Threat Database Trojans Trojan.MSIL.Krypt.EEJ

Trojan.MSIL.Krypt.EEJ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,953
Threat Level: 80 % (High)
Infected Computers: 1,341
First Seen: July 10, 2021
Last Seen: April 1, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.EEJ
Signature status: No Signature

Known Samples

MD5: 74e448ae0c04e3f1df9075abe8ef403a
SHA1: b9e299533ea2c8eabdeea8858e6df5d035756211
SHA256: 19D4C958991EA11D9E0A4DEBBFC4578EE8BA5CF02B81426E75D34709553004A9
File Size: 1.02 MB, 1017304 bytes
MD5: f03d82b56be73d63d3dec0c69343e2e9
SHA1: 3092eba549fe82f1748054215bae340c868085f1
SHA256: EE0E422B28923E4C51539365EEB79A348A4F8E72027F9EC660F85165E3EC1160
File Size: 1.51 MB, 1506816 bytes
MD5: 8ecbe9a790982849ac2872e07c426df1
SHA1: 72171a5e8e1666217508dfbf75ebaae45996a206
SHA256: 9519BA89713B01BEEBC3DB81DB26DA0954536FDC214D12CB53D45BFC0294BC53
File Size: 1.46 MB, 1457664 bytes
MD5: 5134babaefa617b197b29c9f3d0b6bc5
SHA1: 9d806b6c128be6ff8a2381d53a3f98571dfcef50
SHA256: C9D810C85CC68EDBF36D474FA4E492E2D85DB4F71D597B0E3FC16CCE3200B4FA
File Size: 1.16 MB, 1163776 bytes
MD5: e6dbce900c070b0ba660818f82f8d39e
SHA1: 0f436aed8b01c7ec7c2e3d8eb62505c29f0f4402
SHA256: D47271A872283F6B74A78375074BA3163F5A450AFFD71F7200549C6B36A2CE82
File Size: 230.91 KB, 230912 bytes
Show More
MD5: 7935bd6ab2f2c8622e3c82395b31cac7
SHA1: 7ade7bafbf6aa06f01c160066cf195acee546d87
SHA256: C42EFA864B1EEA668112766E6F54267B4D3A053700829FAA7AA362645BBF709E
File Size: 135.68 KB, 135680 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.5.0.0
  • 1.0.1.17
  • 1.0.0.0
Comments
  • LogiCAT 4.0 - Gestione Centri di Assistenza Tecnica
  • programa para comunicação via TEF com sistema de Controle Abastecimento
Company Name
  • Expansiva Software
  • HP Inc.
  • LOGICA 2.0
File Description
  • BingoLotto
  • DCLAV - Contabilità Lavori
  • GHTRANSFERT
  • Latihan lks2
  • LogiCAT 4.0
  • TEF_Exp
File Version
  • 1.5.0.0
  • 1.00.01.17
  • 1.0.0.0
Internal Name
  • BingoLotto.exe
  • Gestione Contabilità Lavori.exe
  • GHTRANSFERT.exe
  • Latihan lks2.exe
  • LogiCAT 4.0.exe
  • TEF_Exp.exe
Legal Copyright
  • Copyright © 2009
  • Copyright © 2013
  • Copyright © 2022
  • Copyright © 2025
  • Copyright © HP Inc. 2024
Original Filename
  • BingoLotto.exe
  • Gestione Contabilità Lavori.exe
  • GHTRANSFERT.exe
  • Latihan lks2.exe
  • LogiCAT 4.0.exe
  • TEF_Exp.exe
Product Name
  • BingoLotto
  • ContabLavori
  • GHTRANSFERT
  • Latihan lks2
  • LogiCAT 4.0
  • TEF Expansiva - Frotas
Product Version
  • 1.5.0.0
  • 1.00.01.17
  • 1.0.0.0

Digital Signatures

Signer Root Status
CPS\davide.cerasoli CPS\davide.cerasoli Self Signed

File Traits

  • .NET
  • HighEntropy
  • NewLateBinding
  • x86

Block Information

Total Blocks: 248
Potentially Malicious Blocks: 45
Whitelisted Blocks: 155
Unknown Blocks: 48

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 ? ? ? ? ? x ? ? x x x x x x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? x x x x x x x 0 0 0 ? 0 0 ? x 0 0 ? 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 ? x 0 0 ? x 0 0 ? 0 0 0 ? 0 ? ? ? x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? ? ? ? x x x x 0 x x x ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? x ? ? ? ? ? x x x x x x ? x 0 x ? x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Krypt.MBDDI
  • MSIL.Krypt.YPB

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data 隞̃䬁耀꧌С> RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Keyboard Access
  • GetKeyState
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 840

Trending

Most Viewed

Loading...