
x
0
x
0
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
x
0
0
x
x
x
x
0
0
x
x
x
x
0
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
0
0
0
0
x
x
0
x
x
0
x
x
x
0
x
x
x
x
x
0
x
x
0
0
x
0
x
0
x
x
x
x
0
0
0
x
0
x
x
x
x
x
x
0
x
0
x
0
x
x
x
x
x
x
x
x
0
x
0
x
0
x
x
x
x
x
0
x
0
x
0
x
x
x
x
x
0
0
0
x
x
0
x
x
x
x
x
0
0
x
x
x
x
x
0
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
0
x
x
x
x
x
x
x
0
x
x
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
x
x
x
x
0
x
0
0
0
0
0
x
x
x
x
x
x
x
x
0
0
x
0
x
x
0
0
x
x
x
x
0
x
x
x
0
0
0
x
0
0
0
x
x
x
0
x
0
x
x
x
x
x
x
0
0
x
0
x
x
x
0
0
x
0
0
0
x
x
x
x
0
x
0
x
x
0
x
x
x
x
x
x
x
0
x
x
0
0
x
x
0
0
0
0
x
x
x
x
0
0
x
x
x
0
x
0
x
0
0
x
x
0
0
0
x
0
x
x
x
x
0
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
0
0
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
0
0
0
x
x
x
x
0
x
x
x
0
0
0
0
x
0
x
x
0
x
x
x
x
x
x
0
x
x
0
x
x
x
x
x
x
x
0
0
0
0
x
0
x
x
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
0
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
0
x
x
0
x
x
0
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
0
x
0
x
x
x
x
x
x
x
x
0
0
x
x
x
x
0
x
x
x
0
x
x
0
0
x
x
0
0
x
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
0
0
0
x
x
0
x
x
0
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
0
0
x
x
x
x
0
0
x
x
x
x
x
x
x
0
0
x
0
x
0
x
x
0
x
x
0
x
0
x
x
x
0
x
x
0
x
x
x
x
x
x
x
0
x
x
0
x
x
x
0
x
x
0
x
x
x
x
x
x
0
x
0
0
x
x
x
0
x
0
0
x
x
x
x
0
0
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
x
x
x
0
0
x
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
0
x
0
0
0
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
0
0
0
0
0
x
0
0
x
x
0
0
x
x
0
0
x
x
x
0
0
x
x
0
x
x
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
0
x
x
x
0
0
x
x
x
0
0
x
x
x
x
x
0
0
x
x
x
0
x
x
0
0
x
0
x
x
x
x
x
0
x
0
x
0
x
0
x
x
x
x
x
0
x
x
x
x
x
x
0
0
x
x
0
x
x
x
x
0
x
0
0
x
0
0
0
x
x
x
x
0
0
x
x
x
x
0
0
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
0
x
x
0
x
x
0
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
0
x
x
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
0
0
0
x
0
0
x
x
0
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
0
0
x
x
x
x
x
x
x
x
0
0
x
0
x
x
x
x
0
x
0
x
x
x
0
x
0
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
0
x
0
x
x
x
x
0
x
x
0
x
x
x
0
0
x
x
x
x
x
0
x
x
x
0
x
x
x
0
x
0
0
x
x
0
x
x
0
x
x
x
x
x
x
x
0
x
x
0
x
x
x
0
0
x
0
x
x
x
x
x
x
x
x
x
0
x
0
0
x
x
x
0
0
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
0
0
x
x
0
0
x
x
0
x
x
x
x
0
0
0
x
x
0
x
x
0
x
x
x
0
x
x
0
0
x
0
x
x
0
x
x
0
x
0
0
x
0
0
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
x
x
0
x
x
x
x
x
x
0
0
x
0
0
x
x
0
x
x
x
x
0
0
x
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
0
0
0
x
x
0
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
0
x
x
x
0
0
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
0
x
x
x
0
x
x
x
x
x
0
x
x
0
x
x
0
x
x
0
x
x
0
0
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
0
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
0
0
0
x
x
0
0
x
x
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.CLAY
