Trojan.MSIL.Krypt.YAEC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	8,559
Threat Level:	80 % (High)
Infected Computers:	182

First Seen:	November 27, 2023
Last Seen:	February 12, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Krypt.YAEC
Signature status:	No Signature

Known Samples

MD5: 88bf3cad5ae75bb386c50f8ea41f5a37

SHA1: 632345c54a2c7f50586b60093efe312d55d40b9a

SHA256: 5D8B07A46E7166839837669B1E44E6DC860B7D30530321E536084AB6C57FF65C

File Size: 892.42 KB, 892416 bytes

MD5: 9e30a21810c95187dc1ab9d80955917d

SHA1: 22da5c1a0a64a630c3f6f27613d5d83727eaca18

SHA256: 0C2F7E9D599CEF7238A6148F37D6243F36CD746CA8AC09DE87144B6DC07512E5

File Size: 6.42 MB, 6423552 bytes

MD5: 8c84d6b92617c7ebf98c93e253b23057

SHA1: 54ebaec5420a004e5078a9f7c4a952c62069de9d

SHA256: 0842EE6CEDEF0922D60F6543F423CEDAA29F1A74727052178AE0A038508F7AE6

File Size: 8.49 MB, 8489472 bytes

MD5: 802bb86bcb7be71e92c60d4260dbc099

SHA1: f47afdfab138b3a75a41f2f57062f37399df1fee

SHA256: CAE8190D14902F28C09083BC14C0FD032779FB144F2EDBD8F182FF7C8EE66E1B

File Size: 87.04 KB, 87040 bytes

MD5: 1201619f1922038447f0ba7592438274

SHA1: 0cb312b0ee7e1eafdf82c88700b28e4da7d41859

SHA256: 39D0B8E7C4B62E9F9F0094EDA6BBCFBA29B590F584841C7EC1DB281C01268664

File Size: 571.00 KB, 571004 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	2.1.1.265 1.1.1.0 1.0.0.0
Comments	Regedit HeadTrick OB50
Company Name	Systweak XerifeDev
File Description	RabidCleaner Regedit HeadTrick OB50 Setting Game v 1.0 SystweakDataRecovery
File Version	2.1.1.265 1.1.1.0 1.00 1.0.0.0
Internal Name	Launcher.exe RabidCleaner.exe Regedit 0b50.exe SystweakDataRecovery.exe TJprojMain
Legal Copyright	Copyright XerifeDev © 2025 Copyright © 2024 Copyright © 2025 Copyright © 2025 Systweak Software, All Rights Reserved.
Original Filename	Launcher.exe RabidCleaner.exe Regedit 0b50.exe SystweakDataRecovery.exe TJprojMain.exe
Product Name	Project1 RabidCleaner Regedit HeadTrick OB50 Setting Game v 1.0 Systweak Data Recovery
Product Version	2.1.1.265 1.1.1.0 1.00 1.0.0.0

File Traits

.NET
2+ executable sections
Goliath
HighEntropy
Reactor
RijndaelManaged
Run
SmartAssembly
x64
x86

Yano
ZYXDN

Files Modified

File	Attributes
c:\users\user\appdata\roaming\systweak\systweak data recovery\systweakdatarecovery.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\systweak\systweak data recovery\systweakdatarecovery.txt	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\systweak\systweak data recovery::autoscan	1	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::autoupdate	1	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::autolaunch	1	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::scancompressedfile	1	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::exitonclose	1	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::langpref	3	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::autosendlogs	0	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::autotraynags	0	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::promonags	0	RegNtPreCreateKey
HKCU\software\systweak\systweak data recovery::autoupdateweekly	0	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket Show More ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateNamedPipeFile ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetValueKey ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtYieldExecution UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent
Network Winsock2	WSASocket WSAStartup
Network Winsock	closesocket setsockopt
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Krypt.YAEC

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Cruiseocean1.xyz

PUP.GameHack.IA

Trojan.Virut.IC

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen