Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.VCKG

Trojan.Kryptik.VCKG

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,891
Threat Level: 80 % (High)
Infected Computers: 105
First Seen: July 18, 2023
Last Seen: March 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.VCKG
Signature status: No Signature

Known Samples

MD5: e00599bbb53fe1892864701fa531f6b7
SHA1: 155f1290ca7a852d7eb51c32b2d396bcc6fe10da
SHA256: 8F40044BA7AF6B9AEAB289CA26E7C026BEF4D173F496C2406115D4A7990C614A
File Size: 2.07 MB, 2069008 bytes
MD5: 8e4fe25614ab57b0922ff21b4e48c75a
SHA1: a0eeebe16a3f5e0c416893384f5e245e2a71feec
SHA256: AD19B45D77C2A44B52B06EA1BE04391E6052FEF67DBA4278F5B2F9A95B2E7728
File Size: 8.73 MB, 8733718 bytes
MD5: 7880ed72dc6655636300bb615f984c70
SHA1: cb92e34d29bdc3d5a2fec415b7bb0c8715bcd3ad
SHA256: 2973D6AF99E11D0D9B3DDC8EC471E4B54314E49D48E31D7904EA97B1EB7B7877
File Size: 1.31 MB, 1312744 bytes
MD5: 7f73c23cae200c449a29380738cf4733
SHA1: 41516810a16967dc886ec2462d7988965a29eb09
SHA256: 2B1F0D1ADCFBC54BEA87D000C9468E954DB94898CEF1F3116C67F1AECF2BB37D
File Size: 244.59 KB, 244590 bytes
MD5: 56a5dda847b2329dc6ad52a69799b26b
SHA1: 14007b537e3fd81efd5da92e74e4ca67f43fcf72
SHA256: F38432570D9EE6A7DA2266CB94FB8E94482226F5C3D8F044B1F0BE98859248BA
File Size: 1.40 MB, 1395115 bytes
Show More
MD5: 9312876d5c43fcc6584dfc2fcb3e5ff5
SHA1: fba6effd7342bebdfe246b70997b6ade2152005b
SHA256: 64304130C8BED693F4821B933AEC38BF0EC3F430FA15A12E79065EA9BC714D67
File Size: 328.21 KB, 328211 bytes
MD5: f14a48be3fec4e3a8013e433ad92d83e
SHA1: d9accb256cf6589b794e17a78a0f636597e6ff5e
SHA256: 19CF9CA06F7F76C05B7AC427CAFE96E02AAA99E81EC3E8C79FB24FEC562F1B87
File Size: 815.60 KB, 815602 bytes
MD5: 54659ba33aec47e388079ddcd8525219
SHA1: 50c424943e285453b8e8f098e04e011ad7884f72
SHA256: EA862DE446329644FFF070EAA6AE7EFE292B50094A47FCB94F3EAE011A73A2FB
File Size: 604.65 KB, 604654 bytes
MD5: 9d7188a26d519eef50da8550995dae8a
SHA1: 52f036b0eb4e68192927aea08d295bb192e82cff
SHA256: B4BE98F010D26D60359F5D75FEFEF7678FFE2566C6CEBA424DAECB8368B01A5E
File Size: 232.43 KB, 232426 bytes
MD5: 26898bbc75606fccc9962841086084f4
SHA1: 9aba1e72e59e278026c51dfd2afc4a79c43cfd1b
SHA256: FFE52473D448E6E2E125CB10BB9E5BE749C2377D943E0E66CAC4B03E1CA6E7DB
File Size: 246.22 KB, 246223 bytes
MD5: 774c8a7abcff7b827a612306ca959a00
SHA1: 2684c2ce7671154cf7e568faaaf3560634d31ac1
SHA256: F311A7EDE6662370F4FB57815D013ED119B170C9F02DC97454B9EA0D0E4D26ED
File Size: 426.41 KB, 426410 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Comments Compiled by Arvid Winkelsdorf, digivendo GmbH (www.digivendo.com) for the Indy Project (www.indyproject.org)
Company Name
  • CANON INC.
  • FTDI Ltd
  • Intel Corporation
  • Microsoft Corporation
  • RSA - The Security Division of EMC
  • SlySoft, Inc.
  • The OpenSSL Project, http://www.openssl.org/
File Description
  • Base cryptographic functionality
  • CCDDriver DLL
  • cocr
  • DISM Logging Provider
  • FTD2XX library
  • igfxdev Module
  • Microsoft® C Runtime Library
  • OpenGL(R) Driver for Intel(R) Graphics Accelerator
  • OpenSSL Shared Library
File Version
  • 9.17.10.3517
  • 8.15.10.1073
  • 8.00.50727.762
  • 6.2.9200.16384 (win8_rtm.120725-1247)
  • 5, 3, 0, 1
  • 3.00.05
  • 3.0.0.1
  • 2, 9, 1, 3
  • 1.0.0g
Internal Name
  • CCDDriver
  • ccme_base
  • cocr
  • FTD2XX.DLL
  • IGFXDEV
  • libeay32
  • LogProvider.dll
  • MSVCR80.DLL
  • OpenGL
Legal Copyright
  • Copyright (c) 1998-2012 Intel Corporation.
  • Copyright 1999-2006, Intel Corporation
  • Copyright 2008 by RSA Security Inc. All rights reserved.
  • Copyright CANON INC. 2002
  • Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
  • Copyright © 2001-2005 FTDI Ltd.
  • Copyright © 2004-2009 SlySoft, Inc.
  • © Microsoft Corporation. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Original Filename
  • CCDDriver.dll
  • ccme_base
  • cocr.dll
  • FTD2XX.DLL
  • ig7icd32
  • IGFXDEV.DLL
  • libeay32.dll
  • LogProvider.dll
  • MSVCR80.DLL
Private Build No
Product Name
  • CloneCD
  • FTDI FTD2XX Drivers
  • Intel(R) Common User Interface
  • Intel Graphics Accelerator Drivers for Windows 8(R)
  • Microsoft® Visual Studio® 2005
  • Microsoft® Windows® Operating System
  • Rosseta Stone Engine
  • RSA BSAFE Crypto-C Micro Edition
  • The OpenSSL Toolkit
Product Version
  • 9.17.10.3517
  • 8.15.10.1073
  • 8.00.50727.762
  • 6.2.9200.16384
  • 5, 3, 0, 0
  • 3.00.05
  • 3.0.0.1
  • 1.0.0g
  • 1, 0, 0, 1

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • ntdll
  • x86

Block Information

Total Blocks: 181
Potentially Malicious Blocks: 14
Whitelisted Blocks: 162
Unknown Blocks: 5

Visual Map

0 ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 x x x x x x x x x x x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Ramnit.A

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a4e4143c754.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~tm49d6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~tm7a4b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~tma6ab.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~tma989.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~tmd9a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\rundll32mgr.exe Generic Write,Read Attributes
c:\windows\syswow64\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\155f1290ca7a852d7eb51c32b2d396bcc6fe10da_0002069008.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a0eeebe16a3f5e0c416893384f5e245e2a71feec_0008733718.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cb92e34d29bdc3d5a2fec415b7bb0c8715bcd3ad_0001312744.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\41516810a16967dc886ec2462d7988965a29eb09_0000244590.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\14007b537e3fd81efd5da92e74e4ca67f43fcf72_0001395115.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fba6effd7342bebdfe246b70997b6ade2152005b_0000328211.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d9accb256cf6589b794e17a78a0f636597e6ff5e_0000815602.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\50c424943e285453b8e8f098e04e011ad7884f72_0000604654.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\52f036b0eb4e68192927aea08d295bb192e82cff_0000232426.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9aba1e72e59e278026c51dfd2afc4a79c43cfd1b_0000246223.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2684c2ce7671154cf7e568faaaf3560634d31ac1_0000426410.,LiQMAxHB

Trending

Most Viewed

Loading...