Trojan.Kryptik.TWA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	11,308
Threat Level:	80 % (High)
Infected Computers:	204

First Seen:	August 3, 2024
Last Seen:	January 6, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Kryptik.TWA
Signature status:	Self Signed

Known Samples

MD5: ae5f6d155edab987e6e027e430223e3e

SHA1: 9b15e3c96783b0a4631a16088808538dc36c71c3

File Size: 6.26 MB, 6258256 bytes

MD5: d63f8bbaa632ccda8911ae3c75e65aed

SHA1: 67b542f2ec5e9017d5f8e8abf1d6be9b11504d18

SHA256: 7157C542ADA70C3C252CFD34A55CEFEF4B4D29BBF1D0DBD4EF9C3F9459F0EA4E

File Size: 5.53 MB, 5530108 bytes

MD5: 60097b95e0b6365bc7cdbdf66622e3b8

SHA1: 3be83b762787c9443d7e848124e34d9d9df69d45

SHA256: C4A3EB3077A9E5B775DFC4617DC9FEA7EBD86158E54D11AAC5BEED3C4FDECE00

File Size: 6.28 MB, 6284796 bytes

MD5: 714fb2898467e263e539ad22529cec3e

SHA1: 874822cff42269ed497538413deb5812cccdb5a0

SHA256: CB70887B4C6D4B212202ECDDB068801C4BE6AA90D592EDC64CCAC15874F41BA9

File Size: 5.53 MB, 5530108 bytes

MD5: 8c7e5dfbcc6e3770703d66a08033f791

SHA1: e0be1fe47e2a6746d797fddd946e03b96ee8fad6

SHA256: 7496D6A82E36279EF01E45D911BCC9B0812C2C1174FBCEDEB34B99165C5D5CBC

File Size: 5.53 MB, 5530108 bytes

MD5: 9b57246b9aed50392f7b3d81fe2b4f43

SHA1: 3d17d90fd66406a4becf0e160c727eac0e7aa82e

SHA256: 3878B305090B9E945BF53352965AE24C4BEFBCC9B5FE75B6F01288E66C9159A6

File Size: 6.28 MB, 6284796 bytes

MD5: 43819f38dcf3e338f73450f973e72cb3

SHA1: b0be07a2f44d2ff812b172e398270eba1c6f5464

SHA256: 66FFD6E6F4F01845B269060C150F270E9E50359FB5A1BA6A3B9591859ED6392B

File Size: 6.28 MB, 6284796 bytes

MD5: cae07c848e1ec4002e8c24d29505aa2e

SHA1: 7b78a9bceb047d2e97ee66a007a0e71ed59b620f

SHA256: 7C7F6652A640F33A9ACF9F6D0C8AA6E96AA6B82418AEDE932FCD8AF1FA4405BC

File Size: 6.28 MB, 6284796 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	https://rufus.ie
Company Name	Akeo Consulting
File Description	Notepad2 Rufus
File Version	4.1.2045
Internal Name	Rufus
Legal Copyright	© 2011-2023 Pete Batard (GPL v3)
Legal Trademarks	https://www.gnu.org/licenses/gpl-3.0.html
Original Filename	rufus-4.1.exe
Product Name	Rufus
Product Version	4.1.2045

Digital Signatures

Signer	Root	Status
Late Effort	Slaughter Huge	Self Signed

File Traits

big overlay
Installer Manifest
x86

Block Information

Total Blocks:	2,565
Potentially Malicious Blocks:	1,039
Whitelisted Blocks:	1,526
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 x 0 x x x 0 x x 0 0 0 0 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 x x x 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 x x 0 x 0 0 0 0 x x 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x x 0 x x 0 0 0 0 x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 x 0 x 0 x x 0 x x 0 0 0 x 0 x x 0 x x 0 x 0 0 x x 0 0 0 x x x x x 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 x x 0 x 0 0 x x 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x x 0 0 x x 0 x 0 0 0 0 0 x 0 0 x 0 x x 0 x 0 0 0 0 x 0 0 x 0 x 0 0 x x 0 0 0 x x x x 0 x 0 x 0 0 x 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 x x x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 x 0 x 0 x x x 0 x x x x 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 0 0 0 0 0 0 x x x x 0 x 0 0 0 x x 0 0 0 x 0 0 0 0 x 0 0 x 0 x x 0 x 0 0 0 x 0 0 x 0 x x x 0 0 x 0 x 0 0 0 x 0 x 0 0 0 0 0 0 x 0 0 x x x x x x x x 0 0 0 x 0 x 0 x 0 x x 0 x 0 0 0 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 x 0 0 x x x x 0 x x 0 x x 0 x x 0 x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 x x x x x x x x 0 x x x x x 0 x 0 x x x 0 x x x x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 1 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 0 1 2 0 x 0 x x 0 0 x x 0 0 0 0 0 x 0 x 0 0 0 0 0 x x 0 0 0 x 0 0 x 0 0 x x 0 x x x x x 0 x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x x 0 x 0 x 0 x 0 x 0 x 0 x x 0 x 0 x x x 0 0 x 0 x x x 0 0 0 x x x 0 x x x x x x x x x x x x 0 x 0 x x x 0 0 0 x x x x x 0 x 0 x x x x x x x x x x x x 0 x x x x x 0 x 0 x x x x x x x x x x x x x x 0 x x x x x x 0 0 x x x x x x x x x 0 x x 0 0 0 x x 0 0 0 0 x 0 0 0 0 x x x 0 0 0 0 0 x x x x x x x x x x x 0 0 0 x x x x x x x x x x x 0 x x 0 0 x x 0 x x x 0 0 x 0 x 0 x x 0 x x x 0 x x x x x x x x x x x x x x x x x x 0 0 x x x 0 x x x x 0 x 0 x x x x x 0 x x x x 0 x x 0 x x x x x x x x x x x x x x x x x 0 0 x x 0 x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x 0 x 0 0 x x x x x x x x x x x x x 0 x 0 0 x 0 0 0 0 x x x 0 0 0 x 0 0 0 0 x 0 x x x 0 x x x x 0 x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x 0 x 0 0 x x x 0 0 x x 0 x 0 x x x 0 x x x x 0 x x 0 x x x 0 x 0 x 0 0 x x x x x x 0 x 0 0 x 0 x 0 0 x x x x x x 0 x 0 x 0 x x 0 0 0 x x x 0 0 0 0 0 x x x x x x x x 0 x x x x x x x x x 0 0 x x x x 0 x 0 x x x x 0 x x 0 x 0 x x 0 0 x 0 0 0 0 x x x x 0 x x x 0 0 0 0 x x 0 0 x x x x x 0 x x x x x 0 x x x 0 x x 0 x 0 x 0 0 x x x 0 x 0 0 x 0 x 0 x x x 0 x 0 x 0 0 x x 0 x x x x x x 0 x 0 0 x x x x x x x x x x 0 x x x x x x x x x x 0 0 0 0 x 0 0 x 0 x x x 0 0 x x x 0 0 x x x x x x x x x x x 0 0 x x 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Emotet.TE
Kryptik.TWA

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\7zs8c3be4f4\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8c3be4f4\setup.exe	Synchronize,Write Attributes

Windows API Usage

Category	API
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtGdiAlphaBlend win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateDIBSection win32u.dll!NtGdiCreatePatternBrushInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExcludeClipRect win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtSelectClipRgn win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFlush win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetBoundsRect win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetCharSet win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo 87 additional items are not displayed above.

Shell Command Execution


							.\setup.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Kryptik.TWA

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan Downloader.Win32.Devsog!k

Tratbc.com

Troj/Bredo-AEG

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen