Trojan.Kryptik.DVP
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.DVP |
|---|---|
| Signature status: | Hash Mismatch |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
d1b8a3679a94787a9736687c32e7bac6
SHA1:
adfe8574ea04d5173a79fd95d8a9e0d5fc4e3ef8
SHA256:
9605E7D37A122D5AD4B53607F016CB3BB4ED5AE427CA6A71251F4C3BA9AE242A
File Size:
3.08 MB, 3082752 bytes
|
|
MD5:
4ba6b1f459a52bb18eb7b7f0cbf64250
SHA1:
a2200bca11b52fe260d78e3bec639c4fb122136f
SHA256:
B5FB602ADD12067761EFA2188BD0F2E5F70B572B302002723957EDEBC6E6ABD8
File Size:
2.60 MB, 2596864 bytes
|
|
MD5:
682418d9250075b45c0ceb57518216ef
SHA1:
583f50c1c86b0d817519aad6ee479f32f5e8654b
SHA256:
78588DB07EB869BCBD2BE72DD4CD20BD9E356BAF75F5A22A518211830D343458
File Size:
2.93 MB, 2925056 bytes
|
|
MD5:
341cc90dc58f6e3c912ad5fd53a8eae0
SHA1:
46873a9d788fdbb04183c0ce0531f052fa4884cb
SHA256:
BBCD6A52A0DF4859E9AB2FCB085CBE990B2D0EFDF5F377FB15770A8BBA90E9DB
File Size:
3.05 MB, 3046952 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| NVIDIA Corporation | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
File Traits
- fptable
- HighEntropy
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,931 |
|---|---|
| Potentially Malicious Blocks: | 208 |
| Whitelisted Blocks: | 1,668 |
| Unknown Blocks: | 1,055 |
Visual Map
?
?
x
?
?
0
0
x
?
x
?
0
0
x
0
?
x
0
x
?
?
?
?
0
?
?
?
?
?
?
x
0
0
0
?
?
0
?
x
?
?
0
?
x
?
?
?
0
?
0
?
?
?
?
?
x
x
0
0
0
x
?
?
?
?
0
?
?
?
x
x
?
0
?
0
0
x
?
?
0
?
?
?
0
0
x
0
0
?
?
0
?
0
?
?
0
0
?
0
?
?
?
?
x
0
0
?
0
x
0
0
0
?
0
?
?
x
x
0
0
0
0
?
?
?
?
?
?
?
?
0
?
0
x
?
?
?
0
0
0
?
?
x
?
0
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
0
?
?
0
0
?
0
0
?
?
x
?
0
?
?
?
0
0
0
0
0
x
?
?
?
?
x
x
0
x
0
0
0
?
0
?
x
x
0
x
?
x
0
0
0
0
?
0
x
0
0
0
0
?
?
?
0
0
?
0
?
?
0
0
?
?
0
0
?
?
?
0
?
?
0
x
?
?
0
0
x
?
0
?
?
?
0
0
0
?
?
0
?
?
?
0
?
0
?
?
0
?
0
?
0
?
?
0
?
?
?
?
?
?
0
?
x
?
?
?
?
?
?
x
?
?
?
0
0
?
0
?
?
?
0
?
?
0
0
?
?
?
x
?
0
?
x
?
?
?
0
?
?
x
0
x
0
?
?
0
?
x
x
?
?
x
0
0
?
?
?
?
?
x
?
0
?
0
0
?
0
0
?
?
0
?
0
0
x
?
?
?
0
x
?
0
?
?
?
?
?
0
?
0
?
0
?
x
0
0
0
?
?
?
?
?
?
?
0
0
0
0
0
?
?
0
?
0
?
0
?
?
x
?
?
0
0
?
?
x
0
x
0
0
0
?
0
0
?
?
x
?
0
?
?
0
?
?
0
?
0
x
x
0
0
?
0
?
?
?
?
?
?
x
?
?
0
0
x
0
0
x
?
?
?
?
?
0
?
0
?
?
?
0
?
?
0
?
?
?
0
0
?
0
?
0
x
0
?
?
?
?
0
?
0
x
0
0
x
0
x
?
?
?
0
?
?
?
0
0
?
0
?
0
?
?
?
?
0
?
0
0
?
0
0
?
x
0
?
0
?
x
0
0
x
?
0
?
x
?
?
?
?
?
?
0
?
0
0
?
?
?
?
0
?
x
0
?
0
?
x
?
?
x
0
x
?
?
?
?
?
?
0
0
0
?
?
0
0
?
?
?
0
?
0
0
0
0
?
?
0
?
x
0
?
0
0
?
?
?
?
0
?
x
0
?
0
?
x
0
?
?
0
0
?
?
?
?
?
x
0
x
?
0
?
x
?
0
0
0
0
0
?
?
0
0
?
?
?
0
?
?
0
?
0
?
x
0
?
0
?
0
?
x
?
0
0
0
?
0
0
?
0
0
?
0
0
0
?
0
?
?
?
?
0
0
?
?
?
?
?
0
?
?
0
?
?
?
0
?
?
?
0
?
?
?
?
x
0
x
0
x
?
0
?
0
0
x
0
?
0
?
x
?
0
0
x
0
?
0
?
?
?
?
?
x
0
0
0
?
?
0
?
0
?
?
x
0
0
0
?
?
?
x
0
0
0
?
?
?
x
?
0
?
?
?
0
?
?
0
x
x
?
?
?
0
?
0
?
?
?
?
?
?
0
0
0
?
?
?
?
0
x
?
0
x
?
?
?
?
?
x
?
?
0
0
?
?
?
0
x
0
?
0
?
0
0
0
?
0
0
0
?
0
0
?
0
?
x
0
?
0
?
?
?
?
?
x
0
?
?
0
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
x
?
?
?
0
?
?
0
?
x
x
0
x
?
x
0
?
0
?
0
?
x
0
x
?
?
0
0
?
0
0
?
x
?
0
0
?
0
0
0
0
x
0
?
?
0
0
x
?
?
?
0
?
0
?
?
?
0
?
?
0
?
0
?
0
?
?
0
x
0
?
0
?
0
x
x
?
?
?
?
?
?
?
?
?
?
?
?
x
?
x
0
x
0
0
0
?
0
?
0
0
?
?
?
0
?
?
?
0
0
?
?
?
0
?
?
?
?
x
0
0
0
?
?
0
0
?
0
?
?
?
x
0
0
?
0
x
?
?
0
?
?
0
0
?
x
?
?
0
?
0
?
?
x
?
0
?
0
0
x
0
0
0
x
0
?
?
0
?
0
0
?
0
0
?
?
0
?
?
?
0
?
x
0
0
?
?
?
?
?
0
?
0
?
?
?
0
0
?
0
?
?
0
0
?
0
?
0
0
?
?
0
?
0
0
?
x
0
0
?
?
?
0
0
0
?
0
x
0
0
?
?
?
?
0
0
?
0
?
?
0
0
0
?
?
0
0
?
0
0
?
0
0
?
x
?
?
0
?
?
?
0
0
?
?
?
?
?
0
?
0
?
?
0
0
x
0
x
0
?
0
x
?
?
0
?
?
0
0
?
?
?
?
?
?
?
?
?
?
0
0
?
x
0
?
x
x
?
0
?
?
x
?
?
?
?
?
0
?
?
?
?
?
0
0
0
0
0
?
0
?
0
0
?
?
x
?
0
?
?
?
?
?
x
0
?
?
0
0
?
x
0
?
0
?
?
?
0
?
?
?
0
0
?
?
?
0
0
?
0
0
0
0
?
x
0
?
x
0
0
?
?
?
?
0
?
0
?
?
?
?
0
?
0
0
x
0
?
0
0
?
?
?
0
?
?
x
?
0
?
0
0
?
?
0
?
0
?
0
0
?
?
0
?
0
?
?
0
0
?
0
?
0
0
?
0
?
?
?
?
0
0
?
?
?
0
0
0
0
?
?
0
?
?
?
?
0
?
?
0
0
0
?
x
x
0
0
?
?
?
0
?
0
x
0
?
x
?
?
0
?
?
0
?
0
?
?
?
x
?
?
0
0
?
?
0
?
?
0
0
?
0
?
0
?
?
0
?
0
?
0
0
?
0
0
?
?
?
?
?
?
?
x
?
0
0
?
?
0
0
x
0
?
0
?
?
0
0
0
?
0
0
?
?
?
?
0
x
?
?
?
0
0
0
?
0
0
?
0
0
x
0
?
0
?
?
?
0
0
0
?
0
0
?
?
0
0
0
?
0
0
?
?
?
0
0
?
?
?
?
?
?
0
?
?
0
?
?
0
0
?
?
0
0
?
?
0
?
?
?
x
?
?
?
?
0
?
?
?
x
?
?
0
0
0
?
?
?
x
0
0
?
x
?
?
?
?
0
0
?
?
0
0
x
0
?
?
0
0
?
?
?
?
0
0
?
0
?
?
0
0
?
0
0
?
?
x
x
0
?
x
0
0
0
0
?
?
?
?
0
0
?
?
0
?
?
?
?
0
0
?
0
?
?
0
?
0
x
0
?
?
0
?
?
0
x
0
0
0
?
0
0
?
0
?
x
x
0
?
x
x
0
?
?
x
0
0
0
?
0
?
?
?
x
0
?
?
?
0
0
?
?
0
0
?
?
?
?
?
?
?
?
0
0
0
0
?
?
?
0
?
?
0
?
0
?
?
0
?
0
0
0
0
?
?
?
?
?
?
0
x
?
?
?
?
?
?
?
0
?
?
x
?
0
0
x
?
?
0
0
?
0
?
?
0
?
0
?
0
?
0
?
0
x
0
?
0
?
?
?
0
0
?
0
0
0
?
0
?
0
?
?
?
0
?
?
?
0
?
?
?
?
?
0
?
?
?
0
?
?
?
0
?
?
?
0
?
0
?
?
?
?
?
?
0
?
?
?
?
?
?
0
?
0
0
0
?
?
x
?
0
x
?
0
0
0
?
x
?
0
0
?
0
0
0
0
?
?
?
x
0
?
0
x
0
x
0
x
x
0
0
x
x
0
0
?
?
?
?
0
0
0
?
0
?
0
?
?
x
x
0
?
x
?
?
0
x
?
?
x
?
?
?
0
x
0
?
0
x
0
?
x
x
0
?
x
?
0
0
0
?
?
?
x
?
0
?
?
?
0
x
?
?
0
0
?
0
0
0
0
?
0
?
0
x
0
?
0
?
0
0
?
0
0
?
?
?
?
?
?
?
?
0
0
?
?
?
?
?
?
0
?
0
?
x
0
?
0
?
?
?
?
?
0
?
0
?
?
x
?
?
?
?
0
x
0
?
?
?
x
?
?
?
?
0
?
?
0
0
0
?
x
0
x
?
?
?
0
?
?
?
?
?
?
?
?
?
?
x
?
0
x
?
x
?
?
0
x
?
0
0
x
0
?
x
?
x
?
?
0
x
0
0
?
0
?
?
x
?
0
0
x
?
0
0
?
?
?
?
?
x
?
x
?
0
?
?
?
0
x
?
0
0
0
0
x
0
0
?
?
?
?
0
0
0
?
?
?
?
0
x
0
?
?
?
0
?
?
?
0
0
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
2
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.DVP
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
