Trojan.Kryptik.DVK
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.DVK |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
6b0c0a093128765db007950fee0f73a8
SHA1:
f728e7317c2d3b3adc12a1ca7431525da663dcb4
File Size:
1.23 MB, 1234984 bytes
|
|
MD5:
215a36b43cc29d273051a741f16728a1
SHA1:
7b547d17420affd7a92bd860a4df4e10c00ea5d7
File Size:
1.10 MB, 1099264 bytes
|
|
MD5:
4ce0e01a19935870cb4c4370616bbbf6
SHA1:
c7c91ed7676bf13cdd64a3ca88243e7d5da36a5c
SHA256:
E48548DFD9A99FB72BAB96AB7FF6B7D817BC337A7AB81BE985F42AA9DD4DA9CD
File Size:
1.16 MB, 1156648 bytes
|
|
MD5:
7234d8e5b971b3c2f19478cc5beedc10
SHA1:
15fe0be2a976736e304f4a15f1fbe0c2a900a951
SHA256:
998751C996069CEA751C941D8E691275CE01DC66959DFC436E4266D7218565E5
File Size:
1.87 MB, 1865216 bytes
|
|
MD5:
c3bbaeff6a0dbb01573be31143882bea
SHA1:
89bcd38150639b5021f3c3e891bb1b9d6c5379ad
SHA256:
4E1A3160E58019DC286660ED79D11D55CA771029F53789D27B72B273AA04805A
File Size:
1.23 MB, 1232936 bytes
|
Show More
|
MD5:
edcfcaead48b7414ec1577eef16a0f4d
SHA1:
e5742f3211275638c527931d97d2142db4e7fbf4
SHA256:
98A8CF01C85638FFE1A791D9DE991F49FF270BCFE60E98BCCB08076AD096CCD7
File Size:
1.71 MB, 1709568 bytes
|
|
MD5:
da734df0190404cafde43c93fb63e96a
SHA1:
d976a72dafe9b4bc89782290bd36f8a45dcab488
SHA256:
928AF2EA84F429B530714024D3CD2184502F5B95E8D4A7034CB3013E8EF93FAE
File Size:
1.14 MB, 1138216 bytes
|
|
MD5:
281b7cf4959c04e83e7dbfe81f23b282
SHA1:
ae2932a46d5ad95fafd0e44d490b403ea88ff5e2
SHA256:
182C40662E972766A84E7C4984BBAEC2E4BA51A6C80DBCA9028E13EE2C4A3DAA
File Size:
1.15 MB, 1146408 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Microsoft Corporation |
| File Description |
|
| File Version | 10.0.19041.1 (WinBuild.160101.0800) |
| Internal Name |
|
| Legal Copyright | © Microsoft Corporation. All rights reserved. |
| Original Filename |
|
| Product Name | Microsoft® Windows® Operating System |
| Product Version | 10.0.19041.1 |
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| NVIDIA Corporation | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
File Traits
- 2+ executable sections
- HighEntropy
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,028 |
|---|---|
| Potentially Malicious Blocks: | 764 |
| Whitelisted Blocks: | 1,113 |
| Unknown Blocks: | 151 |
Visual Map
?
x
0
0
0
?
x
?
?
0
x
0
x
x
x
x
?
?
x
0
0
?
x
x
x
x
0
x
?
x
x
x
0
x
x
?
x
0
x
x
?
x
x
x
x
0
?
x
x
x
0
?
x
x
x
x
0
x
x
x
x
0
x
?
x
0
0
0
x
0
x
x
x
x
x
0
x
0
?
x
0
?
x
?
0
?
x
x
0
0
x
x
x
0
?
x
x
?
0
0
x
x
x
x
0
0
x
?
0
x
0
x
?
x
x
0
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
?
x
x
0
x
0
x
x
0
x
x
x
0
0
0
x
x
0
0
0
x
0
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
?
0
x
x
x
x
?
0
0
x
0
?
x
0
x
0
x
x
x
?
x
0
x
?
x
x
x
?
0
x
0
x
x
0
x
0
x
0
x
x
?
0
0
x
x
x
x
0
x
0
x
0
?
x
0
x
x
x
x
0
0
x
x
?
0
0
x
0
?
x
x
?
0
x
x
x
x
?
x
0
0
x
x
x
x
?
0
x
x
0
x
0
x
0
0
x
x
0
x
x
?
0
0
x
x
x
0
?
x
x
0
x
x
x
0
x
0
0
x
0
x
0
0
x
0
x
0
0
x
0
x
0
0
x
0
0
x
x
x
0
x
x
x
?
0
x
x
x
0
x
?
0
0
0
0
x
?
x
0
x
x
x
0
x
0
x
x
x
0
0
x
x
0
x
?
0
0
x
x
x
x
0
x
x
x
x
0
0
x
x
x
0
0
x
0
x
0
?
x
x
0
0
?
0
x
x
x
x
x
0
x
?
?
0
?
x
0
0
x
x
x
0
x
0
x
x
0
0
x
x
x
x
0
x
x
0
0
x
x
x
0
x
0
0
x
x
x
x
0
0
x
0
0
0
x
x
x
x
0
0
x
0
0
0
0
x
0
x
x
0
0
0
?
0
x
x
x
x
x
x
x
x
x
0
0
?
0
0
0
0
0
0
x
0
x
?
?
0
x
x
x
0
x
0
0
x
0
0
x
?
x
x
x
x
x
0
?
0
?
x
x
0
x
x
x
0
x
x
0
0
x
x
x
x
0
x
0
x
0
x
x
x
x
x
0
0
0
?
?
0
0
x
x
0
x
0
0
x
0
x
0
?
x
0
0
?
x
x
x
?
?
x
x
0
x
0
0
x
?
0
x
?
?
0
x
x
0
?
x
0
x
x
0
0
x
x
x
0
0
x
0
0
0
0
0
x
x
0
x
0
x
0
0
?
x
x
0
x
x
x
x
0
x
x
0
x
x
0
x
0
0
x
0
x
0
0
x
x
0
0
x
x
x
x
0
0
0
x
x
x
0
x
0
0
0
x
x
x
0
0
x
0
x
0
0
0
x
x
x
0
x
0
x
0
0
x
0
x
0
x
x
?
0
x
x
0
x
x
x
x
0
x
0
0
?
?
0
x
x
x
x
x
0
0
x
x
x
x
x
0
?
0
x
x
0
0
x
x
0
0
x
0
x
x
0
?
0
x
0
x
0
x
x
0
0
0
0
x
0
?
0
x
?
0
x
x
x
x
?
?
0
0
x
x
x
x
x
0
x
x
0
0
x
x
0
x
x
0
0
0
x
x
?
x
x
x
0
0
0
?
0
x
x
x
0
x
x
x
0
x
x
0
x
0
x
x
x
0
x
?
x
?
0
x
x
x
x
0
0
x
x
x
0
x
x
x
0
x
0
x
0
0
x
x
0
x
0
0
x
x
x
x
x
0
x
0
x
x
x
x
0
0
0
x
x
0
x
x
0
x
x
x
x
0
0
x
x
0
x
x
x
0
0
x
x
0
x
x
0
0
?
0
?
x
x
0
x
x
x
x
0
x
0
?
x
?
?
0
x
x
?
x
0
x
0
x
x
?
x
0
x
x
x
x
?
x
x
?
0
0
0
x
x
?
0
x
0
x
0
?
x
?
x
0
x
0
x
x
x
x
x
x
?
0
?
0
x
0
0
0
x
x
0
x
x
0
0
0
x
x
0
x
x
0
?
x
0
0
x
x
?
?
0
x
?
0
x
x
?
?
x
?
x
x
x
0
0
x
x
0
x
x
0
x
?
0
x
x
x
0
x
x
0
x
0
x
x
x
?
x
0
0
x
x
0
0
x
0
x
x
x
x
x
0
?
x
0
x
x
0
x
x
0
0
x
x
x
x
x
x
0
0
x
0
x
0
x
x
x
0
x
0
x
x
x
0
x
x
x
x
?
x
x
?
x
x
x
0
0
x
x
x
x
x
x
0
x
x
x
0
x
x
?
x
0
0
x
0
0
x
x
0
x
0
0
x
x
x
x
0
0
?
x
0
0
x
0
0
0
0
0
x
0
x
x
0
0
x
0
0
0
0
x
0
0
?
0
x
x
0
x
x
0
x
0
x
0
x
x
x
x
x
0
x
0
x
x
0
?
x
0
x
0
?
0
0
0
0
x
0
0
x
0
?
x
x
0
x
0
?
?
0
x
x
0
0
0
0
x
0
0
0
0
x
x
0
0
0
0
x
0
0
x
x
0
0
x
x
0
x
x
x
x
0
x
x
x
?
x
x
x
0
x
?
0
0
x
x
x
x
0
?
x
?
x
?
x
x
x
x
x
0
x
x
?
0
0
x
0
0
0
0
x
x
x
x
0
x
?
?
x
?
?
0
?
x
x
0
x
0
x
?
x
x
?
x
x
x
x
x
0
?
0
x
0
?
0
x
?
0
x
0
0
?
x
0
0
x
?
x
x
x
0
0
x
0
x
0
0
0
0
x
0
x
0
0
0
0
x
x
x
0
x
0
0
0
0
x
x
x
0
x
0
0
0
0
x
x
0
0
x
0
0
0
x
0
0
x
0
0
0
x
0
0
0
?
x
?
?
x
0
0
x
0
?
x
0
?
?
0
0
0
?
x
0
?
x
?
0
0
x
x
x
0
?
x
x
?
0
x
0
0
x
x
x
x
x
?
x
x
x
?
0
0
x
x
x
0
0
?
0
0
x
x
x
x
x
0
0
x
x
0
x
x
x
?
?
x
x
0
?
x
0
0
x
0
x
?
x
x
?
0
x
0
?
x
x
0
0
x
0
x
0
0
x
x
x
x
x
0
x
0
0
0
x
x
0
x
x
x
0
x
x
x
x
x
0
x
0
0
x
0
x
x
0
0
x
0
0
x
?
x
x
x
x
x
0
x
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CobaltStrike.HM
- Kryptik.DVK
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
