Trojan.MSIL.Kryptik.PE
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Kryptik.PE |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
502f9c4b9689ecf0c7b4445f85e65006
SHA1:
0fbbd2bddbe80d3149c1a530bfcce0c5ad287ec1
SHA256:
FC1E4B8AA2D89906D66474500DFDE4EC5F858127E63AD3BFF3C2D9D93EB6653F
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
6431000e112c408103d4b5928b36a7d5
SHA1:
a51400b5447360c53b1e62455ee072e8d9567e59
SHA256:
03582209B7B00445EB0D3E089A4ADA766374FF054FBD1DD98FBA297A219A3225
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
14faa33687b2c404bc0f9499c3f9625f
SHA1:
a1e57c7b9f77450b47f5abf3e4b4e93dfff711ed
SHA256:
D3060B38A9740345EB8A2757ACFD068E8215435D0145E3314983C2DB4F7CF939
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
2b0c609e99f6ae6a9ebf22bf800030e5
SHA1:
0c2119a54003aaf28b15867d5d4fb0a222462a00
SHA256:
ECD90CC23784BB37E5E7B9E306DE228926D5BBF9191B426C6C18B9DC185A1B2D
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
61acbab7a026cca2355193cde635f05d
SHA1:
afc43579d7f6e0f727bdf0f0a8b230113003b7b1
SHA256:
4999B2226FE6394CCC6E8E8AA7ECB9C85986B956A672AED718E50F757112C19B
File Size:
6.66 KB, 6656 bytes
|
Show More
|
MD5:
538b068150aeae61fd23f829d478ec32
SHA1:
29ab6c55e184ecce4cf017715fb916339941b2c6
SHA256:
DD954F6E007A261927281B1432915945865FB662E413EF06F04218A04E4DA4AD
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
b698007d1a3a27373c2fd25ffce16b7d
SHA1:
d30d68663c901d5890ec47871994101fccebcba1
SHA256:
01005644CA7B6972478A7D500A7E9033A9007AF20591F7283F54682AC398C216
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
31ee160d5d24b0c608b44d0e8601b978
SHA1:
fd1419ae308aa0fe5f322fd4b73d9f65aceaf27c
SHA256:
F7AC5C92D117C5F284430B6E11E0ECDDFB361AE606493485DAB8AAB4E6E4BF44
File Size:
6.66 KB, 6656 bytes
|
|
MD5:
d29da9580c0f121789d9124e4b1a973c
SHA1:
f6747a0d605281396acf0331360c54e166e477e4
SHA256:
7A29497F8FBE400B1E4F77E8DD831FB43D9B6792DC31A0A843E111EDCE6E0BF0
File Size:
6.66 KB, 6656 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
|
| Original Filename |
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- dll
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3 |
|---|---|
| Potentially Malicious Blocks: | 3 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Kryptik.PE
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
