Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Krypt.JADA

Trojan.MSIL.Krypt.JADA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 18,220
Threat Level: 80 % (High)
Infected Computers: 15
First Seen: October 21, 2023
Last Seen: October 5, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.JADA
Signature status: No Signature

Known Samples

MD5: f32b07af3232e697871a82b5809e9f29
SHA1: 12c6895fd40181260077e60069e5b93def9baa65
SHA256: BCB0CDE1C99055BAB5F1948CA6884688DF13653EDD6B22AF15F85E2FE41670F3
File Size: 4.57 MB, 4568152 bytes
MD5: bd6af96dd51cae22f3724ee844d8594b
SHA1: 4d1d0dec7e370001b9c746124cfa27c4bb34e7cd
SHA256: 38CCFF995B666CA2B366271C6FC4194927FD6EADB220AD84DE9420F6C1F0AA1F
File Size: 545.28 KB, 545280 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.121.101
Comments A Relogger for Honorbuddy
Company Name YoYo Games Ltd.
File Description
  • ARelog
  • Installer for GameMaker Studio Remote Worker
File Version
  • 23.1.1.146
  • 1.0.121.101
Internal Name ARelog.exe
Legal Copyright (C) 2018 YoYo Games Ltd.
Original Filename ARelog.exe
Product Name
  • ARelog
  • GameMaker Studio Remote Worker
Product Version
  • 23.1.1.146
  • 1.0.121.101

Digital Signatures

Signer Root Status
YoYo Games Ltd. Symantec Class 3 SHA256 Code Signing CA Self Signed

File Traits

  • .NET
  • HighEntropy
  • RijndaelManaged
  • SmartAssembly
  • x86

Block Information

Total Blocks: 1,478
Potentially Malicious Blocks: 7
Whitelisted Blocks: 1,096
Unknown Blocks: 375

Visual Map

0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? 0 0 0 ? ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? ? ? 0 ? 0 0 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? x 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 ? ? ? 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? x 0 0 ? ? ? ? 0 ? 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 ? 0 x ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 x ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\assemfiles\e4daa5d5\d\ugxhdgzvcm06ic5orvqgnc4wigluc3rhbgxlza==.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\assemfiles\e4daa5d5\d\ugxhdgzvcm06ifdpbmrvd3mgoa==.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\assemfiles\e4daa5d5\d\ugxhdgzvcm0gq1bvienvcmvzoiay.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\assemfiles\e4daa5d5\d\ugxhdgzvcm0gq3vsdhvyzsboyw1loiblbi1vuw==.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\assemfiles\e4daa5d5\d\ugxhdgzvcm0gt1mgqml0bmvzczognjq=.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\assemfiles\e4daa5d5\usages.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\identity.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\isolatedstorage\achoy5gw.frd\mrxe22t0.mvy\strongname.mettjqp1jj3mkpwzfnxc30xiyfyxtd45\info.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb9b3b.tmp\advsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb9b3b.tmp\modern-header.bmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsb9b3b.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\spltmp.bmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAConnect
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams

Trending

Most Viewed

Loading...