Threat Database Trojans Trojan.Kryptik.TWA

Trojan.Kryptik.TWA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,308
Threat Level: 80 % (High)
Infected Computers: 204
First Seen: August 3, 2024
Last Seen: January 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.TWA
Signature status: Self Signed

Known Samples

MD5: ae5f6d155edab987e6e027e430223e3e
SHA1: 9b15e3c96783b0a4631a16088808538dc36c71c3
File Size: 6.26 MB, 6258256 bytes
MD5: d63f8bbaa632ccda8911ae3c75e65aed
SHA1: 67b542f2ec5e9017d5f8e8abf1d6be9b11504d18
SHA256: 7157C542ADA70C3C252CFD34A55CEFEF4B4D29BBF1D0DBD4EF9C3F9459F0EA4E
File Size: 5.53 MB, 5530108 bytes
MD5: 60097b95e0b6365bc7cdbdf66622e3b8
SHA1: 3be83b762787c9443d7e848124e34d9d9df69d45
SHA256: C4A3EB3077A9E5B775DFC4617DC9FEA7EBD86158E54D11AAC5BEED3C4FDECE00
File Size: 6.28 MB, 6284796 bytes
MD5: 714fb2898467e263e539ad22529cec3e
SHA1: 874822cff42269ed497538413deb5812cccdb5a0
SHA256: CB70887B4C6D4B212202ECDDB068801C4BE6AA90D592EDC64CCAC15874F41BA9
File Size: 5.53 MB, 5530108 bytes
MD5: 8c7e5dfbcc6e3770703d66a08033f791
SHA1: e0be1fe47e2a6746d797fddd946e03b96ee8fad6
SHA256: 7496D6A82E36279EF01E45D911BCC9B0812C2C1174FBCEDEB34B99165C5D5CBC
File Size: 5.53 MB, 5530108 bytes
Show More
MD5: 9b57246b9aed50392f7b3d81fe2b4f43
SHA1: 3d17d90fd66406a4becf0e160c727eac0e7aa82e
SHA256: 3878B305090B9E945BF53352965AE24C4BEFBCC9B5FE75B6F01288E66C9159A6
File Size: 6.28 MB, 6284796 bytes
MD5: 43819f38dcf3e338f73450f973e72cb3
SHA1: b0be07a2f44d2ff812b172e398270eba1c6f5464
SHA256: 66FFD6E6F4F01845B269060C150F270E9E50359FB5A1BA6A3B9591859ED6392B
File Size: 6.28 MB, 6284796 bytes
MD5: cae07c848e1ec4002e8c24d29505aa2e
SHA1: 7b78a9bceb047d2e97ee66a007a0e71ed59b620f
SHA256: 7C7F6652A640F33A9ACF9F6D0C8AA6E96AA6B82418AEDE932FCD8AF1FA4405BC
File Size: 6.28 MB, 6284796 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments https://rufus.ie
Company Name Akeo Consulting
File Description
  • Notepad2
  • Rufus
File Version 4.1.2045
Internal Name Rufus
Legal Copyright © 2011-2023 Pete Batard (GPL v3)
Legal Trademarks https://www.gnu.org/licenses/gpl-3.0.html
Original Filename rufus-4.1.exe
Product Name Rufus
Product Version 4.1.2045

Digital Signatures

Signer Root Status
Late Effort Slaughter Huge Self Signed

File Traits

  • big overlay
  • Installer Manifest
  • x86

Block Information

Total Blocks: 2,565
Potentially Malicious Blocks: 1,039
Whitelisted Blocks: 1,526
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 x 0 x x x 0 x x 0 0 0 0 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 x x x 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 x x 0 x 0 0 0 0 x x 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x x 0 x x 0 0 0 0 x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 x 0 x 0 x x 0 x x 0 0 0 x 0 x x 0 x x 0 x 0 0 x x 0 0 0 x x x x x 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 x x 0 x 0 0 x x 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x x 0 0 x x 0 x 0 0 0 0 0 x 0 0 x 0 x x 0 x 0 0 0 0 x 0 0 x 0 x 0 0 x x 0 0 0 x x x x 0 x 0 x 0 0 x 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 x x x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 x 0 x 0 x x x 0 x x x x 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 0 0 0 0 0 0 x x x x 0 x 0 0 0 x x 0 0 0 x 0 0 0 0 x 0 0 x 0 x x 0 x 0 0 0 x 0 0 x 0 x x x 0 0 x 0 x 0 0 0 x 0 x 0 0 0 0 0 0 x 0 0 x x x x x x x x 0 0 0 x 0 x 0 x 0 x x 0 x 0 0 0 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 x 0 0 x x x x 0 x x 0 x x 0 x x 0 x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 x x x x x x x x 0 x x x x x 0 x 0 x x x 0 x x x x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 1 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 0 1 2 0 x 0 x x 0 0 x x 0 0 0 0 0 x 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 x 0 0 x x 0 x x x x x 0 x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x x 0 x 0 x 0 x 0 x 0 x 0 x x 0 x 0 x x x 0 0 x 0 x x x 0 0 0 x x x 0 x x x x x x x x x x x x 0 x 0 x x x 0 0 0 x x x x x 0 x 0 x x x x x x x x x x x x 0 x x x x x 0 x 0 x x x x x x x x x x x x x x 0 x x x x x x 0 0 x x x x x x x x x 0 x x 0 0 0 x x 0 0 0 0 x 0 0 0 0 x x x 0 0 0 0 0 x x x x x x x x x x x 0 0 0 x x x x x x x x x x x 0 x x 0 0 x x 0 x x x 0 0 x 0 x 0 x x 0 x x x 0 x x x x x x x x x x x x x x x x x x 0 0 x x x 0 x x x x 0 x 0 x x x x x 0 x x x x 0 x x 0 x x x x x x x x x x x x x x x x x 0 0 x x 0 x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x 0 x 0 0 x x x x x x x x x x x x x 0 x 0 0 x 0 0 0 0 x x x 0 0 0 x 0 0 0 0 x 0 x x x 0 x x x x 0 x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x 0 x 0 0 x x x 0 0 x x 0 x 0 x x x 0 x x x x 0 x x 0 x x x 0 x 0 x 0 0 x x x x x x 0 x 0 0 x 0 x 0 0 x x x x x x 0 x 0 x 0 x x 0 0 0 x x x 0 0 0 0 0 x x x x x x x x 0 x x x x x x x x x 0 0 x x x x 0 x 0 x x x x 0 x x 0 x 0 x x 0 0 x 0 0 0 0 x x x x 0 x x x 0 0 0 0 x x 0 0 x x x x x 0 x x x x x 0 x x x 0 x x 0 x 0 x 0 0 x x x 0 x 0 0 x 0 x 0 x x x 0 x 0 x 0 0 x x 0 x x x x x x 0 x 0 0 x x x x x x x x x x 0 x x x x x x x x x x 0 0 0 0 x 0 0 x 0 x x x 0 0 x x x 0 0 x x x x x x x x x x x 0 0 x x 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Emotet.TE
  • Kryptik.TWA

Files Modified

File Attributes
c:\users\user\appdata\local\temp\7zs8c3be4f4\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8c3be4f4\setup.exe Synchronize,Write Attributes

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAlphaBlend
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateDIBSection
  • win32u.dll!NtGdiCreatePatternBrushInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetBoundsRect
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetCharSet
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo

87 additional items are not displayed above.

Shell Command Execution

.\setup.exe

Trending

Most Viewed

Loading...