Trojan.Kryptik.DDG
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.DDG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3b67da57facef3c8576f7303605b87f2
SHA1:
f05a8d83227c4ceb55de834c28c62b2c1cbce54e
SHA256:
47D0F61014729FCE6B5BF48BCD135EC550CD2240AF1971C439B773CB072FA388
File Size:
7.16 MB, 7159358 bytes
|
|
MD5:
8fa766ac155264f03a55fccbd6f91166
SHA1:
76130ce47e39caa2e18872e2c279c84090cccff6
SHA256:
C1EA7E798EDC0A4451ED2BC326AA4DF916727EF194345BB30D79996F2313C868
File Size:
7.16 MB, 7159356 bytes
|
|
MD5:
8de5089273fde314dcc56a69b1fb46cd
SHA1:
2155f96317822120e12aacb0eb51d26cc4fddc8c
SHA256:
5A74C4740A6E98FAF5A0E17362BC2B487FC48200F319C62CD23BA4A338F57DFA
File Size:
7.16 MB, 7159358 bytes
|
|
MD5:
37e3d0d4673ad9a2902f7298a701cba7
SHA1:
4e974f73a3327b018b33f4b0f8f3293e869227e2
SHA256:
480405A89F20B80B1EC85440490F1547FA192533A26A5D2C5F3886D4241B4871
File Size:
7.16 MB, 7159358 bytes
|
|
MD5:
83d877d873cca10c370a65093545e358
SHA1:
f5ddf321477f15b06399763d4c15e213c22c5565
SHA256:
ADA8BF3F7C0FAE2D26F8F6519898EAFA0D33FB0783552E2B4CA39EA7265B9B6E
File Size:
7.16 MB, 7159357 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Description | A high performance fractal renderer. |
| File Version | 0.4 |
| Legal Copyright | © 2009 Michael J. Thiesen |
| Product Name | Fractron 9000 |
File Traits
- dll
- HighEntropy
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\nsfd1b0.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsfd1b0.tmp | Synchronize,Write Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Keyboard Access |
|
