Threat Database Trojans Trojan.Kryptik.LII

Trojan.Kryptik.LII

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Kryptik.LII
Signature status: No Signature

Known Samples

MD5: 49eeaf5385aba5ea6bb58bd767ed4299
SHA1: 08dfdf6353c3360ef32ac905c8706e7a9fe93230
SHA256: 545483C09A09C459625E127D4F05AB9ECD17E0CAB6FB719B51ADAD7E78201F48
File Size: 7.36 MB, 7360512 bytes
MD5: 165a5bd48d90124326101f0e177e3292
SHA1: 3b3019f86308d7e9bbf496d0ee3c381a679e952d
SHA256: 793794155F77F3E6EC5751AC56A991BE9865CB27522A0E9D025AA5CD8DAD6D18
File Size: 7.42 MB, 7416832 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 8.12.4.30
Comments A lightweight, versatile image viewer
Company Name
  • Begonia Holdings
  • Duong Dieu Phap
File Description
  • HopToDesk
  • ImageGlass
File Version
  • 8.12.4.30
  • 1.42.9
Internal Name ImageGlass.exe
Legal Copyright
  • Copyright © 2010-2024 Duong Dieu Phap
  • Copyright © 2024 Begonia Holdings. Copyright © 2024 Purslane Ltd.
Original Filename ImageGlass.exe
Product Name
  • Task Manager DeLuxe
Product Version
  • 8.12.4.30
  • 1.42.9

File Traits

  • x86

Block Information

Total Blocks: 450
Potentially Malicious Blocks: 446
Whitelisted Blocks: 4
Unknown Blocks: 0

Visual Map

0 x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 2
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Kryptik.LIH
  • Kryptik.LII

Files Modified

File Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\3acf660917f73e764d4410bf1eaa48f5 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\3acf660917f73e764d4410bf1eaa48f5 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\systemcertificates\ca\certificates\31600991ed5fec63d355a5484a6dcc787ead89bc::blob RegNtPreCreateKey

Windows API Usage

Category API
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...