Crack

What is “HackTool.Win64.KernelDrUtil”?

Malware Removal

The HackTool.Win64.KernelDrUtil is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What HackTool.Win64.KernelDrUtil virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Creates a copy of itself

How to determine HackTool.Win64.KernelDrUtil?


File Info:

name: CFF4BFA88453A3F79E12.mlw
path: /opt/CAPEv2/storage/binaries/9242f0b0f5895a816faa67ced9edfe6dc03344f1e9594ffc32a0f3cc14c2b8e0
crc32: 21CFDCDA
md5: cff4bfa88453a3f79e12fab9c5e14179
sha1: af9105d1967a4c579d610ec8688c19fc5e24cde8
sha256: 9242f0b0f5895a816faa67ced9edfe6dc03344f1e9594ffc32a0f3cc14c2b8e0
sha512: 9ee02be8fa8053aff4abc4256c22be7887766ffd5ce7b1c8b7019cb0890d95e75bea6a420f0aa3e0b69f14fcb2b58f7577ce26e0d403567ef6e92ffdca17deac
ssdeep: 24576:uUm83MSB9pj6ZAKQ0Wr2k6H9h8k45XxcUOoajurq2uXlz7hdUn38xy0fZPfv0I4r:ugvLmh8FxyhgUVz7MnMxHxP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CC95BE43F25180F6D025957585B7673BFA347A150B20CBD36BD4EEA92E323A2E727309
sha3_384: e3551e5366c74af6124003c2c76ece5d61cd6c2f1807cc1041570891aefa421721509593c7ca589d4208c0430ad112e7
ep_bytes: 558bec6aff68e0185a006834484c0064
timestamp: 2022-01-28 11:57:37

Version Info:

0: [No Data]

HackTool.Win64.KernelDrUtil also known as:

Elasticmalicious (high confidence)
FireEyeGeneric.mg.cff4bfa88453a3f7
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.1967a4
BitDefenderThetaGen:NN.ZexaF.34212.2rW@aqWWxMib
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AC potentially unwanted
KasperskyHEUR:HackTool.Win64.KernelDrUtil.gen
APEXMalicious
RisingMalware.Heuristic!ET#99% (RDMK:cmRtazpAL7UvcHEmvrCloAl67uDz)
SophosGeneric PUA KP (PUA)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-EditionBehavesLike.Win32.Generic.th
IkarusPUA.BlackMoon
GDataWin32.Trojan.PSE.5LSHNI
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Script/Phonzy.C!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!CFF4BFA88453
VBA32BScope.Trojan.Tiggre
MalwarebytesTrojan.MalPack.FlyStudio
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_96%
FortinetW32/CoinMiner.ELG!tr.pws
CrowdStrikewin/malicious_confidence_70% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove HackTool.Win64.KernelDrUtil?

HackTool.Win64.KernelDrUtil removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment