Krnl exe Trojan Conteban File Malware Analysis: b4d30c9b8d8285090d6a23f86c9d418e

Krnl.exe Trojan Conteban Analysis

Updated 11 months ago

Checked by Malware Check

krnl.exe

Hash Type	Value	Action
MD5	b4d30c9b8d8285090d6a23f86c9d418e
SHA1	ec0749a7d4d0fe5ebcb6fe732a839c13f02bb4f8
SHA256	16a708453fef15c6949ef6278020b9df440bb5e93d2b644dacc37729f3e6c09f
SHA512	9e38805aedc2276e7fe457cb9b2f7d5432ea69049bfc1876969f072e6c73e067808072f74b9e3d97f4567ec7611e464500b229a08dd8c1737bb5ead60598cbd4
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

Hash Type

Value

Action

MD5

b4d30c9b8d8285090d6a23f86c9d418e

SHA1

ec0749a7d4d0fe5ebcb6fe732a839c13f02bb4f8

SHA256

16a708453fef15c6949ef6278020b9df440bb5e93d2b644dacc37729f3e6c09f

SHA512

9e38805aedc2276e7fe457cb9b2f7d5432ea69049bfc1876969f072e6c73e067808072f74b9e3d97f4567ec7611e464500b229a08dd8c1737bb5ead60598cbd4

ImpHash

f34d5f2d4577ed6d9ceec516c1f5a744

PE Analysis

Basic Information

▼

Icon	Hash: f29faf88f0bc179e98fdd3a438e911f5 Fuzzy: 4d199b6a74b34215ead1ba0a303e0cd6 dHash: 72329a8a92b37360
Image Base	`0x00400000`
Entry Point	`0x0055593a`
Compilation Time	2059-06-13 11:12:49
Checksum	0x0018902d (Actual: 0x0018902d)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows`
PDB Path	`F:\Projects\krnlss\obj\Release\net472\krnlss.pdb`
Digital Signature	OK
Imports	1 libraries mscoree
Exports	0 functions
Resources	4 Resources
Sections	3 Sections

Version Information

▼

Translation	0x0000 0x04b0
FileDescription
FileVersion	0.0.0.0
InternalName	krnlss.exe
LegalCopyright
OriginalFilename	krnlss.exe
ProductVersion	0.0.0.0
Assembly Version	0.0.0.0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00002000`	1,390,912 bytes	1,391,104 bytes	3.92 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`ED96857FECEF318BDAC6A742437011EF`
`.rsrc`	`0x00156000`	171,648 bytes	172,032 bytes	1.13 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`7166194526DF7BDA3C9A7C3BCC0B0834`
`.reloc`	`0x00180000`	12 bytes	512 bytes	0.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`26B9ADF9626398D18BC1756C926ADDA6`

Resource Analysis

▼

Total Resources: 4 (171,338 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	170,248 bytes	99.4%
RT_GROUP_ICON	1	20 bytes	0%
RT_VERSION	1	580 bytes	0.3%
RT_MANIFEST	1	490 bytes	0.3%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Removal Instructions

Follow these steps to completely remove the threat from your system

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button to begin scanning your computer for threats.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.

Important: Before You Start

Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

File Name	krnl.exe
File Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Scanner Version	1.0.182.174
Database Version	2024-07-21 00:00:32 UTC

Krnl.exe Trojan Conteban Analysis

Technical Analysis

Trojan.Win32.Conteban.dd!c

Scan Another File

File Identification