Threat Database Trojans Trojan.MSIL.Krypt.GBFJ

Trojan.MSIL.Krypt.GBFJ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 5,556
Threat Level: 80 % (High)
Infected Computers: 11,131
First Seen: November 16, 2021
Last Seen: January 12, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.GBFJ
Signature status: No Signature

Known Samples

MD5: eb2da36c17be9858a5e7db061cb15d9f
SHA1: f724b1eacf6787e29b12be91c02e7984416342b3
SHA256: A26CCC9C8C290774FCDF54A8E55047166E5A3730B4D8709AFB21BEF88F3F7BBF
File Size: 430.59 KB, 430592 bytes
MD5: ef46a478db7a4fca2c922d87e2d04f79
SHA1: 0cffaca1b89fbc4582f8272dbf606b2a278f9050
SHA256: E2B3C65F11E39635E81A79D7C1CBE851FA6198DC032A4D0DE6C5EBEB56D62F46
File Size: 474.11 KB, 474112 bytes
MD5: 65f79e52e7c8258fe98dc9256c4e0f4e
SHA1: 5815f9378185855643d939ed761e9a285cdd689b
SHA256: E037ACCB2C4F63FB43EA3CA5BB75B2E5A1B1B063A719DD475CC5D3F7EF31992F
File Size: 491.01 KB, 491008 bytes
MD5: a8ef1c89ad4ab0623d84072bd174a66b
SHA1: 721ae660bf2b28564b54c9ece35bc8ab86cc6c86
SHA256: 94269A6D8B52A4B69BAAA5225994AAB25CEADA875F570B9B8F3E0EEB38D261AE
File Size: 1.99 MB, 1990656 bytes
MD5: f32429ae7f6079664b376449f2f83d5c
SHA1: 2664fb16fa8aa083387c7670ddda30c5e9a9d871
SHA256: 151950A98E92629CC38FB3667EE45540568EA205E2599300DBC7F914DF96FDC0
File Size: 672.35 KB, 672351 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Company Name CORE
File Description
  • Screenpresso v2.x Keygen
  • Windows
File Version
  • 1.00
  • 1.0.0.0
Internal Name
  • adsrt.exe
  • cr-keygen.exe
  • loader.exe
  • TJprojMain
Legal Copyright
  • Copyright © 2024
  • Copyright © CORE 2024
Original Filename
  • adsrt.exe
  • cr-keygen.exe
  • loader.exe
  • TJprojMain.exe
Product Name
  • Project1
  • Screenpresso v2.x Keygen
  • Windows
Product Version
  • 1.00
  • 1.0.0.0

File Traits

  • .NET
  • 2+ executable sections
  • Confuser
  • HighEntropy
  • ntdll
  • RijndaelManaged
  • x86

Windows API Usage

Category API
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Winsock2
  • WSASocket
  • WSAStartup
Network Winsock
  • closesocket
  • gethostname
  • setsockopt
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDuplicateObject
Show More
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...