Win32/Kryptik.FRAH [Threat Name] go to Threat

Win32/Kryptik.FRAH [Threat Variant Name]

Category trojan
Size 190464 B
Detection created Apr 10, 2017
Detection database version 15235
Short description

Win32/Kryptik.FRAH is a trojan that installs PowerShell/Spy.Banker.E malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan contains the program code of the following malware:

  • PowerShell/Spy.Banker.E

The trojan executes the following command:

  • powershell.exe -NoP -NonI -W Hidden -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String('%malware%'),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()

Please enable Javascript to ensure correct displaying of this content and refresh this page.