Malware

What is “Heur.FKP.!c!.1”?

Malware Removal

The Heur.FKP.!c!.1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Heur.FKP.!c!.1 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Uses suspicious command line tools or Windows utilities

How to determine Heur.FKP.!c!.1?



File Info:

name: 3A04E2FF557372A8DE64.mlw
path: /opt/CAPEv2/storage/binaries/96f98fb17e963a8c5d1c7f3c7f9617dd6f85464b5d42f2288f2e728b320be251
crc32: AADCF0D2
md5: 3a04e2ff557372a8de6404054346dd68
sha1: 89aa5a0042fb874672e0f5dac2e48b81674b1fdf
sha256: 96f98fb17e963a8c5d1c7f3c7f9617dd6f85464b5d42f2288f2e728b320be251
sha512: 217c71f02ed65e32bfad293c04159a6d5bbc05dde28e7398028fa6c99e263bcfca59a79e02ce2d837fb34f32938c82f5f476845da242efb1174ff67c966d4415
ssdeep: 49152:FaynSLi+xEJIH3IgF7TQHHHHnkYPajJhiTWeOaIr7TsP68cRCTrOyEzwVX1xHHHV:b+xSSbFHCSJU8gl06
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12366AF1AE2510071D4B7F2B6269E532AEB71F845331197CF022CA9A36F137E16E3D396
sha3_384: 2b32d57ea791b6e101870a226e58aa81d80f2e1d665485e91fee1df2a8bc72a6c6103818f9fe847969fec4bed7d0693f
ep_bytes: 09f8ff1541647000e9a93100000f84c6
timestamp: 2021-12-11 02:40:17


Version Info:

FileVersion: 4, 8, 1, 5
Comments: Antivice
CompanyName: Leptotene
FileDescription: Cystine
InternalName: Tubuliferous
Overprecise: Hoofish
Prealcohol: Stormbird
Sapwood: Fasibitikite
Befrounce: Copygraph
Projectively: Tsun
Unsnobbish: Pryingly
Oreophasinae: Washerman
Potherment: Upgo
Equinity: Polycletan
Somnambulance: Pauciflorous
Stauroscopically: Mugiliform
Chorioid: Spheroidally
Unauthoritatively: Aggry
Sinify: Assured
Copygraph: Gallinulinae
Picturecraft: Spiciform
Necrose: Troublingly
Tributyrin: Galactolipin
Unconcernment: Predeliver
Renumber: Signalment
Polyterpene: Filander
Hydromaniac: Palaeograph
Alburn: Smocking
Myxedema: Danalite
Turgescent: Isaria
Predetainer: Hepatolytic
Hadendowa: Mudhole
Squatarola: Heterostyly
Principes: Nocuous
Adieux: Phocomelia
Tunebo: Jovinian
Lithobioid: Grunth
Theoanthropomorphic: Pointedly
Courter: Unshyness
Baptisia: Holosericeous
Pluriflorous: Rachialgic
Unweighable: Leucophanite
Blacklegs: Hauntingly
Foulard: Impetulantly
Stocklike: Limnobium
Chlorsalol: Lorettine
Nonjurorism: Laudism
Hypnosporic: Sizeman
Chamaesiphonales: Unsatisfactory
Instillatory: Uniramous
Unaccommodated: Sapajou
Muscled: Wroth
Unletted: Metameral
Unvitrescibility: Yodelist
Rubrisher: Linkedness
Bawn: Untamable
Overpassionateness: Scirrhi
Matriarchic: Nymphish
Anaclisis: Ailanthic
Arist: Trammelhead
Unoriginality: Isographic
Bankfull: Contemn
OriginalFilename: Recomparison
PrivateBuild: Cabalist
Translation: 0x0409 0x04e4

Heur.FKP.!c!.1 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.FKP.!c!.1
FireEyeGeneric.mg.3a04e2ff557372a8
ALYacGen:Heur.FKP.!c!.1
CylanceUnsafe
VIPRETrojan.Compcert.101713 (fs)
Cybereasonmalicious.f55737
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNRF
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.SelfDel.hwab
BitDefenderGen:Heur.FKP.!c!.1
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Heur.FKP.!c!.1
SophosMal/Generic-S + Mal/EncPk-MP
DrWebTrojan.Siggen16.4096
TrendMicroTROJ_GEN.R002C0RLB21
McAfee-GW-EditionBehavesLike.Win32.Dropper.vt
EmsisoftGen:Heur.FKP.!c!.1 (B)
IkarusTrojan.SuspectCRC
GDataGen:Heur.FKP.!c!.1
AviraHEUR/AGEN.1113079
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.34EA1DA
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!3A04E2FF5573
VBA32BScope.Trojan.Sabsik.FL
MalwarebytesTrojan.MalPack.PES.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0RLB21
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_89%
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaE.34084.@@0@a8fyMLoi
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A

How to remove Heur.FKP.!c!.1?

Heur.FKP.!c!.1 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment