Threat Database Trojans Trojan.MSIL.Krypt.MBJ

Trojan.MSIL.Krypt.MBJ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,842
Threat Level: 80 % (High)
Infected Computers: 1,369
First Seen: May 18, 2021
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.MBJ
Signature status: No Signature

Known Samples

MD5: 31054349b11f94ed237cf9b32b342ae0
SHA1: 78e245e67ba793687ad49a1c4ad5d9af01940e4c
SHA256: 5915B3E8BA5DD6831DD452BEDA0E1B2D50C589666F801EA1960914DBAC47E498
File Size: 413.70 KB, 413696 bytes
MD5: 8884ffaa358605b948acfcd1c3826682
SHA1: 1a9b00530033d6182738d0040e320143a97829aa
SHA256: 619B8CB031E7FA387E7812AB1E15660415068730B452A72D025849C41ACB86B3
File Size: 2.92 MB, 2919424 bytes
MD5: 65160a3b17a4da8ce7636c2822c4d416
SHA1: 07dbc18d0e18be475fb887ac9d78e37a1e1b3391
SHA256: DBF2D510F90994609101808DE2A76E7FD49C6770998F17221951FBB6FD7B72A5
File Size: 2.93 MB, 2930688 bytes
MD5: dff277f5b1db3c871a6da9979cb5d5ca
SHA1: 1c59efd2768c5953815d530b9eb10b2f18a58fbc
SHA256: 53F714BB49B8B305D3BE2A2A5895B715DEB8467EECC6D8F9A299645FA591B788
File Size: 1.47 MB, 1465856 bytes
MD5: 4feb663514f3fd76500bd02b97eeb77b
SHA1: 7c63f2843274dd512ac113f372a2824c7398eb59
SHA256: 3CCF40A5F02101ECB41FC9C19715FC995ED61992192D28D2D4D06FD225CCAA95
File Size: 1.16 MB, 1158656 bytes
Show More
MD5: 5a72116c1bec75c3471304122c2f8e6f
SHA1: 3a17daf2fec727eaee230b182a25bb0b2536b214
SHA256: DB3BB82644B6374DD6F3388B37D000183B62D9DD74F3CE686D080DC9BF113890
File Size: 215.04 KB, 215040 bytes
MD5: 07aac55afea03be3d899b96eeccbe927
SHA1: 17a2e4491f2ff2489d334aa3b0c3f2dd887cef85
SHA256: 6ED6B4005601FAD3A5EE60E5581472C9ADCA968BAE09552CF380BCB3D51935E5
File Size: 1.63 MB, 1632256 bytes
MD5: bb630916db20e7899062e1e9a47469c9
SHA1: 53f632fc21feeac801f55c5d68427824bf0dcc12
SHA256: 39C65FF7E3BBF3AE8DE5E74352B98131344E7875F139CF9C36C89760A540B41E
File Size: 1.16 MB, 1161728 bytes
MD5: a68925bfa408c9495890e28ec6495ea7
SHA1: f8fb2a2fa9f2f9355dc2cb398ed91bf1937c7de5
SHA256: FA0F58565BA006ABF34E2327014FC5321BE05D5EBD2D3045638A47339599738D
File Size: 237.06 KB, 237056 bytes
MD5: 455f636e715b6e9fcc724722c885667d
SHA1: 7d3d0a92331b1a04087a5c4e1edf866c5d61cff6
SHA256: FE5B82794318DB718583A18999DDF1347E3751CFA80DF05DC0D17E7E82115EAE
File Size: 1.07 MB, 1065984 bytes
MD5: 932d3bd6f0030b14f7fb2973d904d63d
SHA1: ed6ac096a800bfc48487ec8f7943538662788b9d
SHA256: D323E71D50677F95FFD4273C9CB14DAFEB27C3DCBF0D324C9905B3E82A7C7DA6
File Size: 2.02 MB, 2022400 bytes
MD5: 8b3204b2cc52d9fbbed454943e58e463
SHA1: f535ee28cbd387266abb3eb0a00918c6e69e452a
SHA256: 8F6971E79EFEEADBCDB46D6A1D6F2B25BCD3A4B557090325B281AA1FB0AE186D
File Size: 661.50 KB, 661504 bytes
MD5: e8238defae026ec6fee313833d81cfbe
SHA1: 96a94cf5458b9b69a84883f145231e9be9a0a246
SHA256: 78BC503B88A65C6CFDA5F830387E9941D08356F96AB623783C1D325BBD8BFDEA
File Size: 987.65 KB, 987648 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 2.0.8.0
  • 1.3.1.0
  • 1.3.0.0
  • 1.2.0.0
  • 1.1.1.0
  • 1.0.2.0
  • 1.0.0.0
Comments
  • AutoUpdater used in installing Updater
  • JungleLeopard
  • Launcher oficial do servidor Rust Family
  • LCD-CS
Company Name
  • chuwi
  • DARKFLASH INFOTECH CO., LTD.
  • Rust Family
File Description
  • Acer DT
  • AutoUpdaterPlay
  • darkFlash DN-S
  • Digital Tube Control
  • DT Control
  • JungleLeopard
  • LHCUploaderWinForms
  • MARS GAMING
  • ModeNotify
  • Rust Family
Show More
  • VAG_PDC_EEprom_Repair
File Version
  • 2.0.8
  • 1.3.1.0
  • 1.3.0.0
  • 1.2.0.0
  • 1.1.12.0
  • 1.1.1.0
  • 1.0.2.0
  • 1.0.0.0
Internal Name
  • DN-S.exe
  • JungleLeopard.exe
  • LCD-CS.exe
  • LHCUploaderWinForms.exe
  • ModeNotify.exe
  • Rust Family.exe
  • UpdaterPlay.exe
  • VAG_PDC_EEprom_Repair.exe
Legal Copyright
  • Copyright © 2024
  • Copyright © 2024 DARKFLASH
  • Copyright © 2025
  • Copyright © chuwi 2023
  • Copyright © Hussin-Mahmoud 2024
  • © 2026 Rust Family. Todos os direitos reservados.
Original Filename
  • DN-S.exe
  • JungleLeopard.exe
  • LCD-CS.exe
  • LHCUploaderWinForms.exe
  • ModeNotify.exe
  • Rust Family.exe
  • UpdaterPlay.exe
  • VAG_PDC_EEprom_Repair.exe
Product Name
  • Acer DT
  • darkFlash DN-S
  • Digital Tube Control
  • DT Control
  • Hussin-Mahmoud
  • JungleLeopard
  • LHCUploaderWinForms
  • MARS GAMING
  • ModeNotify
  • Rust Family
Show More
  • Rust Family Launcher
  • VAG_PDC_EEprom_Repair
Product Version
  • 2.0.8
  • 1.3.1.0
  • 1.3.0.0
  • 1.2.0.0
  • 1.1.12.0
  • 1.1.1.0
  • 1.0.2.0
  • 1.0.0.0
  • 1.0.0

File Traits

  • .NET
  • Agile.net
  • Confuser
  • Fody
  • HighEntropy
  • Installer Version
  • ntdll
  • VirtualQueryEx
  • x64
  • x86

Block Information

Total Blocks: 644
Potentially Malicious Blocks: 11
Whitelisted Blocks: 200
Unknown Blocks: 433

Visual Map

? ? ? ? ? ? ? ? ? 0 ? 0 0 x ? ? x 0 ? 0 0 0 0 ? ? ? 0 x ? ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 ? 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 ? ? ? ? 0 ? 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? x x ? ? ? ? ? ? ? ? ? ? ? x ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? 0 ? 0 ? 0 0 0 0 0 ? 0 x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? 0 0 ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data 隞̃耀꧌Ћ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
Show More
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtLoadKeyEx
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtSuspendThread
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx

9 additional items are not displayed above.

User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 724

Related Posts

Trending

Most Viewed

Loading...