Trojan

Trojan.Win32.Copak.kytq removal tips

Malware Removal

The Trojan.Win32.Copak.kytq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Copak.kytq virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location

How to determine Trojan.Win32.Copak.kytq?


File Info:

name: 26545981CF36F0E63098.mlw
path: /opt/CAPEv2/storage/binaries/0a09781253a368d91908aa098747c953771b661685a1ca7a4e7f23c5e0323806
crc32: 6BBEE3B3
md5: 26545981cf36f0e630986ed86bcf19dd
sha1: 698256aae4f6c8b4eed71f900f5844d32a1f9828
sha256: 0a09781253a368d91908aa098747c953771b661685a1ca7a4e7f23c5e0323806
sha512: b9a088a8229f370f438468601db0d696e94b74a99e929b1c1b3fd7dce107045ecbd58941303fc49835dc1d0f24e0322476ad011e55d5c53e09bf6bfdf929e05a
ssdeep: 24576:HwD5BYfVx8f4ipe1NLoBV1dPBlDXHBHTyjocincx2+yZgKEY0q9seqq+CWpYhZ+s:Q7YfV+he1WhdPjXlOpiniC1GYhkg1MG
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T14D7533DD0F658F6DDEED7FF2E0628E1048A56CB92131E512036624312B902B3DFAD5B6
sha3_384: 345370a3bbe04fccf1693e737b0fa420ab2ae3d59ad312e00b013082d4d386133d3cebdee943e94ec74d524775409b84
ep_bytes: b8000000005751595a01cb4101cb5229
timestamp: 1970-01-01 00:00:00

Version Info:

0: [No Data]

Trojan.Win32.Copak.kytq also known as:

BkavW32.AIDetect.malware2
LionicRiskware.Win32.BitCoinMiner.1!c
Elasticmalicious (high confidence)
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3641086
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057ffc71 )
AlibabaTrojan:Win32/Copak.ddcf86f3
K7GWTrojan ( 0057ffc71 )
Cybereasonmalicious.ae4f6c
CyrenW32/CoinMiner.CQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HITO
APEXMalicious
AvastWin32:CoinminerX-gen [Trj]
KasperskyTrojan.Win32.Copak.kytq
BitDefenderThetaGen:NN.ZexaF.34084.InZ@aOK8toh
TencentTrojan.Win32.Coinminer.yi
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.Packed2.43250
VIPREPacker.NSAnti.Gen (v)
TrendMicroTROJ_GEN.R002C0DLA21
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-R
Paloaltogeneric.ml
AviraTR/Crypt.ULPM.Gen
Antiy-AVLGrayWare/Win32.Kryptik.ffp
MicrosoftTrojan:Win32/Injector.RAQ!MTB
GDataWin32.Application.Coinminer.TGDKHO
CynetMalicious (score: 100)
McAfeeGenericRXAA-FA!26545981CF36
VBA32Trojan.Packed
MalwarebytesTrojan.Crypt
TrendMicro-HouseCallTROJ_GEN.R002C0DLA21
RisingTrojan.Injector!1.C865 (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.EAHK!tr
AVGWin32:CoinminerX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Win32.Copak.kytq?

Trojan.Win32.Copak.kytq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment