Threat Database Trojans Trojan.MSIL.Krypt.EEBD

Trojan.MSIL.Krypt.EEBD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,492
Threat Level: 80 % (High)
Infected Computers: 2,018
First Seen: July 10, 2021
Last Seen: April 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.EEBD
Signature status: No Signature

Known Samples

MD5: 31b6a9a088e5dedd175408b94445b785
SHA1: 8ac459e6c9ce8aec14b592e18d2aff22d4864732
SHA256: 065CAA396E7C12066050D41E73BED5C5E608572B146E3884A5CAFEB335E94E5E
File Size: 308.22 KB, 308224 bytes
MD5: f3755a3844cb357ad16f2de444bdbe2f
SHA1: 7f23b77e4f6d0876d9cd39d687ead204144985ca
SHA256: F9A1D4F0E90A77E571B869C50F1C67F7074AA0F02403FD678467B6C83D89704C
File Size: 492.02 KB, 492016 bytes
MD5: ac5f030d2e85600667764673df872d3a
SHA1: 80064f13f364c2083e168410b0b6da0a001fa7b2
SHA256: 86A78AD2599FA9B36F0BCD09F0CC6F2ADD0C2D013A42B449ED66D48B0DD0630E
File Size: 492.02 KB, 492016 bytes
MD5: aa0012e7024e4b592b6b3a64a7ade95c
SHA1: d005e9372a49fcd76d2279e9223b3ffec4f205ff
SHA256: 58691FA5A3A400F7E690A73F038DFE0D7726CF7F554BDC6B2CB99A193A498993
File Size: 521.22 KB, 521216 bytes
MD5: 348d350b101abc03bfa606f6fd6df6a6
SHA1: 370d9a78550c81bb0e751805617a6217d6aa20d2
SHA256: 536DEFA45735165E5B5F58C1C2A062CA0DEF1616D5826D5602AC0D6624EFC884
File Size: 495.10 KB, 495104 bytes
Show More
MD5: dc918305a9c93a6c3cc7e651427ab875
SHA1: d4a41998784ff62392aa0975f8b96a47e2e6c2e9
SHA256: 4C2D1427CD6FD78DEBDD0E2C195384B6127261D446C62A3CB85A97334A41F459
File Size: 591.36 KB, 591360 bytes
MD5: 530ea55e483888c90a07af23d8eaad8c
SHA1: 71b8323d847c7b460ecc8cd79ae3cde5f6aae8f5
SHA256: E8E188D7A6A69946F7BE5B934EDCCC68EE229D4AE71EBD0045484DE0640B4E6B
File Size: 634.88 KB, 634880 bytes
MD5: e8e0f7040dfe371a6adf210871f77ead
SHA1: d9edef6c263d242ef46242744ffaf1d6b34b707d
SHA256: 421DB99136B0553A119729EF536E58CE8A8BE7A9C7A882124622E986FAA76E8A
File Size: 1.30 MB, 1301384 bytes
MD5: 8abac070ab68f5c5c829dead03e1b369
SHA1: 818ff49d634d2eac59cc902bdca0b94cddb2f1f3
SHA256: 7DBADDBD11D8C575EFE5E341E80CB146E5609D81EB816A70F1ADBDA525DF4DB8
File Size: 569.34 KB, 569344 bytes
MD5: 55aae602a6102ad3d20c29a3aeeee40b
SHA1: 519b1f2f457e3d562315f73f04c52b6d2304d43d
SHA256: 85FDD735883A3B7190F88637A90FB99753AB9E0095BE15462731E4D638DA4178
File Size: 673.79 KB, 673792 bytes
MD5: 4a4f6c43442a23b57711092eb1608bde
SHA1: 2e761b4fe4c1b32a4024489edf3e288b9c26cecf
SHA256: 79757833B8F03E206BBFC53AF04FAE68FE77AD22BB2127C9A43F7335428FF92E
File Size: 425.47 KB, 425472 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 2024.2.25.1
  • 2022.0.8418.34293
  • 4.0.0.0
  • 3.3.1.0
  • 3.1.0.0
  • 2.8.0.0
  • 2.0.0.7
  • 1.0.31.2602
  • 1.0.0.0
Comments
  • Aplicación para el manejo de dinero en efectivo y TITOs.
  • Aplicación para trabajar con Recomendaciones Técnicas en el escritorio y colaborativamente - Ecopetrol GRB
  • Create volumes for Comics
  • CryptoCrack is free software that is designed to solve classical ciphers which were used before the second world war. It can solve over 60 different classical cipher types, in many cases without knowing any plaintext or the key length, and in 15 different languages.
  • Open source graphical interface for SQLite databases. www.macs-site.net/sqlite
Company Name
  • Diagnostic Associates Ltd
  • Ecopetrol
  • LukasSoft!
  • Microsoft
  • Thomas Greg & Sons
  • Thomas Greg & Sons LTDA
  • www.macs-site.net/sqlite
File Description
  • Casino Softcount System
  • CreateManga
  • CryptoCrack
  • DA App Hub
  • NSC_Analyse-Programm
  • RT App
  • SAHEMPMR
  • SQLite Editor
  • TGS.AM.ControlePresenca.WinUI
  • TGS.ES.CPT.WinUI
File Version
  • 2024.02.25.1
  • 4.0.0.0
  • 3.1.0.0
  • 2.8.0
  • 2.0.0.7
  • 1.0.31.2602
  • 1.0.0.0
Internal Name
  • CasinoSoftcountSystem.exe
  • CreateManga.exe
  • CryptoCrack.exe
  • DAFirmwareUpdateApp.exe
  • NSC_Analyse-Programm.exe
  • RTApp.exe
  • SAHEMPMR.exe
  • SQLite Editor.exe
  • TGS.AL.ControlePresencaPratica.WinUI.exe
  • TGS.ES.CPT.WinUI.exe
Legal Copyright
  • Copyright © 2009
  • Copyright © 2015
  • Copyright © 2022
  • Copyright © 2023
  • Copyright © 2024
  • Copyright © 2025 Phil Pilcrow
  • Copyright © from 2016
  • Copyright © Microsoft 2019
  • Copyright © Thomas Greg & Sons LTDA
Legal Trademarks LukasSoft!
Original Filename
  • CasinoSoftcountSystem.exe
  • CreateManga.exe
  • CryptoCrack.exe
  • DAFirmwareUpdateApp.exe
  • NSC_Analyse-Programm.exe
  • RTApp.exe
  • SAHEMPMR.exe
  • SQLite Editor.exe
  • TGS.AL.ControlePresencaPratica.WinUI.exe
  • TGS.ES.CPT.WinUI.exe
Product Name
  • Casino Softcount System
  • Controle de Presença de Teoria
  • CreateManga
  • CryptoCrack
  • DA App Hub
  • NSC_Analyse-Programm
  • RTApp
  • SAHEMPMR
  • SQLite Editor
  • TGS.AM.ControlePresenca.WinUI
Product Version
  • 2024.02.25.1
  • 4.0.0.0
  • 3.1.0.0
  • 2.8.0
  • 2.0.0.7
  • 1.0.31.2602
  • 1.0.0.0

Digital Signatures

Signer Root Status
For Ecopetrol For Ecopetrol Self Signed
Phil_Pilcrow Phil_Pilcrow Self Signed

File Traits

  • .NET
  • HighEntropy
  • x64
  • x86

Block Information

Total Blocks: 117
Potentially Malicious Blocks: 7
Whitelisted Blocks: 46
Unknown Blocks: 64

Visual Map

0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? x 0 x 0 0 ? ? ? 0 ? ? ? 0 x 0 0 ? ? 0 0 0 ? 0 ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 x x ? x 0 0 ? 0 0 0 ? 0 0 ? ? ? x 0 0 ? ? ? ? 0 0 0 0 0 0 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...