Malware

What is “AutoIt:Kryptik-B [Trj]”?

Malware Removal

The AutoIt:Kryptik-B [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AutoIt:Kryptik-B [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • CAPE detected the NetWire malware family
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine AutoIt:Kryptik-B [Trj]?



File Info:

name: 541C00EAB91D8D831A8C.mlw
path: /opt/CAPEv2/storage/binaries/d562c0b3fc05d0063d55ae6c83c26e5a8fa05b906f5002415c892f4be5a49fb7
crc32: 8E05350D
md5: 541c00eab91d8d831a8cfec5e479e2e3
sha1: 41a2fb2b8d604981af116bc8a377974fb168ac83
sha256: d562c0b3fc05d0063d55ae6c83c26e5a8fa05b906f5002415c892f4be5a49fb7
sha512: 7e5b46b8609b7811b41e94dfa62636d66190827476fe36769981fe2359c0fc446e07fb0d4bd3320e85a4267e0e1db2408a0ea9bab9bba7fd3a6cba42f4940031
ssdeep: 24576:+AHnh+eWsN3skA4RV1Hom2KXMmHaz+zsNxan5:ph+ZkldoPK8Yaz58
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15845BE0273D5C0B2FFABA2B39F29B2465B7D69350133842F23982D79AD711B1523D663
sha3_384: 7701bc8a939699c1c12b8ab03090e6259f45ddd71e83d711292119de23538e649f89132a3a1e66241c4198bedee6e823
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2019-01-29 18:11:43


Version Info:

Translation: 0x0809 0x04b0

AutoIt:Kryptik-B [Trj] also known as:

BkavW32.AIDetect.malware1
FireEyeGeneric.mg.541c00eab91d8d83
CAT-QuickHealTrojan.AutoIt.Wacatac.E
McAfeeArtemis!541C00EAB91D
CylanceUnsafe
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:AutoIt/NetWire.ef22fe4c
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.ab91d8
BitDefenderThetaAI:Packer.7C7D3BFE17
VirITTrojan.Win32.Dnldr27.DMXA
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.Autoit.DUH
TrendMicro-HouseCallTrojan.AutoIt.CRYPTINJECT.SMA
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.NetWire.bmn
BitDefenderTrojan.GenericKD.31598352
NANO-AntivirusTrojan.Win32.NetWire.fngklb
MicroWorld-eScanTrojan.GenericKD.31598352
AvastAutoIt:Kryptik-B [Trj]
TencentWin32.Trojan.Autoit.Auto
Ad-AwareTrojan.GenericKD.31598352
EmsisoftTrojan.GenericKD.31598352 (B)
ComodoMalware@#ncern2x6yl4h
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.AutoIt.CRYPTINJECT.SMA
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.th
SophosMal/Generic-S + Mal/AuItInj-A
APEXMalicious
GDataTrojan.GenericKD.31598352
AviraDR/AutoIt.Gen8
Antiy-AVLTrojan/Generic.ASCommon.1B8
ArcabitTrojan.Generic.D1E22710
ZoneAlarmTrojan.Win32.NetWire.bmn
MicrosoftTrojan:Win32/Occamy.C
AhnLab-V3Trojan/Win32.Injector.R261737
ALYacTrojan.GenericKD.31598352
MAXmalware (ai score=89)
IkarusTrojan.Autoit
MaxSecureTrojan.Malware.300983.susgen
FortinetAutoIt/Injector.DPY!tr
AVGAutoIt:Kryptik-B [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove AutoIt:Kryptik-B [Trj]?

AutoIt:Kryptik-B [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment