Trojan.Kryptik.Gen.DBQ
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.Gen.DBQ |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
b054cb025c67eb1e27b984f52a191917
SHA1:
0e95e6d574b84da4473dc2cbe39cf46f9b03e0fa
SHA256:
02FF23A4D5CA9E19B1D6D34BF05E26E1E52834D49C9B342049331D6C161484F4
File Size:
605.92 KB, 605918 bytes
|
|
MD5:
451beaf87986ef52605d3a99bd7a6b23
SHA1:
7c991dc2ab2ee41bb0084ec79a8d31fad2fd7d1d
SHA256:
331E592CF7FABAE31508D6EFD7CF9D2F3458F10085BEFA8D59E8A3993EA80E43
File Size:
2.73 MB, 2734937 bytes
|
|
MD5:
250ad250af353f31b6c662bd671f2783
SHA1:
548a8defbaf1e3474fa3db69c7268294f6d8895f
SHA256:
54FF42709F0D9FC94F65FE8D7F1288587966DABAE136F9D5C6EC3ED3E9834D34
File Size:
1.81 MB, 1814928 bytes
|
|
MD5:
87a87134832dc6bd910a2fdf92ed3a73
SHA1:
0d40f7f81b57243850066185b788242974455536
SHA256:
13D2B6D339946665271581A8D8FED954535F6B3405FB82BBB5614491F7A25DB4
File Size:
1.61 MB, 1614760 bytes
|
|
MD5:
d833ddd42217849d90418f18e406168b
SHA1:
86b175502337a5a8f5bca48091f5ad6e03b2939a
SHA256:
B877F3EF3A5F6941AB8A732CAEAF21FA80A8818814382AA3EC49FD9A6128B45B
File Size:
1.82 MB, 1816484 bytes
|
Show More
|
MD5:
285292d86f774302853af0e93a2353c2
SHA1:
2af7161fd492aae8ebc41945a1fa9004960cf0ec
SHA256:
52EDDCFE0DD3093B6D66CEBBD420480846E0AC79C422D88137A1A96AA34FE894
File Size:
1.59 MB, 1593032 bytes
|
|
MD5:
cac62732830cf65e8578a50a3fc1114b
SHA1:
1c8eb481822afc8dcb7c84b39ed07d08d5eac737
SHA256:
FB209B43468810B910846E2520E98DFF84074F60C038362C61A1FD5E92B81834
File Size:
3.41 MB, 3412072 bytes
|
|
MD5:
431fd1c2e9e89b58e66ad3ec449f25b8
SHA1:
0afb05de7a6f402605f3dbf8ca5c9a6a378c0e95
SHA256:
BBFE9320BC5247DF59E1FB651428D2CA9E5A90105D4473DE73E75CD0A56BE5AC
File Size:
3.40 MB, 3403540 bytes
|
|
MD5:
8d91a5287d842fc54a20b43abe4f42cd
SHA1:
f9c01a81c780f1d3a9c33925235ef2f5735c2b11
SHA256:
C140527D5665214300EBD20CF46CA1F9DA97303971204B01A9A22784F6D662AE
File Size:
1.12 MB, 1115720 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- big overlay
- dll
- fptable
- HighEntropy
- Installer Manifest
- Installer Version
- ntdll
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 620 |
|---|---|
| Potentially Malicious Blocks: | 75 |
| Whitelisted Blocks: | 422 |
| Unknown Blocks: | 123 |
Visual Map
?
?
?
?
x
?
x
?
?
x
0
x
?
0
?
?
0
x
x
x
x
x
?
x
?
?
0
x
?
x
?
?
?
0
?
?
?
?
x
?
0
?
?
x
0
x
?
x
x
?
x
x
x
?
0
?
?
0
?
x
x
x
x
0
0
x
x
x
?
?
?
0
0
x
x
?
x
?
?
x
0
?
?
x
?
x
x
?
x
?
x
x
x
0
x
?
?
x
x
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
x
?
?
?
?
?
x
?
?
x
?
x
x
x
?
x
?
x
?
x
x
?
x
?
?
x
x
?
x
?
?
x
x
0
x
x
?
x
x
x
x
x
?
?
?
?
0
?
x
?
?
x
?
?
0
x
?
x
?
0
0
?
x
?
?
?
x
?
?
0
?
?
x
?
?
?
?
x
?
0
?
x
x
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.FTS
- Agent.KUH
- CobaltStrike.SVN
- Kryptik.DEQ
- Kryptik.GUB
Show More
- LockScreen.AG
- Lumma.JC
- Marte.CP
- Rozena.XV
- ShellcodeRunner.RRB
- Trojan.Agent.Gen.BCO
- Trojan.Agent.Gen.BGO
- Trojan.Agent.Gen.BNR
- Trojan.Agent.Gen.BPF
- Trojan.Downloader.Gen.KG
- Trojan.Injector.Gen.GOC
- Trojan.Kryptik.Gen.DBQ
- Trojan.Kryptik.Gen.DKA
- Trojan.Kryptik.Gen.DOM
- Trojan.Kryptik.Gen.DUH
- Trojan.Kryptik.Gen.DZH
- Trojan.Kryptik.Gen.EAW
- Trojan.Kryptik.Gen.EEG
- Trojan.ShellcodeRunner.Gen.KE
- Trojan.ShellcodeRunner.Gen.KI
- Trojan.ShellcodeRunner.Gen.KS
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Encryption Used |
|
