Trojan.Kryptik.UGE

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Kryptik.UGE
Signature status:	No Signature

Known Samples

MD5: f9b646428a401c580de1e250d146a2f9

SHA1: a03bd7e9f91aac24dbe6ebfb5b4d50a3c3126cb0

SHA256: 3BFC5C249EAE0CFA03493F5BAED15081A83CA4B9F488F11F1DDEEA0DEDA8A50D

File Size: 617.98 KB, 617984 bytes

MD5: ba49545c680f8c4ad8878a9ad57a1a88

SHA1: 5b991c353f74a6c35daa8e45f6623a445d360142

SHA256: A47F82C37048FF12F272702AAA55CEED30C0CB731D5E34FB44E9BBF4E4B8E1AE

File Size: 619.52 KB, 619520 bytes

MD5: 49bb3c1d8cf3842293621976d3f20bca

SHA1: 46ace4feec105c2003434986fed2ebfdf366b3b3

SHA256: AD47E3ED63CECA0256C40A1C036F1A0C1C575FC86C625A30D16258D29FD2BEB7

File Size: 627.71 KB, 627712 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

HighEntropy
No Version Info
x64

Block Information

Total Blocks:	17
Potentially Malicious Blocks:	5
Whitelisted Blocks:	6
Unknown Blocks:	6

Visual Map

x x x 0 ? 0 x 0 ? ? 0 0 ? ? 0 x ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection Show More ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN
Encryption Used	BCryptOpenAlgorithmProvider
Process Manipulation Evasion	NtCreateThreadEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Kryptik.UGE

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Submit Comment

Trending

C-germany.com

Suinalel.co.in

Antivirat.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen