Malware

Win32/GenKryptik.EGMY information

Malware Removal

The Win32/GenKryptik.EGMY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenKryptik.EGMY virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:0
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Win32/GenKryptik.EGMY?



File Info:

crc32: 499C6811
md5: 42b9a65f9480278d8f8eb5ac9aa898d4
name: svchost.exe
sha1: 6533bf258d9d431e05d9e10cf3ce441a24d0e5ca
sha256: 2ddad05d5feace7ba81f35e9b6972bca15608eb4246c790e59c13a067627b7da
sha512: 124ee570d86490394e7f60a6bb56d69e3c21722f1657edbec3d29dbd70fac7dc660b36a8a4dfec6321b84ebfbbc4dde7752261839de0631f9aff910b1db1ef9b
ssdeep: 24576:GtXPJ1bdxl/XLtuDuP6REohZ8ULkzypbv6wh:8PJ8kAh6Uoz6z6+
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Spencer Kimball, Peter Mattis and the GIMP Development Team 2006-2014 (c)
InternalName: AdheredDisabled
FileVersion: 1.5.7.8
CompanyName: Spencer Kimball, Peter Mattis and the GIMP Development Team
PrivateBuild: 1.5.7.8
LegalTrademarks: Spencer Kimball, Peter Mattis and the GIMP Development Team 2006-2014 (c)
Comments: Meanwhile Belw Getschema Actin Academy
ProductName: AdheredDisabled
Languages: English
ProductVersion: 1.5.7.8
FileDescription: Meanwhile Belw Getschema Actin Academy
OriginalFilename: AdheredDisabled
Translation: 0x0409 0x04b0

Win32/GenKryptik.EGMY also known as:

McAfeeArtemis!42B9A65F9480
CylanceUnsafe
AegisLabTrojan.Multi.Generic.4!c
SangforMalware
CrowdStrikewin/malicious_confidence_80% (W)
ESET-NOD32a variant of Win32/GenKryptik.EGMY
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packer.MalwareCrypter-6620810-1
KasperskyUDS:DangerousObject.Multi.Generic
Endgamemalicious (high confidence)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.42b9a65f9480278d
MicrosoftTrojan:Win32/Wacatac.C!ml
ZoneAlarmUDS:DangerousObject.Multi.Generic
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_100%
BitDefenderThetaGen:NN.ZexaF.34100.5q0@aiLBxjni
Cybereasonmalicious.58d9d4

How to remove Win32/GenKryptik.EGMY?

Win32/GenKryptik.EGMY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment