Threat Database Trojans Trojan.MSIL.Krypt.YAGC

Trojan.MSIL.Krypt.YAGC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,631
Threat Level: 80 % (High)
Infected Computers: 114
First Seen: April 11, 2023
Last Seen: November 26, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.YAGC
Signature status: Hash Mismatch

Known Samples

MD5: 4d6a8da30a31219bc827ed1af8f5f3f1
SHA1: d1114b38dacbc57ac6cdfa8d061994ae5260c6a0
SHA256: DE2C7125EDA88F2D51F5C73C932F8642C13C6D613F5466B4688224C5E9224B4C
File Size: 608.26 KB, 608256 bytes
MD5: 20482b760c005e1f9d6593a956ec9b70
SHA1: edf9a7fa7c5652f2f3e22e807f48b6e119c6d5ed
SHA256: 556584605919E5C6DD8189D294C4465DD9ADBBA234352347EC533F82901AC6AA
File Size: 396.29 KB, 396288 bytes
MD5: 41c99ed19f6527346aaf5726736f73eb
SHA1: 0e487a7e062703f5cc18caff0c4a37111f9ea41d
SHA256: A9696560DC2C7E6E43F216DF2A877B1577DFF440C856369CC74D266D68DB52F8
File Size: 335.00 KB, 335000 bytes
MD5: 59bfa775bf71ebb5ebbd26d7fbfee9c2
SHA1: 0ff388749fe18af4a8b16444d5c15df3fa06a542
SHA256: D1222E30D85C6DF2A524734D09709C078267D726E454802DAFE5A6D3FB80C7AA
File Size: 624.13 KB, 624128 bytes
MD5: 9b693d5cff7678ca95e34679470c9ddb
SHA1: 6196736e65b6a645331e9bea6386b82ae36b9f31
SHA256: 34080161FC910F2F85BC0D95B52D5BE919F50CE4D9EA87B4B04D24D3331435A3
File Size: 373.25 KB, 373248 bytes
Show More
MD5: 8d29487eba23f9f762059e3557dab0e5
SHA1: 52b9b0383070aa1d09071d971e60cddefab37de9
SHA256: F2FFBBA5C0171D95AA6FB4C9B6EA10EF9F159DA3D000D59F87F3F89286BDE919
File Size: 838.60 KB, 838600 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 214.176.232.250
  • 175.247.168.48
  • 149.190.216.3
  • 115.151.19.250
  • 1.0.0.0
  • 0.0.0.0
Company Name
  • CorelDRAW
  • DaVinci Resolve
  • KeePass Upgrade
  • PuTTY
  • Voicemod Inc., Sucursal en España
File Description
  • 7-Zip
  • Client
  • GIMP (GNU Image Manipulation Program)
  • Microsoft Word
  • PuTTY
  • Voicemod Setup
File Version
  • 132.125.166.87
  • 92.202.65.129
  • 54.120.160.214
  • 26.130.70.216
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • Blender.exe
  • Client.exe
  • FileZilla.exe
  • KeePass Upgrade.exe
  • Sage 50.exe
Legal Copyright
  • Copyright © 2022
  • Microsoft Edge DevTools
  • Microsoft Project
  • Microsoft Visio Host
  • Notepad++
  • © 2025 Voicemod Inc., Sucursal en España - Version 1.5.2
Legal Trademarks
  • Adobe Photoshop Upgrade
  • Google Drive
  • Trello
  • Wireshark
Original Filename
  • Blender.exe
  • Client.exe
  • FileZilla.exe
  • KeePass Upgrade.exe
  • Sage 50.exe
Product Name
  • Avast Antivirus Upgrade
  • Client
  • Corel Painter
  • QuickBooks Upgrade
  • Voicemod
  • Wireshark Host
Product Version
  • 214.176.232.250
  • 175.247.168.48
  • 149.190.216.3
  • 115.151.19.250
  • 1.0.0.0
  • 0.0.0.0

Digital Signatures

Signer Root Status
VOICEMOD, INC. SUCURSAL EN ESPAÑA DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
win.rar GmbH DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • .NET
  • Installer Version
  • x86

Block Information

Total Blocks: 2,773
Potentially Malicious Blocks: 2,436
Whitelisted Blocks: 5
Unknown Blocks: 332

Visual Map

0 0 0 x 0 0 ? x x x ? ? ? ? ? ? ? x ? ? ? ? x x ? x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? ? x ? x ? ? ? ? x x ? x x x ? x ? x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x ? x x ? x x x x x x x x x x x x x x x x x ? x ? ? ? ? x ? x ? x x x x x x ? ? ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? ? ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x ? x x x x x ? x x x x x x x x x ? x x ? x x x x ? x x x x ? x x x x x ? x x x x x x x ? x x ? x x x x x x x ? x x x x x ? x x x x x x x x ? x x x x x x ? x x x x x ? x x x x x x x ? x x x x ? x x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x x x x x x x ? x x x x x ? x x x x x ? x x x x ? x x x x x x x x x ? x x x ? x x x x x x ? x x x x x x x x ? x x x x ? x x x x x ? x x x x x x ? x x x x x ? x x x x x ? x x x x ? x x x x x x x x ? x x x x x x x x x ? x x x x x ? x x x x x x x x x x x x ? x x x x x x x x x x x x x x ? x x x x x ? x x x x x x x ? x x x x x x x x x ? x x x x x ? x x x x x x x ? x x x x x x ? x x ? x x x x x x x ? x x x x x x x ? x x x x x x x ? x x x ? x x x x x ? x x x x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x x x x ? x x x x x x ? x x x x x ? x x x x ? x x x ? x x x x x x ? x x x x x x x x ? x x x x x x ? x x x x x x x x x ? x x x x x x x x ? x x x x x x x ? x x x x x ? x x x x x x ? x x x x ? x x x x x x x x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x x x x x x x x x x ? x x x x ? x x x x x x x x x ? x x x x x x x ? x x x ? x x x x x ? x x x x x x ? x x x x ? x x x x x ? x x x x x x x x ? x x x x x ? x x x x x x x ? x x x ? x x x x x x x ? x x x x ? x x x x ? x x x x x x x ? x x x ? x x x x x x x x x x x x x ? x x x x x x x x ? x x x x ? x x x x ? x x x x x x x x ? x x x x x x x ? x x x x x x x x ? x x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x x x x x x x x ? x x x x x x x x x x ? x x x x x x x x x ? x x x x x x ? x x x x x ? x x x x x x ? x x x x x x ? x x x x x ? x x x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x x x ? x x x x x x x ? x x x x x ? x x x x x ? x x x x x x ? x x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x ? x x ? x x x x x x x x x x ? x x x x x ? x x x ? x x x x x x x x x ? x x x x x x x x ? x x x x x x ? x x x x x ? x x x x x ? x x x x x x ? x x x x x x ? x x x x x ? x x x x ? x x x x x x ? x x x x x x ? x x ? x x ? x x x x x x x x ? x x x x x x ? x x x x x ? x x x x x x x ? x x x x x x x ? x x x x x ? x x x x ? x x x ? x x x x x ? x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x x x ? x x x x x x ? x x x ? x x x x x x ? x x x x x x x ? x x x x x x x x x x x x x x ? x x x x ? x x x x x ? x x x ? x x x x x x ? x x x x x x x x ? x x x x x ? x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x x ? x x x x x x ? x x x x x x ? x x x x x ? x x x x x x x x ? x x x x ? x x x x x x x x ? x x x x x x ? x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x x x ? x x x x x x ? x x x x ? x x x x x x x x x ? x x x x x ? x x x x x x x ? x x x x x ? x x x x x x ? x x x x x x ? x x x x x x x x ? x x x x x x x x x ? x x x x x x x ? x x x ? x x x x x x x x ? x x x x x x ? x x x x x x ? x x x x x x x ? x x x x x x x ? x x x x x x x x ? x x x x x x x ? x x x x x ? x x x x x x x x ? x x x x x x x ? x x x x x x ? x x x x x ? x x x x x x x x x x ? x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Jalapeno.J
  • MSIL.Jalapeno.L
  • MSIL.Krypt.YAGC
  • MSIL.Krypt.YAGD

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...