Trojan.MSIL.Kryptik.AD

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.MSIL.Kryptik.AD
Signature status:	No Signature

Known Samples

MD5: 13d1e06c2a1e19353229515ab0162f7d

SHA1: 781f0a2bb303fd6d79e061c9ba0dc4e61389fd76

SHA256: 5F70B335B899C3986774B6AC5EBBA6BD5EC6A4E0F4E0C47A2148E15F13A93332

File Size: 1.08 MB, 1082880 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	7.3.1.0
Comments	TurboCollage - Collage Maker for Windows
Company Name	SilkenMermaid Software
File Description	TurboCollage
File Version	7.3.1.0
Internal Name	TurboCollage.exe
Legal Copyright	Copyright © SilkenMermaid Software
Original Filename	TurboCollage.exe
Product Name	TurboCollage
Product Version	7.3.1.0

File Traits

.NET
HighEntropy
x86

Block Information

Total Blocks:	802
Potentially Malicious Blocks:	9
Whitelisted Blocks:	144
Unknown Blocks:	649

Visual Map

0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? ? ? 0 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? x 0 ? 0 ? ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 x 0 ? ? ? ? 0 ? ? 0 0 0 0 ? ? ? ? 0 0 ? ? 0 0 ? ? ? 0 0 ? ? ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? ? 0 0 ? ? 0 ? ? 0 0 0 0 0 0 0 ? 0 0 x 0 0 0 ? 0 ? 0 0 ? 0 0 ? ? 0 ? 0 0 0 ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 0 0 ? 0 0 ? 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 0 ? 0 0 0 ? ? 0 ? ? 0 ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x x ? x x x ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx Show More ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider
Anti Debug	IsDebuggerPresent

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.MSIL.Kryptik.AD

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Kryptik.JUD

Trojan.Dropper.Nonaco.B

LyricsFriend

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen