Trojan.MSIL.Krypt.GBMD
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 7,385 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 113 |
| First Seen: | September 8, 2022 |
| Last Seen: | November 11, 2025 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Krypt.GBMD |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
a382d9cf1f8fe735c146d02ccc272671
SHA1:
d0ca76cb1a2e9564545e1714975c4231ab3f562e
SHA256:
8030C3AB5CE14C4F748F6C1953816249DA1496C3D2340A74B3AE73AE3FACFDDD
File Size:
182.27 KB, 182272 bytes
|
|
MD5:
3a28c063f214220da89bf06231dba1d5
SHA1:
154d8561460ae8744b939950ecd5e34e3aa004cf
SHA256:
230A8D0E7BEA5258FDD6BFEAC8188382C9AB7DFF317B305A220C88ECCF05783C
File Size:
258.56 KB, 258560 bytes
|
|
MD5:
b912bd0c6f6619e0b716987a8816a19b
SHA1:
9e3e669843669ed0f08590ec78f99a38f07f6c8c
SHA256:
2DB8C22654EE38A934F01D594B4B4A0713E929B61C065E3D7BCFF65D57B7C7D4
File Size:
182.27 KB, 182272 bytes
|
|
MD5:
2357bea61ef046e3b400baaeaadeccfe
SHA1:
e46d4bb4c8868d0503f1bbb4ffb295e3e649deeb
SHA256:
76DF3C5D5158B5FFD0A4AB908C0835100C253B9829665FD557F42FCB7A181534
File Size:
283.14 KB, 283136 bytes
|
|
MD5:
5d570abbb8d205a73207ad0d08dad108
SHA1:
89fc848b0e44deaaa7b0675b956dada7f784497a
SHA256:
9CC7906F4CEAF7983C7C5CFA4C1630A970E7CF5636F0F97862CB0160DE166AF0
File Size:
281.60 KB, 281600 bytes
|
Show More
|
MD5:
632b4ad98cffcf268d5d3185dd3e3767
SHA1:
918a604bdbcb2e5205d18faf8b72ab27e3a76feb
SHA256:
9EEEF52B0C045FFA5CE67EB211B1B8D35C289F0A8199C073821A515B0F629205
File Size:
283.14 KB, 283136 bytes
|
|
MD5:
310bec3716ce60dce56f8b3f8cb738ca
SHA1:
820a60f173aaebcea228f15869d75cfea745fa0d
SHA256:
D235AFE80CF6C6DD763D8729DFC9F86AD477F6A70BCAD0C88E9AD23F343BD7E6
File Size:
283.65 KB, 283648 bytes
|
|
MD5:
8fae8cdcdb1c9b034e72a69490633558
SHA1:
bc1180115f718abbd05b8073b3cb986fa69d26f9
SHA256:
93A27BF171FAC9AF8953C61E7DCE35ADB644B5111238A5DEE4A0E83D14DD3A78
File Size:
282.62 KB, 282624 bytes
|
|
MD5:
1aff30bcfd9df1cf8c9cf1544bf0af2a
SHA1:
04bf9063bae3903db90b22eeb4491ae250571642
SHA256:
49AC2898194384BAABB8978949782D4E0A92ADC90549D608E1284687E95539D6
File Size:
283.14 KB, 283136 bytes
|
|
MD5:
a9dac93314f94c66bb22e5229cc567c3
SHA1:
5bbae9dad8a484c253085bb95630caa8ab5ca748
SHA256:
579B5A8134EB5CB03F5E36D34E00A8E65457CBEA4F0652FA366E5C741B94300B
File Size:
282.11 KB, 282112 bytes
|
|
MD5:
73a1886d13199f9bffb7a0983e3a7aae
SHA1:
dccd1a952a0a0a8c480ce0352a3e225c5c7c11b9
SHA256:
75223291709D946EEC93716FEC9AAA365885D530FA3E01979543184199DF79C5
File Size:
283.65 KB, 283648 bytes
|
|
MD5:
9c1bec49b886b36b2a168d23b6b6ae86
SHA1:
be6ea53414263bb48f96debe40a6a3324b841078
SHA256:
44835FF6C80DFC528974E66485DC555311F7B464D23B3CCA054BDEAA48B8EDDB
File Size:
283.14 KB, 283136 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- .NET
- Confuser
- x64
- x86
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Anti Debug |
|
| Encryption Used |
|
