Trojan.Kryptik.TZ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	17,387
Threat Level:	80 % (High)
Infected Computers:	7

First Seen:	July 2, 2024
Last Seen:	November 20, 2025
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Kryptik.TZ
Packers:	UPX
Signature status:	No Signature

Known Samples

MD5: e0bd67cc26d00acf22e1532c10c9e1ce

SHA1: f418360aa4e1939fdfa0ca3c1e09c1fd4143ac1d

SHA256: 2BDD845B79DC6EC99E3B1B221FE0DF91E4019BA4C414A51F4B686BA46A91155F

File Size: 669.34 KB, 669342 bytes

MD5: 0c01db615c477b1a34502bc1af399612

SHA1: fc82b74676a7f04323faacdf53537901860c0536

SHA256: B6CA903E249B7DA213176C4F1C9F1C65B80247614AD5EEC5D552998CADC5AF32

File Size: 992.19 KB, 992194 bytes

MD5: 804f47c160ea1532e4f8cce83379a088

SHA1: 27701283c71d69ef7e79c73003aaa9a42959c281

SHA256: 959B7AE05D63D79B0C728FE2F581FC8628424CAECCCD307787C79A4C5FB11F33

File Size: 2.71 MB, 2710358 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
Company Name	MindGems Inc. PC-RET
File Description	COUGAR-300K ISP MFC Application Folder Size UnConfuserEx
File Version	3.4.0.0 1.0.5.0 1.0.0.0
Internal Name	ISP UnConfuserEx.exe
Legal Copyright	Copyright (C) 2009
Original Filename	COUGAR-300K.EXE FolderSize.exe UnConfuserEx.exe
Product Name	COUGAR-300K ISP Application Folder Size UnConfuserEx
Product Version	3.4.0.0 1.0.0.0

File Traits

big overlay
packed
x86

Block Information

Total Blocks:	605
Potentially Malicious Blocks:	23
Whitelisted Blocks:	582
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x x 0 x 0 0 0 0 0 x 0 0 0 0 x x x x x x 0 x x x 0 x 0 x x x 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Banload.AS
Korplug.X

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\cdata.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\cdata.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\chart.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\chart.swf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\index.html	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\index.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\swfobject.js	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\chart\swfobject.js	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\foldersize.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\~sfx00378e2d13\foldersize.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\foldersizelog.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\help.chm	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\help.chm	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\lvsettings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\lvsettings.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00378e2d13\settings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00378e2d13\settings.dat	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Shell Execute	ShellExecuteEx

Shell Command Execution


							open C:\Users\Cumpdjdl\AppData\Local\Temp\~sfx00378E2D13\FolderSize.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Kryptik.TZ

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Turtle Vote Rewards

Guardbox

EnybenyCrypt Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen