Win32/GenKryptik.BGLC (file analysis)

The Win32/GenKryptik.BGLC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/GenKryptik.BGLC virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Unconventionial language used in binary resources: Portuguese
The binary likely contains encrypted or compressed data.
Spoofs its process name and/or associated pathname to appear as a legitimate process
Network activity detected but not expressed in API logs
Attempts to interact with an Alternate Data Stream (ADS)

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/GenKryptik.BGLC?


File Info:
crc32: AC6ED526
md5: aeba0f5d72d4287dab2d03d1f2d02b40
name: AEBA0F5D72D4287DAB2D03D1F2D02B40.mlw
sha1: 33e24025f80ed7b461edf6a2aa8d15c289f14d11
sha256: 4743cb7075e9439d34d674f2c20e59c6f2799fab51f5ea6132ea256bd4f6edcf
sha512: d0ebd16166ca1f0a787beff5fa38cf0514c5b1257ec3a32ff0baa3daaf8e0ae346e853ca4365d1a78b112285a188c0919ac7833faddcec1197f80875d341803b
ssdeep: 12288:VtZl910KkwxsY6VTtkOkc1mFit8oc9ro9Vu3xWa7pf:VtZPJxsvVxk97iDfAN1
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
eUp Utilities 2014: @x0ex01ProductVersion
eUp Software: Vx17x01FileDescription
Comments: @x10x01CompanyName
eUp Browser Cleaner: <x0ex01FileVersion
yright xa9 AVG Netherlands B. V. 2011: Lx12x01LegalTrademarks
eUp Utilitiesx2122: Lx16x01ProductName
0.1000.340: D
Translation: 0x0407 0x04b0

Win32/GenKryptik.BGLC also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005224381 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Hottrend.based.1
Cynet	Malicious (score: 100)
ALYac	Trojan.Ransom.Cerber.1
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 005224381 )
Cybereason	malicious.d72d42
Baidu	Win32.Trojan.Kryptik.alb
Symantec	Packed.Generic.459
ESET-NOD32	a variant of Win32/GenKryptik.BGLC
APEX	Malicious
Avast	Win32:Filecoder-BG [Trj]
ClamAV	Win.Malware.Score-6881439-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Ransom.Cerber.1
NANO-Antivirus	Trojan.Win32.Hottrend.evjfhk
MicroWorld-eScan	Trojan.Ransom.Cerber.1
Tencent	Win32.Trojan.Generic.Lqys
Ad-Aware	Trojan.Ransom.Cerber.1
Sophos	Mal/Generic-R + Mal/Ransom-EJ
Comodo	TrojWare.Win32.Kryptik.ERJ@6l0vie
BitDefenderTheta	AI:Packer.C4D47B8720
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCERBER.SM3
McAfee-GW-Edition	BehavesLike.Win32.Emotet.jc
FireEye	Generic.mg.aeba0f5d72d4287d
Emsisoft	Trojan.Ransom.Cerber.1 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.brwgf
Avira	HEUR/AGEN.1129194
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.22CB318
Microsoft	SoftwareBundler:Win32/Ogimant
Arcabit	Trojan.Ransom.Cerber.1
AegisLab	Trojan.Win32.Generic.4!c
GData	Trojan.Ransom.Cerber.1
AhnLab-V3	Win-Trojan/Cerber.Gen
Acronis	suspicious
McAfee	Ransomware-GFD!AEBA0F5D72D4
MAX	malware (ai score=100)
VBA32	BScope.TrojanPSW.Papras
Malwarebytes	Malware.AI.2876547158
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_HPCERBER.SM3
Rising	Trojan.Kryptik!1.AE9C (CLASSIC)
Yandex	Trojan.GenKryptik!9arSHB0sFDg
Ikarus	Trojan-Ransom.Teerac
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HGZD!tr
AVG	Win32:Filecoder-BG [Trj]
Paloalto	generic.ml

How to remove Win32/GenKryptik.BGLC?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/GenKryptik.BGLC (file analysis)