Malware

Troj/Krypt-AAF removal tips

Malware Removal

The Troj/Krypt-AAF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Krypt-AAF virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Krypt-AAF?



File Info:

name: 79A60ED770923BE5A189.mlw
path: /opt/CAPEv2/storage/binaries/480c834da9e02cba9b9aad8e29d9aeab34f83c44738295286dd49916188ee7b4
crc32: 6FF76256
md5: 79a60ed770923be5a189e6b8aa4d84ae
sha1: 2f544a7cfd82347234bb9fea0305a76658a4743b
sha256: 480c834da9e02cba9b9aad8e29d9aeab34f83c44738295286dd49916188ee7b4
sha512: b4b4ed2ff11fea723e2268d8953be388495042fe2337a7b6bb5a3f885d4f0a4085151fb96abcc076218647329d3ebd148155e1929423340d1dcf8cb0fc625774
ssdeep: 12288:WOqMhZPFAAR6tnI8w5rBR3DdEUl94aSL3fsaW:HqM/NAQSnbwlB1DdE44a4kR
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1ACC4021339ECC3B5C9DEF4B380AFB915D63D933077B3328762A4A59A19947E0912E346
sha3_384: 958602d357ee250be41fa17de8a562cd74ea45bd34491e8ccffa84d60eb63213e62050e6f822c5d49b92ffb2a63bd1a8
ep_bytes: e8173c0000e9a4feffff3b0d2c594800
timestamp: 2023-06-29 14:16:16


Version Info:

Comments: This is a legitimate application.
CompanyName: Planta de Fibras Químicas de Rostov
FileDescription: Planta de Fibras Químicas de Rostov Product
FileVersion: 648
InternalName: hTjdRWnXbCvo
LegalCopyright: © Planta de Fibras Químicas de Rostov All rights reserved.
LegalTrademarks: © Planta de Fibras Químicas de Rostov Trademarks
OriginalFilename: pHoC1wNM.exe
ProductName: SOmzuTeTKM
ProductVersion: 648
Translation: 0x0407 0x04b0

Troj/Krypt-AAF also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Stealer.12!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.67863334
ClamAVWin.Malware.Pwsx-10005218-0
FireEyeGeneric.mg.79a60ed770923be5
ALYacTrojan.GenericKD.67863334
MalwarebytesTrojan.MalPack
ZillyaTrojan.Stealer.Win32.117628
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005a10f41 )
AlibabaTrojan:Win32/Kryptik.798745db
K7GWTrojan ( 005a21581 )
BitDefenderThetaGen:NN.ZexaF.36318.Iq2@ay@whdfi
VirITTrojan.Win32.GenusT.DNTC
CyrenW32/Kryptik.KCG.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.HSYN
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderTrojan.GenericKD.67863334
AvastWin32:PWSX-gen [Trj]
TencentMalware.Win32.Gencirc.10bf017d
EmsisoftTrojan.GenericKD.67863334 (B)
F-SecureTrojan.TR/AD.RedLineSteal.qwlfw
DrWebTrojan.MulDrop22.25679
VIPRETrojan.GenericKD.67863334
TrendMicroTROJ_GEN.R023C0DG923
McAfee-GW-EditionGenericRXWF-FU!79A60ED77092
Trapminemalicious.high.ml.score
SophosTroj/Krypt-AAF
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.PSE.ZG67AR
JiangminTrojan.PSW.Reline.aep
AviraTR/AD.RedLineSteal.qwlfw
Antiy-AVLTrojan/Win32.Kryptik
ArcabitTrojan.Generic.D40B8326
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.gen
MicrosoftTrojan:Win32/RedLineStealer.L!MTB
GoogleDetected
AhnLab-V3Trojan/Win.RedLine.R589286
McAfeeGenericRXWF-FU!79A60ED77092
MAXmalware (ai score=88)
VBA32BScope.Trojan.Injurer
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R023C0DG923
RisingTrojan.Kryptik!1.E841 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.W32.Injurer.gen
FortinetW32/Malicious_Behavior.SBX
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Troj/Krypt-AAF?

Troj/Krypt-AAF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment