Trojan.Win64.Kryplod.bfwj (file analysis)

The Trojan.Win64.Kryplod.bfwj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win64.Kryplod.bfwj virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan.Win64.Kryplod.bfwj?


File Info:
name: ABDAF6B70374A4A3D2FC.mlw
path: /opt/CAPEv2/storage/binaries/a9e84abd265522b2fd579c93261295d9d9dadb5d43b32921361c7f08e0d2e7cb
crc32: DA90FFFD
md5: abdaf6b70374a4a3d2fc080d4bb28063
sha1: e2f2f758a6a9c15c17107d52ab9a436176b55f6e
sha256: a9e84abd265522b2fd579c93261295d9d9dadb5d43b32921361c7f08e0d2e7cb
sha512: 0c791f0c44ddde627699ecf4f4ee7494608140ba8968f8e62f014d2024057eff38c3f02f5e0ea6b2907731aacd8ffbc86a08062ed553914074a070563872b14e
ssdeep: 98304:EB8NbcsMZP89kKoSnqUp6pB0wY2sVxTDUD527BWG:7U895oSnY0730VQBWG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C7368B23A7D58539F5B703389D79B2598C79BD712833C94F23940A5D2AB0BC1A831BE7
sha3_384: 7a449a886aa88c3c28e22dcdea4e49c4f9ccd415c19614ea1afc5bc1ba6c4e360a1d927f8c00468e62a48d23f64fc990
ep_bytes: e8d4a02f00e98efeffff3b0da4827500
timestamp: 2018-01-24 21:34:28

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Office
FileVersion: 16.0.8827.2179
InternalName: Bootstrapper.exe
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: Bootstrapper.exe
ProductName: Microsoft Office 2016
ProductVersion: 16.0.8827.2179
MOSEVersion: BETA
SDClient: _qcloud2
Translation: 0x0409 0x04e4

Trojan.Win64.Kryplod.bfwj also known as:

Lionic	Trojan.Win32.Agent.b!c
MicroWorld-eScan	Win32.Expiro.Gen.7
FireEye	Generic.mg.abdaf6b70374a4a3
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.gen
K7AntiVirus	Virus ( 0058de4e1 )
Alibaba	Virus:Win32/Expiro.f837f15a
K7GW	Virus ( 0058de4e1 )
Cyren	W32/Expiro.AU.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Expiro.NDP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win64.Kryplod.bfwj
BitDefender	Win32.Expiro.Gen.7
NANO-Antivirus	Virus.Win32.Virut-Gen.bwpxnc
Avast	FileRepMalware
Tencent	Win32.Virus.Expiro.Lqow
Sophos	Mal/Generic-S
DrWeb	Win32.Expiro.153
McAfee-GW-Edition	BehavesLike.Win32.Virus.rh
Emsisoft	Win32.Expiro.Gen.7 (B)
Ikarus	Virus.Win32.Expiro
Jiangmin	Trojan.Kryplod.dy
Antiy-AVL	Trojan/Generic.ASVirus.317
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Script/Phonzy.C!ml
GData	Win32.Trojan.BSE.1EU2C1H
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Generic.C4894700
ALYac	Win32.Expiro.Gen.7
MAX	malware (ai score=84)
VBA32	Trojan.Sabsik.TE
TrendMicro-HouseCall	TROJ_GEN.R002H0CB422
Rising	Virus.Expiro!8.375 (CLOUD)
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Expiro.NDO!tr
AVG	FileRepMalware

How to remove Trojan.Win64.Kryplod.bfwj?

Trojan.Win64.Kryplod.bfwj removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X