Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.YKAC

Trojan.Kryptik.YKAC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 497
Threat Level: 80 % (High)
Infected Computers: 4,088
First Seen: August 28, 2023
Last Seen: April 8, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.YKAC
Signature status: Hash Mismatch

Known Samples

MD5: e344bcb660187e89d1afa4339990fd92
SHA1: 42aface6712e4953ada20d4dfd0dfe3d1a78bf95
File Size: 9.85 MB, 9850784 bytes
MD5: 65c081d656013f8e5e7bb96f840be046
SHA1: 2797fe11c0dcc663414b026e4207013c1e6237bc
SHA256: 5669CCC4E5F43098415F2CAD231A7D3175DADCC758CAE13DFEE10704E3EB4B9E
File Size: 3.89 MB, 3888204 bytes
MD5: 36b9c06fb646111d372b22a00f1f7b6f
SHA1: fe4f874509f1257e032ba18ac65f5f99868f7775
SHA256: 6B8B54500A0E531885ABCD9467D79C7C179100B037760DE31B642B8553298C08
File Size: 9.22 MB, 9221376 bytes
MD5: 13115668f9b864b671c78f8d30f6adb6
SHA1: 8fe5909fcdbd78c9d23dd82bcdf2c3c044c0a5eb
SHA256: E413668190A49BEF014A42B08EAC04C3993B4BE6E0D1C9FBCC72B8BCD59443A8
File Size: 2.60 MB, 2596094 bytes
MD5: 7aaf6e730311c0b4e715dd82a8ee4caf
SHA1: a878b54e135f46e8fe51020fd3ede3fc12317faf
SHA256: 1389B01C9E1A2E318CA2F7970BEB366EBA307E6820DAA628DCD41000020A3F3E
File Size: 9.74 MB, 9739028 bytes
Show More
MD5: 5de45238dc7be4a3924c4788d5b42cb5
SHA1: 2cabab6085a15c737970cf759c9f47045c113683
SHA256: D8E6242BDDC273BB9021F3DA6247A09520024420AD2FC6F79C22C9365892DFC2
File Size: 4.52 MB, 4517376 bytes
MD5: 47f69a9e9a7944d91a98669e0c352928
SHA1: b828b3d10e0c0912978bec3f9a53a994ba7e1461
SHA256: EB6731A9F593705FAE4C6BFC1FB05527A4179D2F2F8F74F127B566F1A741E320
File Size: 4.74 MB, 4742656 bytes
MD5: 028a6746dd794f117887893245575d1d
SHA1: bafab79c8927b8e63a75842558afac15ce13aec3
SHA256: 99F2B9A05878AABE7CB2155E6A11301817B02D9DE08C651FBE18F474E65D2144
File Size: 8.55 MB, 8549888 bytes
MD5: 298a12e3472f300cfe298f915059903d
SHA1: bc3e5f8af7ac00f4ff82e376efd682baefd48e2d
SHA256: C4BC9E33590900A121BD0D5F3A317BE40E1B051E56E1CB202AAD41DDA182CE66
File Size: 2.87 MB, 2871296 bytes
MD5: da8e1a991d7097d50b3915c0fe166063
SHA1: 2d679745ebb4de1cd3a7a5bc9e940bf1e4ee646a
SHA256: BDB2955F0BC18E33F62DA9083A9641186A70B68285869BAF686A99D8D745D8B8
File Size: 4.34 MB, 4335104 bytes
MD5: 8164dbc72de22d2d41da6f187c4a6c0a
SHA1: 901de473e1a7c44f20ce06fc69cd0d75015cf0ca
SHA256: DA741B1DB60E7A3D4CBEA182FEEE60EB4BEDFC40EBEF40F5922836B95AFBD988
File Size: 6.41 MB, 6414336 bytes
MD5: 6b415be03bfbc7c356ae87d9f214b68c
SHA1: 1595791debe716de1234aed769c7e7b708e4fc77
SHA256: BE35F47780C37349F346BFAC1C0F8F9AAEB47BF315A5632BA94DBCA498061CCA
File Size: 7.60 MB, 7596544 bytes
MD5: cef3951bca19a10fb4c01f8c139be397
SHA1: 6925da36ecf3bc3458f5c57f6f83f08d25410c91
SHA256: B2A4AB44CD3A48BEAC8D9DD4261298C9D1F39E16DD514A9D37F84627ACF38517
File Size: 9.70 MB, 9698816 bytes
MD5: 6009f151a4bfd006cfa21d1e3d8a2bd2
SHA1: 12ae0953b80cfea38b01b0fa542810e813dc8121
SHA256: 5C046C2200D9BB9F4508FEA6830414AA3DE142B29441D707302F30BBD72DDCA0
File Size: 2.20 MB, 2200064 bytes
MD5: 0f281f26514d5d01c851c96fd525e343
SHA1: 3a69739d3035017cc0138c6ac1c1f469954bfc88
SHA256: 7F52ECD00869036F955A0A4A35BEE2834FC87A7F7D925E9C3CB13919D9AD9371
File Size: 6.25 MB, 6245376 bytes
MD5: b731ef145fc33355d85bb6f4848b3e86
SHA1: e5060b4642009d81d27ff53c510af51e95358820
SHA256: BFC305A0BFDEB8AB953E12664E798A20D14E575770ACEF19C0F4346CF3D3039A
File Size: 8.09 MB, 8092672 bytes
MD5: 087fa373770dff3d90d4534fbd42d7e1
SHA1: 3ca6a2035a5b4bd6d391d960af8fd111f96065fa
SHA256: BF062965A884FC79A7FC538DE3FFF81CD6B2650FFC9CBE080159AE1FE034454A
File Size: 2.25 MB, 2251776 bytes
MD5: a82321eade3a747d8bc75a5616ac6773
SHA1: cd4a1103f8ada8c317542445613611122493d498
SHA256: 48A0DADB60B91B90DEDDB984EB9A3DB0FCFA9F375AF8E03AD0C188CE8A07D1AF
File Size: 4.05 MB, 4051968 bytes
MD5: f01fe6c62ec1326cae18773be10f4032
SHA1: 2fc68db91a89ce55690763662abd4191d3e3f710
SHA256: A2873BC6FF5FE83D99EB1D9FDC94DD38825B83AC47A00D2CF8C46443275B61C4
File Size: 5.72 MB, 5718016 bytes
MD5: d31045ae3eaaae14a7cd5c92c2903af9
SHA1: 0521d297cd54e1ab104ed7bb9396d5235bb95912
SHA256: A019D0CB37DC1BD940C5D884F67DB74F3DC6DD332652D3794297C04C4D197FA8
File Size: 7.00 MB, 7004160 bytes
MD5: a4281c56061762dce2bb9061f2e415af
SHA1: c2144d81e0eddfed3b59854ba4c920d84a136e72
SHA256: A34F56351B17E5606964417C433D87F1B6A91F5A35544BCEE62D1B68287B5500
File Size: 7.85 MB, 7853568 bytes
MD5: 90b0cca89d8edf32976e6b7cf8c656cc
SHA1: 2d62f97915283308c92234afd66d40b5977da144
SHA256: A18E90D3F747FF22BDD705536EC38718B3611AE4ECD74FEE73509FAF5B708EC7
File Size: 3.94 MB, 3939328 bytes
MD5: 70a3c58b7f46862af0e4d507298091fb
SHA1: 9c42d90769ebed1c9f4d9cf4f727b96150fab2b4
SHA256: 82D7C02E12DA2FCDF59A08D0BD32143BE634360A7A2C308E764966FEFD082BE0
File Size: 2.67 MB, 2671104 bytes
MD5: 9ce17750927c142e62136b3e61012072
SHA1: 72e3f55ccd9da326a28eb9b9ddf6f59effaaf451
SHA256: A575A02ABC690BB1361DD1D6D52D53D4887825FE08001C2D475B7E8A618AC71D
File Size: 2.50 MB, 2500634 bytes
MD5: c4baa06c9c613648d106f7b19f122dcf
SHA1: b8517d73b92b9dbe8fcd23a5d5ce371dcf23691b
SHA256: 549F5336A1B413365342DE1C52ECFAB72353FC46934AC87723C0004F80D8F3B2
File Size: 8.91 MB, 8906752 bytes
MD5: 6057622416c4410ec103dcd7bf101841
SHA1: 3a30dd9293dc1db0574193418a25cfb5816f7bcd
SHA256: F1C05E33531D943C237806C6F7D59E860248C972DAD31431A8BFCE4B99B7C6B7
File Size: 3.02 MB, 3020288 bytes
MD5: e0b18db48dc78c484902b42627e33b42
SHA1: 604e71d0bb3349a52de030c62af4d60f0439f0c7
SHA256: DBCB27A3F57265F40FA6AB3383E9B5CD67DA1BD282E91E7A4240811A78E77265
File Size: 2.74 MB, 2739712 bytes
MD5: ce2af284c41fe159752706ea2a9b2c91
SHA1: a056c8895ed290b13cec0f46a63e41f7377510fa
SHA256: AC6E375CA79A7FC088A4E0F1183634EBBABAA4451295BBEC5186688DC24408AD
File Size: 8.06 MB, 8060416 bytes
MD5: 4e20d0e4fe3bd44cdecd6be82c7ab26a
SHA1: b978d43018bb28558269603feb197f55d3c87506
SHA256: 5373054D10302969D17101924F10F17E28B12B2A67551CD1ACAD4AB5432B1F8D
File Size: 4.33 MB, 4328448 bytes
MD5: 7f846c30fb81164908cd7238fe9fc96b
SHA1: 4aaece21c441b59a72c82c2e6d76667560dceec1
SHA256: 77B5B21393A4659156991ED6B182C3CC6E558CBD2449599F237E0924EEE7CEE5
File Size: 3.18 MB, 3179008 bytes
MD5: d264fb141be35c3a342d5010028ece6b
SHA1: cc03e88c84c0bd5feec8c223550beb3b8904747f
SHA256: 359A71158CF8D13A61BF6D1EF742401F00A7098F32B64DAB3B5E1B3DBCE730B7
File Size: 4.76 MB, 4758016 bytes
MD5: 57a5b8be7d4b3be0edd9d4f5f5a261a8
SHA1: ca8c088c32f110e3b0b8c69618b35a6bcc537eb1
SHA256: D4B96BB720A880713D8F29BF7A0D9B1590629A2D10C66A72F9212B1FFABBC73D
File Size: 3.50 MB, 3502592 bytes
MD5: 4719d823aa0b615fd5c632b7aef1eb88
SHA1: 9b09f8546fc87d551c52365cb13012448f06b2c4
SHA256: FAB466E342C8311DC0C8CC6A72BDA65444CF12309AC12B90A668BA71180C66EB
File Size: 5.63 MB, 5629952 bytes
MD5: 90221f8f893b18c5980d3db30a34ca2e
SHA1: 91d6586e9497e3c8b8065e3d1e75c8f4553c2bda
SHA256: 38CA62B4C8D15957560D3A0CE76ABCE1C4D1487D37F760D57709ACB26680ED32
File Size: 3.43 MB, 3428864 bytes
MD5: 122fe96fc218f1289d8a2df02794a6dc
SHA1: 2be59c3adccbe57aff9fe66f6a0de91a188f9cee
SHA256: 8D2E3B7417FFC47850EE903D18A28A09C54AFEAC89B4F8589FF90518E5C9CDEF
File Size: 3.68 MB, 3675648 bytes
MD5: 9efb364202126d917edb5ebb9837fb08
SHA1: e09925d57130d4b0090f867ff7db62501dfb112e
SHA256: 7ED6E333FFF05DEABA1DA042B6FCB743C5FF1FB63D865EF4B53277F65EC18576
File Size: 3.22 MB, 3215360 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 882.631.7482.9104
  • 215.204.3579.4680
  • 99.88.2345.8901
  • 2.0.0.0
  • 1.0.1.0
  • 1.0.0.0
Comments
  • For internal use only by Visual Studio Marketplace and Visual Studio Code.
  • Moshi Kifurushi cha Takwimu kwa uchakataji bora wa taarifa nyingi
  • አዲስ አበባ ዳታ ማኔጀር ለከፍተኛ ዳታ እንቅስቃሴ
  • 広島データオーケストレーター — 多拠点情報のリアルタイム統合と分析に最適化された先進ツール
Company Name
  • Abufuvelamuvuj
  • Abyssa Odontogeny Group
  • Ammoniojarosite Group
  • Apojuyodapu
  • Argentini.SqlPkg
  • Borrichia Corp.
  • CatZipCs
  • Chirpiness Manufaction LLC
  • Imasoyeyidemeguzebo
  • Ka3DTool
Show More
  • Meannesses Inc.
  • Microsoft Corporation
  • Overhumanity LLC
  • Preendorsement Rel Group
  • Saip Group
  • Tournai Wrastled Ltd.
  • Ufumbuzi wa Dijitali Serengeti
  • Uncatholic Proschool Corp.
  • Uprighteous Butties Corp.
  • Uyuxigerenazif
  • VibeCheck
  • ኢትዮጵያ ቴክኖሎጂ
  • 神戸デジタル開発株式会社
File Description
  • Argentini.SqlPkg
  • Autostarter chalices polymastodont multivoiced.
  • Backwaters unmarled areolate tinselmaker confidant antipepsin preexpand.
  • CatZipCs
  • Commemorate flunkydom overgird metaphenomenon individualize hede chronogenetic.
  • Cosmologygy liberations renotifies lexiphanic tarsectopia corylus enchainement stentorophonic.
  • Daftardar emusify overfroth endymion smew downpours underboom wobbler dikerion duikerbuck.
  • Dodoma
  • Emawipovavuca Uxaciteko Udafegepocukatim Ibowecapox Alohoqivuj Imalodaruzubuherefu Ubateqe.
  • Eqikuxezit Ofexuwaxej Adirehic Eyureqadekiridazuna Ojexigen Ilejetotemunohemekosa Opebatobosorasizav.
Show More
  • Humor feigned septentrionality sphaerite polyborine rejail tin.
  • Ka3DTool
  • Knoll foresightedly raiding converting chairmanning xosa quintescence barrabkie.
  • Mayest merostome hypotoxic overflowingness.
  • Ogaxudowowuwiqih Oriqoyewibecudax Ihopebefotuzi Uhowesejuhefa.
  • Ovepakipesuj Ohikukicapam Izopudijakafuxuwemuc Epivepuke Utuqikevawana Iyodubo Adocapo Iwizeraveru Ewitapine.
  • Prerogatives unangularness uncensoriously alochia vitrage cymarose circumclude.
  • Primings anaphylactogenic kathisma cablelaid farmerish.
  • Regulares cheverons compactability anticipators wandflower magnesia.
  • VibeCheck
  • vsce-sign
  • ጎንደር
  • 高松コア
File Version
  • 882.631.7482.9104
  • 215.204.3579.4680
  • 99.88.2345.8901
  • 9.55.381.27
  • 9.5.141.4
  • 8.61.150.61
  • 7.2.853.47
  • 4.85.411.87
  • 4.85.73.14
  • 4.46.993.3
Show More
  • 4.7.208.3
  • 3.62.614.2
  • 3.27.370.48
  • 3.17.87.34
  • 2.98.617.88
  • 2.19.553.80
  • 2.0.0
  • 1.43.294.31
  • 1.43.213.71
  • 1.0.1.0
  • 1.0.0.0
Internal Name
  • Ahasajiverodigaleluw
  • Argentini.SqlPkg.dll
  • Basketwoman Craterlet
  • Befrumple Costious
  • CatZipCs.dll
  • Cowherds Disaffectedness
  • Dodoma.dll
  • Doublette Undercommander
  • Epobebucelewisucawexe
  • Honeycombing Hipping
Show More
  • Ka3DTool.dll
  • Kirn Drovers
  • Libant Holmberry
  • Mowie Thinkable
  • Obafinobayuyopuhele
  • Ovoviviparousness Joypops
  • Stiltiness Confederatize
  • Ubahipoqano
  • Vestibuling Unsufficiency
  • VibeCheck.dll
  • vsce-sign.dll
  • ጎንደር.dll
  • 高松コア.dll
Legal Copyright
  • © 2025 Abufuvelamuvuj
  • © 2025 Abyssa Odontogeny Group
  • © 2025 Ammoniojarosite Group
  • © 2025 Apojuyodapu
  • © 2025 Borrichia Corp.
  • © 2025 Chirpiness Manufaction LLC
  • © 2025 Imasoyeyidemeguzebo
  • © 2025 Meannesses Inc.
  • © 2025 Overhumanity LLC
  • © 2025 Preendorsement Rel Group
Show More
  • © 2025 Saip Group
  • © 2025 Tournai Wrastled Ltd.
  • © 2025 Uncatholic Proschool Corp.
  • © 2025 Uprighteous Butties Corp.
  • © 2025 Uyuxigerenazif
  • © Microsoft Corporation. All rights reserved.
  • © ኢትዮጵያ ቴክኖሎጂ. ሁሉም መብቶች ይጠበቃሉ. ከሲሚያን ተራሮች ተነሳ
Original Filename
  • Aladovebirekife
  • Argentini.SqlPkg.dll
  • CatZipCs.dll
  • ChondromataParado.exe
  • ConformalScabrid.exe
  • CrescentadeMicroweber.exe
  • Dodoma.dll
  • Ewimedekotofico
  • HypercyanosisAtrabilar.exe
  • Ikimedaliheyefayedipi
Show More
  • Irazaletipotepa
  • Ka3DTool.dll
  • KoffAfterhours.exe
  • PantheistsChondrocostal.exe
  • PrefacesLabilized.exe
  • RemonstranceEntourage.exe
  • SubheroBoskets.exe
  • TrigonQuerists.exe
  • TuskersInfrastructure.exe
  • VibeCheck.dll
  • vsce-sign.dll
  • ጎንደር.dll
  • 高松コア.dll
Product Name
  • Argentini.SqlPkg
  • CatZipCs
  • Ereridazoxa
  • Hoggishly Cammock
  • Hopeite Luminousness
  • Hyrax Flooding
  • Ijegakotiq
  • Ka3DTool
  • Moshi Kifurushi cha Takwimu
  • Nims Polyfoil
Show More
  • Oqonayanirutek
  • Pachisi Khadi
  • Palpebral Superaccumulate
  • Propagate Inspectorial
  • Stumbler Juncture
  • Tiltup Goosegrass
  • Unmathematically Pervading
  • Unsoothing Liquor
  • Uwasuyokaxirajawoxovi
  • VibeCheck
  • vsce-sign
  • አዲስ አበባ ዳታ ማኔጀር
  • 広島データオーケストレーター
Product Version
  • 9.55.381.27
  • 9.5.141.4
  • 8.61.150.61
  • 7.2.853.47
  • 4.85.411.87
  • 4.85.73.14
  • 4.46.993.3
  • 4.7.208.3
  • 3.62.614.2
  • 3.27.370.48
Show More
  • 3.17.87.34
  • 2.98.617.88
  • 2.19.553.80
  • 2.0.0-preview10+052711ae8c65f25221857a4673ad144d4b52e1cf
  • 1.43.294.31
  • 1.43.213.71
  • 1.0.1.0
  • 1.0.0

Digital Signatures

Signer Root Status
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch

File Traits

  • 2+ executable sections
  • big overlay
  • dll
  • HighEntropy
  • No Version Info
  • VirtualAllocExNuma
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 9,084
Potentially Malicious Blocks: 11
Whitelisted Blocks: 9,066
Unknown Blocks: 7

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.DFC
  • Agent.DFCF
  • Agent.DFCG
  • Agent.DFD
  • Agent.DFDN
Show More
  • Agent.DFE
  • Agent.DFF
  • Agent.DFV
  • Agent.DFW
  • Agent.DGC
  • Agent.FGDS
  • Agent.FGDT
  • AgentTesla.P
  • AgentTesla.PA
  • Dacic.A
  • Filecoder.XI
  • Filecoder.XJ
  • HackAgent.X
  • Kryptik.OIA
  • Kryptik.OIB
  • Kryptik.YKAA
  • Kryptik.YKAB
  • Kryptik.YKAC
  • Kryptik.YKAF
  • Mikey.UB
  • Mikey.UC
  • PsDownload.A
  • Rugmi.E
  • Rugmi.EA
  • SnakeLogger.A
  • SnakeLogger.C
  • Stealer.DOA
  • XLoader.A

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沌 䀣ʲ䠱O噀ñ᝹ʁ뽹ɞ傄ë횎ǜ鶝’淃駃óߙĤÉ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateToken
Show More
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetAncestor
  • win32u.dll!NtUserGetClassInfoEx
  • win32u.dll!NtUserGetClassName
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetIconInfo
  • win32u.dll!NtUserGetIconSize
  • win32u.dll!NtUserGetImeInfoEx
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadDesktop
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserGetWindowCompositionAttribute
  • win32u.dll!NtUserIsNonClientDpiScalingEnabled
  • win32u.dll!NtUserIsTopLevelWindow
  • win32u.dll!NtUserMessageCall
  • win32u.dll!NtUserRegisterClassExWOW
  • win32u.dll!NtUserRegisterWindowMessage

8 additional items are not displayed above.

Trending

Most Viewed

Loading...