Threat Database Trojans Trojan.MSIL.Krypt.YDA

Trojan.MSIL.Krypt.YDA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,438
Threat Level: 80 % (High)
Infected Computers: 156
First Seen: April 23, 2021
Last Seen: December 5, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Krypt.YDA
Signature status: No Signature

Known Samples

MD5: f5857e61c42e5a21342ad77eb06c4584
SHA1: 45787a110103329d275e4e9390d42ca7b13d609a
SHA256: C1B97D19B047315225C7636ACB03F53DEE117D5A0D9C78557CBE3FEDA2B01E43
File Size: 1.77 MB, 1766503 bytes
MD5: a5b1c562e23c78f337b030c0831b671d
SHA1: 1c15961067e4715e6216eb5961dcb2c17cad52f1
SHA256: 1FFA8FB638A1D978ED70F3BFC0161F172F1E593516C4A9B46A8C388C29FD56C5
File Size: 1.69 MB, 1687698 bytes
MD5: 4e4e4b8e2056dd8edbf641a4a573ce68
SHA1: 112d004aa638811e2c286a83da3376a2276cb490
SHA256: BA1D8D6AE11D2A9F30ACAE9637935F292C6F3255069F1FB7AEC8751CBA946AA9
File Size: 1.55 MB, 1549824 bytes
MD5: 0c9dbe896a7b96d040d620340471a9fd
SHA1: 0f56d50bbc6de317059ca93c59bd68a41c2bf559
SHA256: 302C7220DE8E1FFFB16D1E90363C1D65CEDE694003FB314E662D6C1A66A3282D
File Size: 1.69 MB, 1687751 bytes
MD5: fd0fac82dd01688bf2f4aaba0a9e5607
SHA1: 3047f9cc0e62ca99339c479f8017ff8458c4636b
SHA256: 7D075EB59D92C23A917EBF3388301763692B32E42D421FAC0A34C63AC7D54249
File Size: 1.74 MB, 1737815 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
File Description SMC TEAM
File Version
  • 1.00
  • 1.0.0.0
Internal Name
  • TJprojMain
  • Universal Loader.exe
Legal Copyright Copyright © 2024
Original Filename
  • TJprojMain.exe
  • Universal Loader.exe
Product Name
  • Project1
  • SMC TEAM
Product Version
  • 1.00
  • 1.0.0.0

File Traits

  • .NET
  • Agile.net
  • Fody
  • Goliath
  • HighEntropy
  • SmartAssembly
  • x86
  • Yano
  • ZYXDN

Files Modified

File Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\users\user\downloads\__tmp_rar_sfx_access_check_11750718 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\alseery-unlocker-pro.exe Generic Write,Read Attributes
c:\users\user\downloads\alseery-unlocker-pro.exe Synchronize,Write Attributes
c:\users\user\downloads\mss32.dll.vbs Generic Write,Read Attributes
c:\users\user\downloads\mss32.dll.vbs Synchronize,Write Attributes
c:\users\user\downloads\scripts.ps1 Generic Write,Read Attributes
c:\users\user\downloads\scripts.ps1 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@c:\windows\system32\wshext.dll,-4511 Open &with Command Prompt RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname Microsoft ® Windows Based Script Host RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Keyboard Access
  • GetKeyState

Related Posts

Trending

Most Viewed

Loading...