Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.DFA

Trojan.Kryptik.DFA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 22,707
Threat Level: 80 % (High)
Infected Computers: 71
First Seen: September 9, 2022
Last Seen: September 10, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.DFA
Signature status: No Signature

Known Samples

MD5: 03c2b0092b462dc26fbc80173f4c3a19
SHA1: 6ca0ce792a42fa7e5336928921f1b57e631f2fdd
SHA256: E8F446A7FFE2580A064C4406F7FD1BB25E8F8DAFA93F70A471193FEBE9E5353B
File Size: 1.94 MB, 1935239 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
File Description instaalleeer Setup
Product Name instaalleeer
Product Version 101.101.05

File Traits

  • dll
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-53pgp.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-53pgp.tmp\settmp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vrjpt.tmp\6ca0ce792a42fa7e5336928921f1b57e631f2fdd_0001935239.tmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecute
User Data Access
  • GetUserObjectInformation

Shell Command Execution

"C:\Users\Jyrtoshx\AppData\Local\Temp\is-VRJPT.tmp\6ca0ce792a42fa7e5336928921f1b57e631f2fdd_0001935239.tmp" /SL5="$10254,1092480,832512,c:\users\user\downloads\6ca0ce792a42fa7e5336928921f1b57e631f2fdd_0001935239"
(NULL) c:\users\user\downloads\6ca0ce792a42fa7e5336928921f1b57e631f2fdd_0001935239 /VERYSILENT

Trending

Most Viewed

Loading...