Trojan.MSIL.Krypt.GDTB
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Krypt.GDTB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
adc5c76afd1a38c2825132133c886a67
SHA1:
c883f9847d9a1f6b10dfa90c82f6cf8161601b01
SHA256:
4F3BDDCC84341075A10A2582071448E4D00B20A7729C5CFD419BDC7EDC174A45
File Size:
641.54 KB, 641536 bytes
|
|
MD5:
70ad555faf92b223ae4beb349c5eda79
SHA1:
11e77a9156ac3cff67235b9a1b8360c7370a0a95
SHA256:
A8B6FC5C0F0BD16F59DA46A402AE27DE46EE6C7F9E71C7ABB2B1B29DF3494936
File Size:
639.49 KB, 639488 bytes
|
|
MD5:
50bb866b60a7447a6dc2137f9bdaa53e
SHA1:
9a2b28ab30b09b7e0b46acade03e22e7e894e851
SHA256:
FAD44BF5E387D8964560B10F57429F3EC54B3037EA698C6FBC9E291D8832E3F1
File Size:
640.00 KB, 640000 bytes
|
|
MD5:
aed66a6bf1490d7803ce551f842be73a
SHA1:
0af8161b439863742ae6d6dc4c577828fd650ead
SHA256:
0FDAA33053B1FC04A69F52B70B238BF08CDC8D1A765917874821CFC02361FFD2
File Size:
641.54 KB, 641536 bytes
|
|
MD5:
da2537b81df6c507ec8edeab68617036
SHA1:
86d0478eca115aed5944d5dfb394337b0d867772
SHA256:
E1699413D9086E4F86F380E13333D8615886E74C57B1A37AD8A31D3B3C90666B
File Size:
640.00 KB, 640000 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 115 |
|---|---|
| Potentially Malicious Blocks: | 70 |
| Whitelisted Blocks: | 45 |
| Unknown Blocks: | 0 |
Visual Map
0
0
x
x
0
0
0
0
0
0
0
0
x
x
x
x
0
x
x
0
0
0
0
x
0
x
x
x
x
0
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
x
x
x
x
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Krypt.GDTB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
