Trojan.MSIL.Krypt.ZSX
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Krypt.ZSX |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
e5b733d8b0d1bed3c9e8983133c1664c
SHA1:
e01e59f198b8e3559c516a4e260fd31389ec6d71
SHA256:
D9113C7BB3CBE005A121DB125758E4CA47FE42D1931BBA5B388F1D27F8B19625
File Size:
643.07 KB, 643072 bytes
|
|
MD5:
e7730bd3a978694197f412729c49d1e8
SHA1:
8bc9ac013368405dbf7f3943fd17732f636d318c
SHA256:
87385A8D5D8D7A60AB314731E850DEEBC7F2036352A2143C588611D88421CD68
File Size:
643.58 KB, 643584 bytes
|
|
MD5:
abab3febb6ef9c10eb9ecdbebbbc128c
SHA1:
cda81cd8994098f779de7e1510049daf667fb844
SHA256:
7614EB6C0D335AC226AEC01E855D50C683D9B18529DFC066E51B3163C5F54F3D
File Size:
641.54 KB, 641536 bytes
|
|
MD5:
1b9bf88cab6d50423975c135e6ddf971
SHA1:
b1191bf8065911f02f6154bd82237d54940c4238
SHA256:
85EF6C21C5FED3D0D0591A95837E25180E3E8BC2EE4BF30F2BD5C45B99899E54
File Size:
643.58 KB, 643584 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is .NET application
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| File Version | 1.0.0.0 |
| Internal Name |
|
| Original Filename |
|
| Product Version | 1.0.0.0 |
File Traits
- .NET
- HighEntropy
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 2 |
| Unknown Blocks: | 0 |
Visual Map
x
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Krypt.ZSX
- MSIL.Krypt.ZXSB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Encryption Used |
|
| Anti Debug |
|
| Other Suspicious |
|
