Threat Database Trojans Trojan.MSIL.Krypt.TADE

Trojan.MSIL.Krypt.TADE

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 7,303
Threat Level: 80 % (High)
Infected Computers: 1,176
First Seen: June 25, 2022
Last Seen: February 27, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.TADE
Signature status: Self Signed

Known Samples

MD5: e2a68cb77db629c85a18bccf8737e63c
SHA1: 811d08e0e87081fc681f8512dbb21338e19b2204
File Size: 1.59 MB, 1594752 bytes
MD5: c4c2dcc74a8b90e25d215a29d7d34ecf
SHA1: 7fe6cd07e117bf68110bba19266db0f11f81cd23
SHA256: 3561265BB7B553E74DD5D953E5033C856F2FA343A3FB70C4761C7394921F9686
File Size: 4.11 MB, 4114848 bytes
MD5: c7958a59188ca6f22e17e4c89be47dba
SHA1: 8963c945288614179bb2a1d56e3a0f391cdcb64c
SHA256: 3649553AF2A48883C758F8EE406F8A85CE1BEC408CE496BE2DFAC790D7E34046
File Size: 4.08 MB, 4080480 bytes
MD5: 1d29d7acd13b85d58e184aa9d23cbdad
SHA1: 00e692b1a13614835a77a4f346576e102123318e
SHA256: 8B962BC860EE438EB5DB318C24DEB1C5FFE193FD9BAE1F0DA600D39C3AEFC7F3
File Size: 1.07 MB, 1072640 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 19.162.241.1
  • 2.0.0.8
Comments
  • Selects the database location for Advisors Assistant.
  • TECHKON Device Server Application - Enables TCP/IP Connection for TECHKON devices
Company Name
  • Client Marketing Systems, Inc.
  • TECHKON GmbH
  • YoYo Games Ltd.
File Description
  • Advisors Assistant Database Connection Utility
  • Installer for GameMaker Studio Remote Worker
  • TECHKON Device Server Application
File Version
  • 19.162.241.1
  • 2.2.2.326
  • 2.2.0.258
  • 2.0.0.8
Internal Name
  • AAConfig.exe
  • TDServerApp.exe
Legal Copyright
  • (C) 2018 YoYo Games Ltd.
  • Copyright © 2016 Client Marketing Systems, Inc.
  • Copyright © TECHKON GmbH 2007-2013
Legal Trademarks Advisors Assistant®
Original Filename
  • AAConfig.exe
  • TDServerApp.exe
Product Name
  • Advisors Assistant Database Connection Utility
  • GameMaker Studio Remote Worker
  • TECHKON Device Server Application
Product Version
  • 19.162.241.1
  • 2.2.2.326
  • 2.2.0.258
  • 2.0.0.8

Digital Signatures

Signer Root Status
Advisors Assistant Holdings Inc Advisors Assistant Holdings Inc Self Signed
YoYo Games Ltd. Symantec Class 3 SHA256 Code Signing CA Self Signed

File Traits

  • .NET
  • HighEntropy
  • RijndaelManaged
  • SmartAssembly
  • x86

Block Information

Total Blocks: 377
Potentially Malicious Blocks: 7
Whitelisted Blocks: 318
Unknown Blocks: 52

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nslbd4b.tmp\advsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4b.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4b.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvf0d5.tmp\advsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvf0d5.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvf0d5.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\spltmp.bmp Generic Write,Read Attributes
c:\users\user\downloads\advisorsassistant.exe.config Generic Write,Read Attributes

Windows API Usage

Category API
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Keyboard Access
  • GetKeyState
Network Winsock2
  • WSASocket
  • WSAStartup
Network Winsock
  • bind
  • closesocket
  • setsockopt

Trending

Most Viewed

Loading...