Malware

Generik.CKYLCIH malicious file

Malware Removal

The Generik.CKYLCIH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.CKYLCIH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 7680BEE26200271883D3.mlw
  • CAPE detected the Vidar malware family
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Generik.CKYLCIH?



File Info:

name: 7680BEE26200271883D3.mlw
path: /opt/CAPEv2/storage/binaries/474af606fc793d8197748dd082301434245c05a3f75bcab3652737ad3b26ab0c
crc32: 4B80E817
md5: 7680bee26200271883d3d3de103627f6
sha1: b0c340c7a570db9ec5ec598feaf4080d50ab2c51
sha256: 474af606fc793d8197748dd082301434245c05a3f75bcab3652737ad3b26ab0c
sha512: 394308d8aae51a2c4421c299f6604f11d57b3bcb4c568db6ce2eae187a1ab34222d48dcb4c96bdb4eac3d67433cf6118c69f81b7c5fb0fd29b1267fe9566eb8f
ssdeep: 49152:qM74qtiTC3VZoj8TNTIbAB8qy0MK1TCu0INWR:DHsTC39TNMbAFqK9v0INW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CC9523B16BC7DE38F86748BCD66BCA034A1E8F155306C3BA95EF392601B95254C2F847
sha3_384: c7aad5caa6672771d042198148b08b907f9463ceb0f790ba7f27c0546e7539db9682f3dbbd2aacc099a8f7a1f90cc36d
ep_bytes: eb016750eb050ab82205f3e81b000000
timestamp: 2021-11-25 17:28:10


Version Info:

CompanyName: FileZilla Project
FileDescription: FileZilla Server
FileVersion: beta 0.9.60
LegalCopyright: FileZilla Project
OriginalFilename: FileZilla_Server-0_9_60.exe
ProductName: FileZilla Server
ProductVersion: beta 0.9.60
Translation: 0x0409 0x04b0

Generik.CKYLCIH also known as:

Elasticmalicious (high confidence)
DrWebTrojan.PWS.Vidar.14
MicroWorld-eScanTrojan.GenericKD.47518321
FireEyeGeneric.mg.7680bee262002718
ALYacTrojan.GenericKD.47518321
MalwarebytesSpyware.Vidar
K7AntiVirusTrojan ( 0058b3091 )
AlibabaTrojan:Win32/Chapak.9beb73ec
K7GWTrojan ( 0058b3091 )
Cybereasonmalicious.7a570d
BitDefenderThetaGen:NN.ZexaF.34062.4r1@ayvKF@hi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.CKYLCIH
Paloaltogeneric.ml
KasperskyTrojan.Win32.Chapak.fcct
BitDefenderTrojan.GenericKD.47518321
Ad-AwareTrojan.GenericKD.47518321
EmsisoftTrojan.GenericKD.47518321 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.47518321
JiangminTrojan.Chapak.phj
AviraTR/Chapak.gfqzl
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftExploit:Win32/ShellCode!ml
CynetMalicious (score: 100)
McAfeeArtemis!7680BEE26200
MAXmalware (ai score=81)
VBA32BScope.Trojan.Ekstak
APEXMalicious
RisingTrojan.Generic@ML.98 (RDMK:Ppy4wiFXCpJTxUgXfqfNiA)
FortinetW32/PossibleThreat
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Generik.CKYLCIH?

Generik.CKYLCIH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment