Trojan.Kryptik.DVS
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.DVS |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
bafd7e5efc60131cc36b535063e51559
SHA1:
4e48919dcafec2ed4410f896bee2019d70ee5749
SHA256:
84C3C4EC5F9DA7038B0D9A78D3ADABCE6A3CFD538763FCB549FF27E62020C2BA
File Size:
1.39 MB, 1388544 bytes
|
|
MD5:
2b5776a8602c25732e5510261a8e139d
SHA1:
ee0484ecd931da12bf29dbfca69a7122dd8048f9
SHA256:
FA7ED3B205631C0560E870BA8A23494E12E0B78BBA684DAADAB2A14D0DB0325A
File Size:
2.51 MB, 2507264 bytes
|
|
MD5:
31d96f006c70542a283bc841d908ebca
SHA1:
a66cf89224550a89eb598ab24c38131601b97046
SHA256:
B7DA5160A06A5748A34B35B1649DABF8FD955C2FB8DAC481A00CE7F995116895
File Size:
2.11 MB, 2112512 bytes
|
|
MD5:
89d220c98253b6b0e9c00d0641c275e4
SHA1:
01d746c34715a9d37380e5b27aaa0d53a42942ce
SHA256:
CCC4A15B30915C8666C93F7A4E19DBD4896C940029FA909291B8DDBCDB360433
File Size:
2.61 MB, 2607104 bytes
|
|
MD5:
d75e066b8c2da7e5c7a8f3683cc4ed0d
SHA1:
894b4120abcc2b83148cdc79935ea4f650d5cbda
SHA256:
365F2F3C09B8E77FA1CC8936568D66B707096D11873EDAA2E4F894A2DD11D010
File Size:
4.55 MB, 4552704 bytes
|
Show More
|
MD5:
e94ac00a0e06b2fd8dfaa3609bdb8540
SHA1:
453d68cc81baf638371216244c3e8ba72c9d07e0
SHA256:
E0B93640F3C8A42484B7F6DB74A96A34CE5C3F7C4CD98621210F07DD618ADAD0
File Size:
1.31 MB, 1307136 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Microsoft Corporation |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright | © Microsoft Corporation. All rights reserved. |
| Original Filename |
|
| Product Name | Microsoft® Windows® Operating System |
| Product Version |
|
File Traits
- fptable
- HighEntropy
- Installer Version
- No Version Info
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3,020 |
|---|---|
| Potentially Malicious Blocks: | 259 |
| Whitelisted Blocks: | 1,726 |
| Unknown Blocks: | 1,035 |
Visual Map
?
?
x
x
x
?
?
?
x
?
?
0
0
?
0
0
0
0
x
?
x
x
0
?
?
?
0
?
x
0
?
?
?
?
?
?
?
?
0
?
?
0
0
?
?
x
?
0
0
0
?
x
x
?
0
x
?
0
?
0
x
x
x
?
?
?
0
?
?
?
0
0
?
?
0
?
?
x
?
x
0
0
x
?
0
0
?
?
?
0
?
?
?
0
?
0
x
?
0
0
?
0
?
x
?
0
?
?
?
?
?
0
0
0
0
?
?
?
?
0
x
x
?
?
?
?
0
?
0
?
?
0
?
0
0
0
0
0
?
?
x
?
?
0
0
0
x
0
?
?
?
?
x
?
?
?
?
0
?
?
x
x
0
?
?
0
0
?
?
?
0
?
?
?
?
?
?
?
0
0
?
?
?
0
0
?
?
0
x
0
?
x
0
?
?
?
0
?
?
?
0
x
x
0
?
0
0
0
0
0
0
0
?
x
0
?
0
0
?
0
0
0
?
?
?
?
?
?
0
0
?
x
?
?
x
?
?
?
x
x
x
0
x
x
?
0
?
x
x
0
?
0
?
?
0
0
?
x
0
0
?
?
?
x
x
?
x
?
x
?
?
0
x
0
0
?
x
?
?
?
0
?
0
?
?
?
?
0
x
0
0
0
0
?
?
0
?
?
0
0
0
x
x
0
x
x
?
0
?
?
x
?
0
x
x
?
?
?
x
x
0
0
0
x
?
x
x
?
0
?
x
?
?
x
?
?
?
?
?
?
?
?
?
?
?
x
0
?
0
?
0
0
x
x
0
x
?
x
x
0
?
?
?
0
?
0
?
?
0
x
?
?
0
?
0
x
x
?
?
0
x
?
?
?
0
?
x
?
x
0
?
x
?
?
0
?
0
?
?
?
?
0
?
0
0
0
?
0
?
0
0
?
?
?
x
0
?
?
?
?
x
x
?
?
?
0
?
?
?
?
0
0
?
?
0
?
?
0
?
?
?
0
?
?
?
0
x
0
0
0
0
?
x
0
0
0
?
0
?
?
?
?
?
0
?
0
0
0
0
?
?
?
0
0
0
0
?
0
?
0
?
x
?
?
0
?
?
?
0
0
?
0
0
?
?
0
?
x
0
0
?
0
x
0
0
?
?
x
?
?
0
?
x
x
0
?
?
?
0
0
?
x
?
?
?
0
x
?
0
0
?
0
?
?
?
0
0
0
?
?
?
?
?
0
?
?
0
?
0
0
x
?
x
0
0
0
?
0
?
?
?
0
?
0
?
?
0
?
0
?
0
x
?
?
0
?
0
0
0
?
0
?
0
?
0
?
?
0
0
?
?
?
?
?
?
0
0
?
x
0
?
?
0
?
?
0
?
0
?
0
0
0
?
0
?
?
0
0
?
0
?
?
?
x
0
?
?
0
x
?
?
0
0
?
0
?
0
?
0
?
x
x
?
?
0
0
0
?
?
?
?
0
?
x
0
?
0
?
0
?
0
0
?
?
?
?
?
0
0
?
0
0
x
?
?
0
?
0
?
?
x
0
0
0
?
0
0
?
0
0
?
0
?
?
?
0
?
0
0
?
?
0
0
?
x
?
1
1
?
x
?
0
x
?
?
0
0
0
?
?
?
0
0
?
x
x
0
0
x
0
?
x
?
?
?
0
0
0
0
?
0
0
x
0
x
0
0
0
?
?
?
?
x
?
?
0
?
0
?
?
0
0
?
0
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
x
0
?
0
?
?
?
x
?
0
?
?
?
?
?
x
?
0
0
?
0
0
?
x
0
?
0
?
0
?
0
?
0
x
?
x
0
?
0
?
?
?
x
0
?
x
0
0
?
0
0
?
?
?
?
0
0
?
?
?
0
?
0
0
?
0
?
0
0
0
0
?
0
0
?
?
?
0
?
0
0
?
0
0
x
?
?
?
0
?
0
?
0
?
0
?
?
?
?
x
?
x
?
0
x
x
0
x
x
0
x
?
?
0
x
?
0
?
0
?
?
0
?
0
?
0
?
0
0
?
?
0
?
?
?
?
?
0
0
0
0
?
0
?
0
?
?
0
0
0
0
?
0
?
?
0
0
0
?
?
?
0
?
?
?
?
?
?
0
?
0
?
?
x
?
?
0
0
?
?
?
0
0
0
x
0
?
?
0
0
?
?
?
?
0
?
?
?
0
0
?
0
?
?
?
0
0
0
?
0
0
?
0
0
0
?
?
x
x
0
?
?
0
0
?
?
x
0
x
0
?
?
x
?
0
x
?
x
?
0
x
0
?
?
0
?
?
0
?
?
0
?
?
?
?
x
?
0
x
?
?
?
?
?
?
x
?
0
x
0
?
0
?
?
?
0
0
0
?
?
?
0
?
?
?
0
0
0
?
0
0
?
?
0
?
x
0
?
?
0
?
0
?
?
?
0
?
0
0
0
?
0
0
x
0
0
0
?
0
x
?
?
?
0
?
?
?
?
0
0
0
x
?
?
0
0
?
x
?
?
?
x
0
?
x
0
0
0
?
?
0
?
x
?
0
0
0
?
?
0
?
0
?
0
?
?
0
0
0
?
?
?
?
?
0
0
0
?
?
0
0
?
?
x
?
0
?
0
x
0
?
?
x
0
0
?
0
?
0
x
0
?
x
x
?
?
?
?
?
0
?
0
?
?
?
?
?
?
0
0
?
x
0
?
?
?
?
x
?
?
0
?
?
0
0
?
0
?
?
?
0
?
0
0
0
?
?
?
0
0
?
?
?
0
0
?
0
0
0
?
?
0
x
?
?
?
?
0
0
0
?
?
0
?
?
?
0
0
0
?
?
0
?
0
?
0
?
0
?
?
?
0
0
0
0
x
0
?
0
0
?
x
x
x
0
x
0
x
?
0
x
0
0
0
0
0
0
x
x
0
?
0
0
?
?
0
0
?
x
0
?
?
?
?
0
0
x
?
0
x
?
0
?
0
?
x
?
x
x
?
?
0
?
?
?
?
?
0
?
x
?
?
x
x
?
0
?
0
0
?
0
?
0
0
?
0
?
0
0
?
0
0
x
x
0
0
x
?
0
0
?
?
?
0
0
?
?
?
?
x
0
?
x
0
x
0
?
?
?
?
?
0
?
x
x
0
?
x
?
0
0
?
?
x
?
?
?
0
0
?
x
?
?
0
?
?
?
?
?
?
0
?
0
0
0
?
?
0
?
0
?
0
0
?
?
x
x
x
x
0
x
0
x
0
?
0
0
?
x
x
x
0
0
?
0
0
0
?
?
?
x
?
0
?
?
0
?
0
?
?
0
0
x
?
0
?
0
0
?
0
0
x
0
?
?
?
0
x
0
?
?
?
?
0
0
1
?
?
0
?
0
?
?
0
?
?
?
?
?
0
0
?
0
1
?
?
0
?
0
0
?
0
0
?
0
?
0
0
?
?
0
0
?
0
0
0
x
?
x
?
0
?
0
?
0
?
?
0
0
?
?
x
?
x
x
0
0
0
?
0
0
x
?
?
?
0
0
x
?
0
0
?
0
0
x
?
0
0
?
0
x
0
x
x
?
0
x
0
?
0
x
?
?
0
?
?
?
0
0
?
?
0
0
?
0
?
?
0
?
0
0
?
0
x
?
?
?
0
0
?
0
?
?
?
x
?
?
0
x
0
?
0
?
0
?
0
0
x
0
0
?
?
?
?
?
0
?
0
?
?
x
0
0
0
?
0
?
?
0
0
0
?
?
0
?
?
?
?
?
0
0
x
?
?
?
?
0
?
0
?
0
?
x
?
0
?
?
?
x
?
0
x
?
0
0
0
?
0
?
?
0
?
0
0
?
0
?
?
x
?
x
?
?
?
?
?
?
x
?
?
x
?
?
?
?
?
0
0
0
0
?
?
?
0
?
x
?
?
0
?
?
?
0
?
0
?
?
x
0
?
0
?
?
x
0
0
0
?
0
?
?
0
?
?
?
?
?
?
0
?
?
?
?
?
0
0
?
?
?
?
?
?
0
0
?
?
?
0
0
0
0
?
0
0
0
0
?
0
?
?
0
?
?
0
?
?
?
?
?
?
0
0
?
?
?
?
0
0
0
0
?
?
x
0
?
?
0
?
0
?
0
0
?
?
?
x
?
?
0
?
?
0
?
0
?
?
0
x
?
0
0
?
?
0
?
?
?
0
0
?
?
0
0
0
?
0
0
0
?
?
?
?
0
x
?
0
?
0
?
0
?
0
0
0
?
?
0
?
0
x
?
0
?
0
0
0
?
?
?
0
?
?
?
?
0
?
0
?
0
?
0
?
0
?
x
x
0
0
?
0
?
x
0
?
?
?
0
?
0
0
x
?
0
?
0
?
x
?
0
?
x
?
?
?
?
0
0
0
x
?
0
?
?
0
?
x
?
?
0
?
0
0
x
0
0
?
0
?
?
?
?
0
?
?
?
?
0
0
?
0
?
0
?
0
x
?
?
?
?
?
?
0
0
x
?
?
?
x
0
?
?
?
0
?
?
0
?
?
?
?
0
?
?
?
?
?
?
0
?
?
?
0
?
0
?
?
0
0
?
0
?
x
0
?
x
0
x
?
x
x
x
?
?
0
?
?
0
x
x
x
?
?
x
x
x
?
0
0
0
?
0
?
?
?
?
0
0
0
0
0
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.DVS
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Anti Debug |
|
