Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.Gen.Z

Trojan.Kryptik.Gen.Z

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Kryptik.Gen.Z
Signature status: No Signature

Known Samples

MD5: acdec49304ce7c79b5659930d1a6cab7
SHA1: 3bd3e896c83398492102138cc2b214cec2427afb
SHA256: 168A50CA3CCB893D8F61D9EE7C58AFAF476CC50B6746682BCBB43B0A3C31914E
File Size: 222.21 KB, 222208 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name FRISK Software International
File Description Icon in the taskbar notification area (F-PROT Antivirus)
File Version 5.8.9.6
Legal Copyright Copyright © 2000-2010 FRISK Software International
Product Name F-PROT Antivirus for Windows
Product Version 3.2.0.1

File Traits

  • HighEntropy
  • x86

Block Information

Total Blocks: 12
Potentially Malicious Blocks: 8
Whitelisted Blocks: 4
Unknown Blocks: 0

Visual Map

x x 0 x x x x x 0 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Files Modified

File Attributes
\device\namedpipe\acsipc_server Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows defender\lymyxid.com Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows defender\lymyxid.com Synchronize,Write Attributes
c:\program files (x86)\windows defender\qetyfuv.com Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows defender\qetyfuv.com Synchronize,Write Attributes
c:\program files (x86)\windows defender\vocyzit.com Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows defender\vocyzit.com Synchronize,Write Attributes
c:\program files (x86)\windows defender\vonypom.com Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows defender\vonypom.com Synchronize,Write Attributes
c:\programdata\prevxcsi\csidb.csi Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\46b4.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\46b4.tmp Synchronize,Write Data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8b2b9a00839eed1dfdccc3bfc2f5df12 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b46811c17859ffb409cf0e904a4aa8f8 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8b2b9a00839eed1dfdccc3bfc2f5df12 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b46811c17859ffb409cf0e904a4aa8f8 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\apppatch\svchost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\apppatch\svchost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\firewallcontrolpanel.dll,-12122 Windows Defender Firewall RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\winlogon::be6cf229 C:\WINDOWS\apppatch\svchost.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\winlogon::be6cf229 C:\WINDOWS\apppatch\svchost.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winhttp
  • WinHttpOpen

Trending

Most Viewed

Loading...