Trojan.MSIL.Krypt.ZCW
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Krypt.ZCW |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
a1dce144b3c015f1996dee843503bec5
SHA1:
eb606c67e6584eec2bdba00ae702dccf003f149d
SHA256:
A30BFE03EB885B7989FB1A0D06FFA1B8706E3B48CD0F96F9A8EAC854CAC77A09
File Size:
103.94 KB, 103936 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 7.2.0.4 |
| Comments | 9щу4щщффщ9щ4фщеуф09ууееу9е999щ94ф9уф0ещ9щущщфщфф4щщф0ф0ф0щф444фффщффеуфщуфщфщщ4щф0у9щ0е9у4у0уещ0фщще99щущфе4ф4е9944ещ040ффщ4щуе4еещ9щ9ф4ущщу |
| Company Name | ф0ще99щф44у9щ0ф0фщуфщ49щ4у9щ9щфщууф9ууе4щфщ494ф0ещфщфуещещ44щщф4фе4ффущ9уеещ0у4щ4уф4щ49щщ0фщф44щщ0ффщфеффффщ49еф94щещфущщ04у4фее40щщ09щ4щ4 |
| File Description | ф0ще99щф44у9щ0ф0фщуфщ49щ4у9щ9щфщууф9ууе4щфщ494ф0ещфщфуещещ44щщф4фе4ффущ9уеещ0у4щ4уф4щ49щщ0фщф44щщ0ффщфеффффщ49еф94щещфущщ04у4фее40щщ09щ4щ4 |
| File Version | 7.2.0.4 |
| Internal Name | a_lundi 24 janvier 2022 test liss.exe |
| Legal Copyright | щще040уеу9щфщеуф99ф900у94щф4щ00фщф9е4ф0щещу90щ0фщ90еф9е0фууфеф09фщфущщ9еуефщ40у4ефффщ9щ4щффщ900уф09щу44щщ9фще0у9ффуф9ф90щ4уу94щф490ещщщ0 |
| Legal Trademarks | фуф4ещ00щфуещф0щефщеущ494ф9щщщфу0фщ0фщф9ефу0у449ф9фщ94щ0ффще9у0ф4ф40ефщ049щ0фе4щ9фщ4уф0ф00фщщщф9у4ууфщфщ990ф4ф4щ9фу9щу990щфщ4фу09449фщ |
| Original Filename | a_lundi 24 janvier 2022 test liss.exe |
| Product Name | ф0ще99щф44у9щ0ф0фщуфщ49щ4у9щ9щфщууф9ууе4щфщ494ф0ещфщфуещещ44щщф4фе4ффущ9уеещ0у4щ4уф4щ49щщ0фщф44щщ0ффщфеффффщ49еф94щещфущщ04у4фее40щщ09щ4щ4 |
| Product Version | 7.2.0.4 |
File Traits
- .NET
- HighEntropy
- RijndaelManaged
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 11 |
|---|---|
| Potentially Malicious Blocks: | 6 |
| Whitelisted Blocks: | 1 |
| Unknown Blocks: | 4 |
Visual Map
x
x
x
x
?
?
0
?
?
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
| Anti Debug |
|
| Encryption Used |
|
