Trojan.MSIL.Krypt.EEEKC

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Krypt.EEEKC
Signature status:	No Signature

Known Samples

MD5: e5fe5767a8e2638b466eeb4e76be1085

SHA1: d5e327b01664de214fb8fda501681b2d20bba9be

SHA256: A334EE89CA8ECF18C0E9458D034B075566E3FF62B1AF431E58F3EABAF1AC53EA

File Size: 9.92 MB, 9923584 bytes

MD5: 1ceda9e93ef9f5b869570460388f3943

SHA1: 2e3df366fbeae9b1742a243baf838b1b56b74e60

SHA256: 2C5A8663BFF6A964370C10C243ED07EB963D538B29BCA00DE3046F69C328A9F7

File Size: 9.90 MB, 9904128 bytes

MD5: a3088679c25ad4801c41f104b757c9fe

SHA1: 04aad2e7dac317ac2d946fef20969de836fb66f2

SHA256: 469FE97495FD1EE1E7F1305D5F9437F69307937AD2C5547BCAA95DC7EA297687

File Size: 9.76 MB, 9761280 bytes

MD5: 4003f542986e03bd137a03ef3afe45b6

SHA1: fd55aa0189b321e485f67e3639703d1f829ed12d

SHA256: F68C7B5DB79FE458E5491040D1074B1121570E5951F22D5C655661941150B983

File Size: 9.76 MB, 9761280 bytes

MD5: 8671b41efdd952112a386fe2d4aee972

SHA1: 7f3d19e3992554fa39082b21eb4b02870758d513

SHA256: 19888DC02C8E96375BBB656477AA19F97BBEB926A0CEA1CC4D582EA9CCD83E1C

File Size: 9.91 MB, 9908736 bytes

MD5: 6e3a24a6ad18efec6b48ba47a1bea659

SHA1: 03f3da41c13d5e65bffe631ea901ee886fff238d

SHA256: DD86A3E996B53B952E35477B7980929B1C43C42EFEC0EADC618115A22FFB86DC

File Size: 9.68 MB, 9682944 bytes

MD5: 2ece51ad92bc05c4ff5cd87ecfd5b5dd

SHA1: 2cc060736f9e93fe6a9d120643a62d21a28c2cb9

SHA256: FEE1C89111C57655D8A1CEE314B41BF6493E7D410F71932A57C894AD52D4A8CA

File Size: 9.76 MB, 9756672 bytes

MD5: dff16e6eb76f975233537e64647db18b

SHA1: 8689377b0d93b3f6b6aa0163b368a4a472c0803b

SHA256: D4BCE3E48CF3BD52A3910764AC6CA0A724ED6C54830BBF0266632395F997C7D8

File Size: 9.93 MB, 9926656 bytes

MD5: 810eb14cd0761911d7d9ae1969ac2967

SHA1: ddee7cba971364fd7fbfa9357d2f876eff4cc39a

SHA256: E755E343EB24FF4BA7AA775FA7D4A086652923A84AA0717C9705AC05F5AD3140

File Size: 9.76 MB, 9762304 bytes

MD5: a7ebace9f0bd629ffc962b98bff1b508

SHA1: 1f4eacf8f6db45f969f277b750a2594451faa96d

SHA256: 491A2D706255E6F1B65D86B518ADEFF04219491989F45F1F95455E9AD7388FE5

File Size: 9.75 MB, 9751040 bytes

MD5: 2f5efbcf10af106c453d69dcac11fd03

SHA1: 40a0e03a3172ffc2b098e14b15e2934a015f1e88

SHA256: 29F810C464152E0A83893E345E83C1C03B51A58602E689F73B5591AA417F002D

File Size: 9.87 MB, 9870336 bytes

MD5: 85cc45c569da26792fffe452e4e078f1

SHA1: 67e4f342387daeb8d0e66d853a804781e5da55c6

SHA256: 9C305781DCDA410DB3CB0F6E8A51F64A22E8F0A8E51C5BD4FC7D9E9D451D7F69

File Size: 9.93 MB, 9930752 bytes

MD5: d32459b2d551c1749f3dab242e72177f

SHA1: c0c2a815b83b2acf0185476128b54f15b26a671c

SHA256: 11C23AA4C54CA3A005656BB106509643E368198F2E93DD7D1402AFC01CBA1A8C

File Size: 9.47 MB, 9469440 bytes

MD5: 85e55f2b52438527836fea7e5317493d

SHA1: 4ddc7b7969ca4074c76bbfcf9927d0334d154631

SHA256: 48CE35EA766F2547D45039F74EDCAB95BFDEA5F9E1E048DBBF98EBB667D3E87A

File Size: 9.49 MB, 9488896 bytes

MD5: ed91ee57642f44cebaea8d2cfa96627b

SHA1: 36b95414dbdac7bdd476862aa7c367ff073e5eb4

SHA256: A7385766D57FD6A6AAE9FE785DF2E23D250D6E581836C779B01CEB7563DD01F7

File Size: 9.47 MB, 9469440 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
File Description	artistique courant evidence Fehler have lugar organisé participants performant project Show More resolver technical word
File Version	1.0.0.0
Internal Name	CrashRpt1403.dll WindowsCodecs.dll
Legal Copyright	Copyright © 2023
Original Filename	CrashRpt1403.dll WindowsCodecs.dll
Product Name	dete
Product Version	1.0.0.0

File Traits

.NET
dll
HighEntropy
x64
x86

Block Information

Total Blocks:	289
Potentially Malicious Blocks:	140
Whitelisted Blocks:	147
Unknown Blocks:	2

Visual Map

0 x 0 x 0 x 0 x 0 x 0 x 0 ? 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 ? 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x x x 0 x 0 x 0 x 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Bulz.SH

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory Show More ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2e3df366fbeae9b1742a243baf838b1b56b74e60_0009904128.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\04aad2e7dac317ac2d946fef20969de836fb66f2_0009761280.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fd55aa0189b321e485f67e3639703d1f829ed12d_0009761280.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7f3d19e3992554fa39082b21eb4b02870758d513_0009908736.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\03f3da41c13d5e65bffe631ea901ee886fff238d_0009682944.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2cc060736f9e93fe6a9d120643a62d21a28c2cb9_0009756672.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8689377b0d93b3f6b6aa0163b368a4a472c0803b_0009926656.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1f4eacf8f6db45f969f277b750a2594451faa96d_0009751040.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\40a0e03a3172ffc2b098e14b15e2934a015f1e88_0009870336.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\67e4f342387daeb8d0e66d853a804781e5da55c6_0009930752.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c0c2a815b83b2acf0185476128b54f15b26a671c_0009469440.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4ddc7b7969ca4074c76bbfcf9927d0334d154631_0009488896.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\36b95414dbdac7bdd476862aa7c367ff073e5eb4_0009469440.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Krypt.EEEKC

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Perseus Banking Malware

Uragan Ransomware

ValidVersion.app

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen