Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.YKAI

Trojan.Kryptik.YKAI

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,620
Threat Level: 80 % (High)
Infected Computers: 777
First Seen: July 3, 2024
Last Seen: April 20, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.YKAI
Signature status: Hash Mismatch

Known Samples

MD5: f5297b1ae4fa5a13c9988ece56c8ef51
SHA1: 1196eff2335f896743dcfee217ec09c7334126a4
SHA256: 52F2029461F7220B1CD2EC19D038717DC5F549574B4FA85B439929EBFD175A0B
File Size: 1.45 MB, 1447752 bytes
MD5: 8437b134cf170b246ddbb8069f5deaff
SHA1: 8b575120bde2a27f016f79261a36333bd4128007
SHA256: 23174DF12C98DDE6D3A3349CE1DFE4135885E6C65660EEEAF07DCB66D24CED75
File Size: 1.14 MB, 1144832 bytes
MD5: e9972ca1d40fa18f9abbf0355d0f7dce
SHA1: 721c645c76362f01af4a330179d07b41a5f83b52
SHA256: B3F99BA11D298F6E5A0B2E5B9D94E1DB15E9EB4C4193B424D94B5FF3131D1FE4
File Size: 1.16 MB, 1159168 bytes
MD5: 12112fd18accfa7d79850cf07bf0d688
SHA1: d4fcb46e51da446d9abe5daf5c991cc36fddef29
SHA256: A68FE7765B4D9A099B876FD5CEB51B063C455C54DC8F7EFD993F55DF2438107E
File Size: 1.30 MB, 1302528 bytes
MD5: 0430e849fa5b796e25ded94ef45c1ca2
SHA1: ff44b2c273538621e1b7fda487d8ae6c53663de2
SHA256: C3DBEC736582ADBC775AE07D519661E9600851E5931068C16EBD4917FE4BFF17
File Size: 1.10 MB, 1097728 bytes
Show More
MD5: a11e4fea4d904c04d9fb090e508841c2
SHA1: 57d6f29b23e1c55aa5b5d2ea89f264913905d7c1
SHA256: A7336F5390325EF7C54660403775E5F0473DE2492E94CD3291A2A916CD146964
File Size: 1.09 MB, 1086976 bytes
MD5: f1bd42e603c37b6f259c65515741f3ec
SHA1: d59d123cd800161b81c4df31bacd994238cb7df1
SHA256: 32E50F3C506F5231254C96727B99AFA50F46DFF5174A18C37C981CB5888B1411
File Size: 1.04 MB, 1042432 bytes
MD5: 5087fa7a23564c307880deb52371a29c
SHA1: 7b1d7d5442a73019577d6f4f377380ef3a92d6b7
SHA256: E0C2B42764C0C46A98EF716EE60FDF56E0D2F2BD3D354669DF975DE17C2B123B
File Size: 1.38 MB, 1384224 bytes
MD5: f893dbac869d9a90dc5783aaa4a74713
SHA1: 538e7a2cd62832c0d64e47e8c985103dabdd8a69
SHA256: 63BB34482F007AA906A7839E24881D96C55361C9C9ECE8A7A18F81544DAD9618
File Size: 1.37 MB, 1370112 bytes
MD5: 2d96d775041a8c67b889fe78638dc859
SHA1: b10d2fda4af4e6c221e696fc254e924653dadd17
SHA256: 5C0AAB22AD863B29AC669573106A273444582F80BF02E90552FACD7DEAC20AB0
File Size: 1.66 MB, 1656440 bytes
MD5: 82532cc1d9666b1d041c4b61cabf2a3e
SHA1: 49bcaa084371f17b308721bf0d0b07cfae2e3741
SHA256: 7A41FD35B8A1119BA10638BF1F7605D3B8002413B434FF1D25ABA88470E7D523
File Size: 1.04 MB, 1040896 bytes
MD5: 049d8124959d336c9e14b46889cf19ab
SHA1: 31d2750da9365a23e14711ba3395f25c2e427359
SHA256: E3462AED1F6C598636D0D81807FD1BEA7D6FDB269451DF28119F06395A27B8D7
File Size: 1.40 MB, 1402656 bytes
MD5: e1132cfea19631b88b70c0d45f37cece
SHA1: 1d62bf6dd4892bd919eb683650b55aac9ced3a20
SHA256: EA2676A3828268FD729E425D2C245468E62D27A5A3998E2215ED633418848F03
File Size: 841.22 KB, 841216 bytes
MD5: 14993667cfcf076bc3ca466717df3dcb
SHA1: c77ddb06077c7d32b2f8c1c81a211588678475c1
SHA256: 09E9365F732B237635CDC23C68B90841BEB76843DB52E341C0A4546F12FF06AE
File Size: 1.02 MB, 1020928 bytes
MD5: d70e6a67498a35f573717372ecb8a8ef
SHA1: 9b810a31076f6738fb3ea68742296aed70aaf1f4
SHA256: CE0B680952C7CF301F530BF25E52C8651ECFEF489E08BBA963A62085023E4898
File Size: 1.19 MB, 1189888 bytes
MD5: 2f45b0a04820122d89ddaf82c5ad69e1
SHA1: a8a1c0706dee11ee47344119bc77376c33398cd2
SHA256: 79DE0CFA6782A69E36219B9E76173D897BB398CD885B30818BE8F1135F243D54
File Size: 1.67 MB, 1674872 bytes
MD5: 5bd472ba7035f03a1d89b86598c7314b
SHA1: 3ae6ddf5388748112bf57429a354d7a86cba8037
SHA256: D2E10237B30E686945DE7DEEDA778E16B27C4124803B4DCB7D277E130A2976E3
File Size: 1.07 MB, 1068032 bytes
MD5: 5a08f766edb8939cbba3b86d34d0f60b
SHA1: b82c2479ca16106d0c8a3f92ce1529cf1b97e07d
SHA256: F90443D5DB104DEF6AD98DEE55948B46A6ACA80586006D52F1E0A8E91A26898D
File Size: 847.87 KB, 847872 bytes
MD5: 6f374fe68170c3f9f15ea023210cf381
SHA1: af88748b1b0f1274661f140f5b75730a26b2350a
SHA256: CCF6D57A9856D89915C079E96FEFAC27EFAF5FA25A6063A9526D1A06FB898F5E
File Size: 1.02 MB, 1021440 bytes
MD5: 49dcb9109342b3d8a03578c6906c2846
SHA1: f6fb4485a9730eeb212818013b8af0349a438cd9
SHA256: B3B3A38B51D71BFE0A3E31660766960518BAE925EC71139B8C88A4D4EF0BC35D
File Size: 850.43 KB, 850432 bytes
MD5: e97e3568ccfe50ffabcb12442f280133
SHA1: 54f286404b277c217f93ff48b65d94b816a57ce4
SHA256: 8E8BBB1AB0FC164C267ED9A4A1B8048E45EEF4D5DC350457F8A811C73669B8FD
File Size: 1.10 MB, 1103360 bytes
MD5: cb369e121f3678b7ed77cd94ee729d94
SHA1: 2c71fd5f4fcddcfca98ecb19626b500deef28634
SHA256: 26EB3955C1F4A1EF09BA857C6218A7736C6FEB62661493F626581049EF87593D
File Size: 1.22 MB, 1222656 bytes
MD5: 5fd4d9e44d2e1202ca0ff61f015cb516
SHA1: 5f164a03a434e626e196adaf7e8080f75a36e57f
SHA256: D32056D75C522D41246927ED48B600A7636CE5552483642451543B504C68E04F
File Size: 1.65 MB, 1648248 bytes
MD5: b0fb57811e8b0f5e30fd2f9e6d704fc8
SHA1: 6a1decc59cfbb391e22a40e08895aefbcd6f37b5
SHA256: 7ED64076D82E819E7F01EA166EB25E0D0CCBA87C99B2DF3ABFDFC4E250352028
File Size: 1.38 MB, 1379104 bytes
MD5: c55b88e7aaf82ac88a51536910194860
SHA1: 5cd910a58f35830164c139e540a6e52c39e09f15
SHA256: 601E4BAE95D062B67FE5B044BB15A62345BE9C604C3E426978EEAB0E95993967
File Size: 1.37 MB, 1372960 bytes
MD5: 9d9241de8c530f2c595329294a5ff216
SHA1: c5b00674e61844d41e2bd6470529c2e82a7e6140
SHA256: 80E8E0D6CC7B43EB35DAFAC37102F065395821BA40A8398AFE45859C8B725943
File Size: 1.63 MB, 1627256 bytes
MD5: 198cde3048b7b47f37dbfee10e19608f
SHA1: 8dc902dec16e52f36753c6b1665426b49237c1dd
SHA256: F79F355AF8109A49F052829D6DDDC7D7ADBF8B90F6142C920F90F16A8E27F59C
File Size: 1.08 MB, 1083392 bytes
MD5: 9cc0bcd07b2680bba9599bf31dc9501c
SHA1: fa7a59429557563aa6d017b40f39bf994b7d9ee5
SHA256: 2FA3B68B1ED1A5CCCB7D0B3D3EA283AB1D2C4865D6175CA3DC1902C38DC9F76F
File Size: 1.46 MB, 1455336 bytes
MD5: 2792d8dfa1910372c32eac1dc1e970c1
SHA1: d920b36c19d20443baaed6140faf2cdd8eb9518d
SHA256: E0C2F63F323F414F9BD40AD14D28A1B09249DC009E15591286EA45F642213861
File Size: 1.62 MB, 1619272 bytes
MD5: bfb1ebd5e6d6f1135e2942db5ebf981e
SHA1: dfdf77da140672af44e0f21ac6b1df60d91ed69b
SHA256: E6BAE952FFC7246081D3BF2159449CF985FCBF6FAE9D328E0AD55230F2CA836F
File Size: 1.09 MB, 1092608 bytes
MD5: a8d2d72c1ddcedc66ee9634371b4680d
SHA1: 5c3fd333ef75e2b0daa4fd8d18453dbd4c2ddfbb
SHA256: 384F09A86AC7448C0DD15253051A126DB27947B862B9C6B394D7C0BE14723184
File Size: 1.35 MB, 1352992 bytes
MD5: f866634a88fc2e65e29b58f3486ab12e
SHA1: 33e63ea2f9b02eead9cd79a8e51d2923a7b9ea8e
SHA256: 8711727818B3790DACA26FE741BFE5C4842D934BB080A38A62A02BD536E779C6
File Size: 1.23 MB, 1225728 bytes
MD5: 6e5c0b306e5ce8c5227d30a235d05e10
SHA1: c5542a3706f8f88335b7fe736577142e7b37e4a8
SHA256: FF702359B4D163109D78731C50C11BCC55A0A53E3E1F59A85DBBB604F96B3E38
File Size: 1.40 MB, 1401120 bytes
MD5: e6d23d4ed718274f920addb9a093da08
SHA1: c6e7ed700e1a48e3fc0d4a6cdb16827d2c0e4044
SHA256: 2645E408958ED7E477866F80B71D88E83B77C30253D5B58EC46030F814788BFE
File Size: 920.06 KB, 920064 bytes
MD5: b3991de34d22deb0a0711dd38e765f03
SHA1: 85611394df60349d201a652dae26981f7dab5cd0
SHA256: 848D10F5C52B5BF55FED1A1858106FAE9A61A6AA4D3BD46B808C0AB837DD6BDD
File Size: 1.36 MB, 1364992 bytes
MD5: 8c033c41a8390466d289f3614c828eb1
SHA1: 5b2431120a7528ca51ccffed338328f926adc383
SHA256: B24F154727C361F0AC972BB262CE3C044EA943391C93DB43A3A4BBF3A9D90DCC
File Size: 1.39 MB, 1388872 bytes
MD5: 0fde0d71144efcc1fe8859690e0b5cd6
SHA1: 3297d2402a29bc563efb258f7f6e90ea232f6e07
SHA256: F835F78CD01B64BC8896C8FBD43EC832C02A0F7A7358080D09E0802414E1B2D1
File Size: 1.34 MB, 1337344 bytes
MD5: 7b57421684aafc29179370a7798791f5
SHA1: f0e9efcb715ba499036633ce1eca7ca055f4951e
SHA256: 717CA2C5DAE747EED988F4D9E209ABD1FB5B5071A4F89FFE14B2E59A2EADA487
File Size: 1.37 MB, 1371936 bytes
MD5: 3dcccd7c09fdc39783b6188efebb4f1a
SHA1: 475e25edcf890bb13155747aeedc3cc492cdb603
SHA256: 2BC6FDA28DED0175E5A25190D640AC2E5C0C39729070FB630529B90096271E1C
File Size: 1.42 MB, 1424200 bytes
MD5: 608b80bcce3293c4abb672959287940c
SHA1: ff219a4dbeee0200642a1d13c13dfd5b0c12a61b
SHA256: 2ECB39F02F64A87B08A6EFB68BB22B8F03686770AF06F00B807B00F1FBFDC50C
File Size: 1.66 MB, 1664632 bytes
MD5: abef1d659e75ebc7350419c19ea83c3b
SHA1: 834a750bf58720f428b2180d4545e314a3ecd798
SHA256: E2762608C80B59A4C2F9C727240855656B14AFF20578B63242AD4B8563433903
File Size: 1.45 MB, 1450216 bytes
MD5: ebff9cb2c3ec8afa9d4cc08f37119f85
SHA1: 459f02f3295aa5d3dec47b5498745afcc6fb2851
SHA256: C3E2C61A192753F4E2AEE64729A7589F5A59E127CCC53B024F80E5C45E736E2B
File Size: 1.07 MB, 1073664 bytes
MD5: 58c73097e9924e9f1269d16cc9b21b38
SHA1: 9c334a55abf563585a1321ddbc00b664f36f51c1
SHA256: 60F9DD68FD1A871E0F2A8C245AB62AE9BDB358B8ED3BEF062FACA901E1ED588E
File Size: 871.94 KB, 871936 bytes
MD5: bbcdf4ff2511c0cd45f84d10508a6f54
SHA1: 42632d1d4e6a2841ff56da327001050ccce5a441
SHA256: 38E9478D4F601BB84D6BAD95008B4196721A2BFD5A58595D2061708FE7A6559D
File Size: 1.43 MB, 1434440 bytes
MD5: 6cff585f8033c595286260fd06978da4
SHA1: f36a5d84f3c279c2d244d3162fd86f4317c2d1ae
SHA256: 74546F4E5F2A8FD2DA383A7AB74A6435379A3C62925AC5A304255CF5C2F2E0F0
File Size: 1.07 MB, 1074688 bytes
MD5: bf757a7a13f824a007234b1f99cac563
SHA1: cd20b2e89f82cfc2adcca1eb9c546c5942cbe751
SHA256: 0422D38A6096096387686ADC4AC9992C414B07E298E62CABB5BDB94CC0675E3D
File Size: 1.48 MB, 1477864 bytes
MD5: 635b227fcff86437a6bf418c90753c5e
SHA1: 9968878e025770344ddc748b8422930a5b6e9979
SHA256: 5F46E4292B3D63B91C54064B3F51177D6336F5B4AD1D79AACD2FF009D4F1287D
File Size: 1.46 MB, 1455336 bytes
MD5: 3b2d4a11000e473b1960dfdad165c239
SHA1: 719cb7f955c0df508b80e8ba3f74f211bcb16ce2
SHA256: 80A0710FB581FC590F390F69426CDFD49BD251835A10FCFBE0DF00958304DEA4
File Size: 1.45 MB, 1448680 bytes
MD5: e091ef739d03ad1c74cf77caf5c1fae5
SHA1: e0d325bb7fd4f55879bbba2dd03597a183edd48a
SHA256: 9AD7E721F06391576DEA48AEC37B234ACE9B69AA7BCF881DF72B7A98C672B9F9
File Size: 1.64 MB, 1643128 bytes
MD5: 5c1a1332fe95977b856f8cb8143b15c1
SHA1: 372132180b65730225587b7cfe4962689dc30115
SHA256: 82DA2C02C02576EABF5F05CAFE290416A98C35220170E63E04FE5BB97E7CAB52
File Size: 1.12 MB, 1119232 bytes
MD5: 141103b0ed48ff309d49ba807f5292e0
SHA1: 5757d966fa9d0a313cee78748fc66dcec308a9b8
SHA256: 099A0746CF8DD85F1C5694F13B6C37E36299440A591BF744F9F19ACCF1C2BAE3
File Size: 1.33 MB, 1326080 bytes
MD5: 3504d3b52b051a9eb98248962d4d826b
SHA1: 38ad7cf912f3ec062a6e87ce2d4543facf58039d
SHA256: 5C90EABCA5EB8B2C647AA2DA7B20E217D9A95F7944284209AB23CAD55FC77042
File Size: 1.45 MB, 1447752 bytes
MD5: 2bdfee55cebfbc9a0ddf0c1325b0ffec
SHA1: fc75d6b978fa084e30770e7c1006f22b3e637bc2
SHA256: 064AACC831593F1A425F93B4D20A05E2F27C2F7FE2B4D40C94A794F24C4F577A
File Size: 1.09 MB, 1088000 bytes
MD5: 126f562617d4872840d76fb1b86e6370
SHA1: 4ce5580545802e4e6a3fa77773db2c5e78f44c0f
SHA256: 472714673552C31D39BE9C41DFCF4B24ADAD8C61616E1873E399C7504A1BE206
File Size: 1.65 MB, 1650808 bytes
MD5: b04427528aca52fd640e21a477f85bd7
SHA1: 206f655515d4d20cd23d6e84bf1698236a4ebe32
SHA256: D1A5CBC628C9E9CDC7C65020008A313D8D8DACA73EFFEE929A334FF2079A6B2E
File Size: 1.63 MB, 1632888 bytes
MD5: 12ecd6ce84b5d06aae57364dcbf4b613
SHA1: 031683950d10575717b33f258922ba8873b9f6ac
SHA256: C6A8B46ACDD9B13C2EA80A7A4C28B37AB9AD5EA1290B092D791D913625DBB5F6
File Size: 1.39 MB, 1390880 bytes
MD5: 7c7e36c2291014835be2a0a0572ee205
SHA1: cad8e2de13eb7bebd32c68290b9db06d0d9d1959
SHA256: E7058F320C4C5933A67638A310C1B01E183E142FF5A04D9E214FAD982CF1E026
File Size: 1.67 MB, 1666168 bytes
MD5: fb4dfc143f2c1546bd9ac686aa83d5d8
SHA1: afa3c774a18d27e27073ae5b8e7fb70091ab4668
SHA256: D785A9868CEBA0EA60A358E2BA5CC892265499FDBB3B6518A684E6C72CC9F0B3
File Size: 1.30 MB, 1297920 bytes
MD5: 0a80804ffa195b495f3d4c51e9d76e35
SHA1: 3db290ea4be0ef435c6795be3c6fd659cbd2560e
SHA256: 05BC20184A5802B783CCC9851643C00303290E70D3A16905C812D701337477A1
File Size: 1.40 MB, 1396512 bytes
MD5: 4aa9b22149f7dbf5a26274e9eb26d11d
SHA1: 0e4701b9f15ad274e649e24aa0b351d3707eeb27
SHA256: 618332DBB43444A3AF42056E291740CC092066C4B9D304D7781672AE8CFF06EE
File Size: 1.65 MB, 1647224 bytes
MD5: 1417ce49f22037a6925a81f929155e31
SHA1: b851bf13c6f1fccaa3b2e40649542309a4bdd1b9
SHA256: 08434DA7EB4BBEC3027F600A120219C96D51D8735E22C877A3CEF38332BC589A
File Size: 1.12 MB, 1123840 bytes
MD5: 8c12a61a4ae4ab8c80d7b8a098fef4d4
SHA1: 360ee9fa531e98c2bef9c1eecf9dddb4c15fda83
SHA256: 9746D1B97E13C8F8DB8B5C7A8B61782533B20668759982D6A15CF727ED84DB63
File Size: 1.36 MB, 1362208 bytes
MD5: 4ce07453ad2cdba900311b7a97bc6e84
SHA1: 9776b1f4ddf6907ad1885ca5234e31c037e98ba7
SHA256: C58ECC2DC2149AEA3DFD74F5EA2E6951FDD506C5938396F6BBE0B675C7491585
File Size: 1.48 MB, 1477864 bytes
MD5: 159d7e4b9050c7e61f7b2b0566d31dbe
SHA1: 14ffdc2a3c39f772eeb263bd958ff1c210226528
SHA256: 7438B70F37BE49D7D936D58DB0552F86767E0A26C3AB7E1A5E2BB15CE9E271BE
File Size: 1.66 MB, 1661560 bytes
MD5: 180a6698517ccf96717f39fe76cfe278
SHA1: 0024577bab86fb211d41bb2dccbfe68e64f8c29c
SHA256: EBC4D2B6D9A051866B3A8B66114D676ABBE8C231BFD1AB11A6244871534E08D0
File Size: 1.42 MB, 1423176 bytes
MD5: aa3781fac291b02ad26edc19d42a5a88
SHA1: deae453dc4396c9dea5c250bd9abd6963b47d71a
SHA256: 02340642EAFCC84BA8C412B94F2C46392BFB2F95197A9030EDF1E5C8C627C565
File Size: 1.62 MB, 1623160 bytes
MD5: b736b7294fb2d15bbb901bc0478fc827
SHA1: 49ffac4e0824b257b3512b97a9d2f012672a2d17
SHA256: D1783A39E7BFDB614F0BBD2A2B98C238BD9F168FB0E41A4BBB7B5AA7B29D5B0F
File Size: 1.63 MB, 1626744 bytes
MD5: 2c51a482a7efb5e7f2df404eb85075e2
SHA1: 9580ab861149e611163863a7453a823f324a9a23
SHA256: 4721D211CF017156C3102CEF93CC02A47228F0A7AA2E56DC19AF0C8DB7120222
File Size: 1.17 MB, 1172992 bytes
MD5: 88f43c546eabebf3996c0a8a3f81ea98
SHA1: 83976fd12f5ce4868a5878fe742a5f4a8e0eaad1
SHA256: A6F8B66721375DB9029DF0A059B3D660491636C564E9ACC3A9214F51FC66F7A3
File Size: 1.24 MB, 1242112 bytes
MD5: 44185428a82215d96a8b3b68a1218cca
SHA1: ce945144cba7d4fc3787fae96ca1664ce46d43c4
SHA256: AA6D477CCC18B7322C29C4FEB0FE6934F593C1B743B7C3D0CB3E17DDBE39EB1E
File Size: 1.66 MB, 1658488 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
OpenVPN Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
VMware, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Hugh Bailey DigiCert Trusted Root G4 Hash Mismatch
Wireshark Foundation Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • dll
  • fptable
  • nosig nsis
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 1,808
Potentially Malicious Blocks: 473
Whitelisted Blocks: 1,286
Unknown Blocks: 49

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? 0 ? ? ? ? ? ? ? ? x ? 0 ? ? 0 ? ? ? 0 ? ? 0 0 0 ? ? 0 0 ? 0 x x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? x ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 1 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 ? 0 0 ? 0 ? ? x x x x x x x x x x x x x x x x x 0 0 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x 1 x x x x x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 x 1 x 1 x 1 x 1 x x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x ? x x ? x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\1560809199.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1664883577.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2206154598.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3060400664.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3429634521.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3435183054.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\amyzfjqdnczeangjufudi.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\anyqnqstzgsyxvxyyyx.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bhojyxakoxkqsmxwmfwmziiu.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bpxypmnomtorxxsfcecphpel.txt Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\braopntgscmnepynqptrit.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\czduljulbmbsykwsimlyd.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\daobolyonipfgssdjeqeyf.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dthepisaawncscxpjulwlpvjko.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fdjlkoxuupdrccsgjf_zldzwyfhdzulonkg.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gcbjhxtfmlvwmvz.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\generated.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gtpbzqdhtfghawxpisiihhntjy.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hjwstfjzhpdremgzhepr.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ifcgdkdadllpdjkim.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\joxmkbeygpthwsagu.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jpzpijzmhysxfgtjnlxlx.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\khmsnswrwzawkafadgxgorgfbce.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kncmgbuqadgurqekngmac.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kvwonddaqqbuiwuzcscurzm.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ljarpiaxpoyiwhtca.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lyarpwnkgvvifqu.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mpuyfhgawnuuwbc_tqpkndoebjytheqanvn.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mvaxucsrpqvfrvlogspbnocy.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nkrzieyztvucqfpwflguxqllots.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\oacllvcnrqeptcebptbeas.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\odtdaqnjhhmrrgozgx.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ovfdsyzplqkdtulafugn.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\qphttdxlkrhasskimobmnjy.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rvhhqhvupmfjtsplntudkspea.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\scgclvmssilswabsnrgsux.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_11008.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_13018.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_15133.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_16991.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_21220.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_21408.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_25732.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_28691.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_31275.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\test_9877.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tlnakjsfbkxqwggwhpnzlah_ffupmpiwcgohimgl.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmmvfadbmuqjhgasmdlhunpqh.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uzuoubgazkejpig.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vvbllczkxvbmpnwamueovkrwis.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vydhcgwqfhhvmlvqcpdink_kvtxozsdsggljqpfkrwkjr.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\whinmmytomnaumpkfubmso.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wkufgqabsmhawrbsumvhoygq.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wwivawbvjlbrkppxyewjvbk.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xfzsmbtaretnhrbsfur.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xmaudrwzjmlgusbntucgz.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xrurtinwvuhanuksstonq_lgxekefdvlqbedtdp.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\yierhohanpanbrtwcsfrblzh.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zeygczyxotzbqdgdmfuksp.txt Generic Write,Read Attributes
c:\users\user\documents\cfjymkmdgtfodhuupl.txt Generic Write,Read Attributes
c:\users\user\documents\kzdgpcrktwbnvxcdxwabxvl.txt Generic Write,Read Attributes
c:\users\user\documents\pplhzwnkvgwgeackicjtuml.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\kmcrwomcyjlubudkcaff::dsjvis RegNtPreCreateKey
HKCU\software\aimobiyvjfdqaykokojhb::dsjvis RegNtPreCreateKey
HKCU\software\lweoiqynfcupnmvggkouvquwbp::dsjvis RegNtPreCreateKey
HKCU\software\wspzwjnpemmiebgchzbksne::kyfgiynuzcatwtgdkhfmnnpu auuvqzzxyycuylrkb RegNtPreCreateKey
HKCU\software\bifdaqxfrjagcfukng::dsjvis RegNtPreCreateKey
HKCU\software\rwmasqknxfdhnxkrk::dsjvis RegNtPreCreateKey
HKCU\software\tuxzgbbvrczggdbtsf::dqhmaqxnpotkxkvzfqxtwxkw rfrchxxvdqkfto RegNtPreCreateKey
HKCU\software\hgzhfnhkyeejuszzepzvpxjh::dsjvis RegNtPreCreateKey
HKCU\software\fckjdsgabbnsgcvarg::dsjvis RegNtPreCreateKey
HKCU\software\cpreajtrssooonfxn::dsjvis RegNtPreCreateKey
Show More
HKCU\software\marbnhurzdpukieoyqgmsogaxx::dsjvis RegNtPreCreateKey
HKCU\software\usvqlgjcugtarklefblansw::dsjvis RegNtPreCreateKey
HKCU\software\ufralfszkyfhgiqqqsh::dsjvis RegNtPreCreateKey
HKCU\software\bqptrxvgffrglhpiei::dsjvis RegNtPreCreateKey
HKCU\software\jenqypedfohfkvvrr::dsjvis RegNtPreCreateKey
HKCU\software\lrgcgkjqlgixbuqdqel::dsjvis RegNtPreCreateKey
HKCU\software\wgxmkhigtawqhgqefprzeu::dsjvis RegNtPreCreateKey
HKCU\software\isoicqnlluadvpluilfkawm::dsjvis RegNtPreCreateKey
HKCU\software\atxwhlawrfjeshbndcysjxxz::dsjvis RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
Show More
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • NtQuerySystemInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpReceiveResponse
  • WinHttpSendRequest

Trending

Most Viewed

Loading...