Malware

Mal/Generic-S + Troj/Krypt-RF information

Malware Removal

The Mal/Generic-S + Troj/Krypt-RF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-S + Troj/Krypt-RF virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Georgian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • CAPE detected the STOP malware family
  • Attempts to modify proxy settings
  • Creates a known STOP-Djvu ransomware decryption instruction / key file.
  • Creates a known STOP ransomware variant mutex
  • STOP ransomware command line behavior detected
  • Uses suspicious command line tools or Windows utilities

How to determine Mal/Generic-S + Troj/Krypt-RF?



File Info:

name: 9375F72744B4229452BE.mlw
path: /opt/CAPEv2/storage/binaries/ae9ce6afd764472adc9364662411901ef17734ccb06e137488e372ea471a03e3
crc32: D4FF60D7
md5: 9375f72744b4229452be71d19a2ce347
sha1: 354a0cc71308689ed7871eb90de7049789a9091b
sha256: ae9ce6afd764472adc9364662411901ef17734ccb06e137488e372ea471a03e3
sha512: 6847bd4ca52807233b83ebec3d92ef7f4f9725baadf384267a1361e887ce172ab3040ac902307ba8a7f0cce65a3debe0e6224e6884661d741ca61965a2829711
ssdeep: 12288:NvnbqYIRnMaNs+fE8hpyJ7RnQU/CxkTF+oNf/WsNKp4xF6ujXRkz:NvnbqXRnM4E8kRQkCAY4NgmsmXR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1290512303692C472C1A6D570457ADFB06BBFF8322978528B3751225B6D733809AB639F
sha3_384: 6a43cb5fe1281994f598d07385d539db8937908686557108cc4dd8d813774b7bf9879db34d2ba9d33db3543a0839421e
ep_bytes: e817650000e978feffffcccccccccccc
timestamp: 2021-11-03 05:42:45


Version Info:

FileVersions: 12.30.9.87
InternationalName: povgwaoci.iwe
Copyright: Copyright (C) 2022, somoklos
ProjectVersion: 82.42.46.96

Mal/Generic-S + Troj/Krypt-RF also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Mint.Zard.52
FireEyeGeneric.mg.9375f72744b42294
CAT-QuickHealRansom.Stop.P5
McAfeeArtemis!9375F72744B4
CylanceUnsafe
VIPREGen:Heur.Mint.Zard.52
SangforTrojan.Win32.Save.a
Cybereasonmalicious.713086
CyrenW32/Ransom.QS.gen!Eldorado
SymantecPacked.Generic.525
Elasticmalicious (high confidence)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Tofsee-9951336-0
KasperskyUDS:Trojan.Win32.Scarsi.gen
BitDefenderGen:Heur.Mint.Zard.52
AvastTrojanX-gen [Trj]
Ad-AwareGen:Heur.Mint.Zard.52
EmsisoftGen:Heur.Mint.Zard.52 (B)
McAfee-GW-EditionBehavesLike.Win32.Trojan.cc
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S + Troj/Krypt-RF
IkarusTrojan.Win32.Crypt
GoogleDetected
MAXmalware (ai score=89)
MicrosoftRansom:Win32/Filecoder.GF!MTB
ArcabitTrojan.Mint.Zard.52
GDataGen:Heur.Mint.Zard.52
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.TrojanDownloader.Ajent
ALYacGen:Heur.Mint.Zard.52
MalwarebytesTrojan.MalPack.GS
RisingTrojan.Generic@AI.100 (RDML:rycjZYash96T8/U+Rvow1Q)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGTrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Mal/Generic-S + Troj/Krypt-RF?

Mal/Generic-S + Troj/Krypt-RF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment