Trojan.Kryptik.VGE

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Kryptik.VGE
Signature status:	No Signature

Known Samples

MD5: 2d7c6ab4eb06c4fadd61c373e4b109f4

SHA1: 42b97c6ed3868c0dd23310454c19d2597d86cfbf

SHA256: E08DD74157BC9F747F3C625003464D71289E50E3BD7B90163CF721E0A1799AD9

File Size: 2.54 MB, 2543433 bytes

MD5: 965fa89a5aa7a9fa57f11f7664e8e35b

SHA1: 541ce3193d37c5ec9bafd58fbcb7c7a981f0ecf1

SHA256: 35C4B9C27FD5E7FE2AE63026D52EFD10A4672D5254584190923AEB8169CD4DA2

File Size: 2.54 MB, 2537365 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup.
File Description	BitLocker Drive Encryption Setup Windows Problem Reporting Setup
Product Name	BitLocker Drive Encryption Windows Problem Reporting
Product Version	10.0.19041.2913 10.0.19041.1

File Traits

big overlay
dll
HighEntropy
ntdll
x64

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\is-8uckb.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-8uckb.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-bu97j.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-bu97j.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-k0uhd.tmp\42b97c6ed3868c0dd23310454c19d2597d86cfbf_0002543433.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-m5uop.tmp\541ce3193d37c5ec9bafd58fbcb7c7a981f0ecf1_0002537365.tmp	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	꣏ȁ偫~ꚐơC龡^듛ï紘Ç 獖}偫~엦1좟Êdᵂċᵆċeᤨ엦1 ¶}ꙥꙥ	RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75

RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess ShellExecute

Shell Command Execution


							"C:\Users\Ajktvidf\AppData\Local\Temp\is-K0UHD.tmp\42b97c6ed3868c0dd23310454c19d2597d86cfbf_0002543433.tmp" /SL5="$501E8,2123931,175616,c:\users\user\downloads\42b97c6ed3868c0dd23310454c19d2597d86cfbf_0002543433"


							(NULL) c:\users\user\downloads\42b97c6ed3868c0dd23310454c19d2597d86cfbf_0002543433 /VERYSILENT


							"C:\Users\Mmvgrjwj\AppData\Local\Temp\is-M5UOP.tmp\541ce3193d37c5ec9bafd58fbcb7c7a981f0ecf1_0002537365.tmp" /SL5="$400AC,2150450,143360,c:\users\user\downloads\541ce3193d37c5ec9bafd58fbcb7c7a981f0ecf1_0002537365"


							(NULL) c:\users\user\downloads\541ce3193d37c5ec9bafd58fbcb7c7a981f0ecf1_0002537365 /VERYSILENT

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Kryptik.VGE

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Search.yoursocialconnections.com

Trojan:Win32/Comroki

PUP.NetworkUpdate

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen