Threat Database Trojans Trojan.MSIL.Krypt.GDTA

Trojan.MSIL.Krypt.GDTA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.GDTA
Signature status: No Signature

Known Samples

MD5: 6ad5dd11a3d40b88bbb66b1ec0d7a0bd
SHA1: 5422b1dd35279ca95f4d9f57a60b8cf7f8a70917
File Size: 594.94 KB, 594944 bytes
MD5: a1126bc5271d574e38e594212e02ab02
SHA1: 4585078cb497e40fb5496188c6c051c46d512de9
File Size: 594.94 KB, 594944 bytes
MD5: c9de4789fe857984c3e3950e42d80ef6
SHA1: 241e6acd2859dfc143fcfc425e862c04e0c619bc
File Size: 594.94 KB, 594944 bytes
MD5: dfce169de2dcfd3d39e5ee11a80655a4
SHA1: 3c7e59bbd2000ecbdf487dbef7ecdc7d35d27f36
SHA256: 9CA3D66113FD2B5AE776FE1732A105D891C0D389DFAD82E805FD63712F0603F0
File Size: 594.94 KB, 594944 bytes
MD5: f17b9016b9ca496893e7001d3e8cafbd
SHA1: eb2ad0ebaee2779c4a3410213d60a33b69875759
SHA256: 097EDC2A75540E99362C00690DCCED0356A16B67006A3E271BF926A3DA4C3415
File Size: 594.94 KB, 594944 bytes
Show More
MD5: 5a3356b8c6468e1c3c1b5bc9177dd424
SHA1: 925bdb28ed3d37a677a726f9613ae301af5e40e0
SHA256: 7488280ECF0FDAAD21F600D7422DFE91CB4479068E86E6CB262659C3B0F44A52
File Size: 594.94 KB, 594944 bytes
MD5: 0b093ee845861ac94428861455e7bad6
SHA1: 8e8a609c374afc2f01de967e143ecf24ba163031
SHA256: 33958E1CEBD9FA677C9E468E04A7728249C33459E2F9DB17B3FD318BEF53A829
File Size: 594.94 KB, 594944 bytes
MD5: 3379af9d77acdcab5999ae42fab737a0
SHA1: 7d922720c5a89868759800b76fac44d36a181469
SHA256: 02D19FBD476033CF26F623A6CE5BC4BC60A85DF3F934075B931098AED5609DD1
File Size: 594.94 KB, 594944 bytes
MD5: 01b014232d5e2e83bf26fa07da127b2d
SHA1: 795bf17b00ec40e96a3559fe9f409b221ab70b9c
SHA256: 9E5C6889044791A1EDA702FB1E125CD4C621FEC2F233D6D52D6897F86A19DC67
File Size: 594.94 KB, 594944 bytes
MD5: f6de2fa5a59142619d6dc7c46b016f31
SHA1: acb91bc86895345314b6f3bb6e1c8087f972fc53
SHA256: A7E4BCFC49FA8CD5EE02B2AC48E41DFF44663F71A7B0E0F270DFF616FC404F16
File Size: 594.94 KB, 594944 bytes
MD5: d90ac0843ecf7ce87d4cf2a7667c02e1
SHA1: 4cfb41c2dd8d35863d21c792bd751a5352f4cefc
SHA256: 4A31920FD7DC2E9B2334DBA1101E736222416847A72C3E6C878777830CA85530
File Size: 594.94 KB, 594944 bytes
MD5: 525449fb7d24e5c8b81f0f6ff07fea4f
SHA1: 3f71bfae59ea8587f31541f5211289d48e27f8a3
SHA256: B0FEC7EC3F6A8D3918664101F8EE5312654A8E5CD3D190C94CD0397F323C0EDA
File Size: 594.94 KB, 594944 bytes
MD5: d17f4d0c4d54b000e86b5d264bae1700
SHA1: 5ba3d427b39061a5317713ae531f9550ae110aba
SHA256: 776BF5D570E60B83B8BDE75AF2998F4DFE4F22AFD455702BB435F24EC29DAE8F
File Size: 594.94 KB, 594944 bytes
MD5: 6afd9c0e2db1f9d2b04e75234a8c2f76
SHA1: 8eb604594396ee1d703bfea7cf9c86b61958cc7a
SHA256: 92D6DAD64FFF234819F9FEB1206C36758457DC3AB637DBED1D41B6A2240F14A2
File Size: 594.94 KB, 594944 bytes
MD5: ed00fb1d60e7411f2e05917155b4daef
SHA1: d562e036597506e2e5088775c92c98e0a81232dd
SHA256: 743CEA7EDA11BB3AA11EAF9B80A0C31317EADE4C5B5938EBB73D3FD955B3BB29
File Size: 594.94 KB, 594944 bytes
MD5: ab04125231d50c87ee0b9d1d12171ae0
SHA1: d7235b2639ecb0d4b7e9c5a2a6bc6cf678390fc1
SHA256: 4F6A0781FF5EAF797AEA52AE758F3F9667B0860C2C1FBA082A82CCB39DE1C0D6
File Size: 594.94 KB, 594944 bytes
MD5: 31a9e957477da8f9085731da9991f5c9
SHA1: b3874c75b8ac768dd98b0c7b4fcfbd0dcef5f633
SHA256: A28CC641EAD12CBA67DE144F8729FDFF0694F2D5B135E5BA5C83C710E20B63AB
File Size: 594.94 KB, 594944 bytes
MD5: 44348e07afeaa5c4e2d87abe3af37fe1
SHA1: 8b9ea977a48fa5d3c47368db4296c3fd75533389
SHA256: D54C2F12AAD0C2C67F0FBDABCA271A14287C2964A986CA3196908711DA0D4A41
File Size: 594.94 KB, 594944 bytes
MD5: a90afce7a2bcdf44a23fbba24a57661b
SHA1: 7fbccdbf7628fcfb3c7997a85c26abeb1ff695c2
SHA256: F031C228D5867DCB358CBB523E632942D3A99207C7D153FD99A21D4FE160BCBC
File Size: 594.94 KB, 594944 bytes
MD5: 2fe137f31ffac908052bd0a71adbf968
SHA1: 5f440946e7646d2afa8be28e938f49a64af8eaf5
SHA256: C8B7F17092DB49344DEDA92181494CAADBCE3FF2E5B5D807BAEEF4AC84655E2E
File Size: 596.99 KB, 596992 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • .NET
  • No Version Info
  • x86

Block Information

Total Blocks: 35
Potentially Malicious Blocks: 19
Whitelisted Blocks: 16
Unknown Blocks: 0

Visual Map

0 0 x x x x x x x x x x x 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x 0 x 0 x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Krypt.GDTA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation

Trending

Most Viewed

Loading...