Malware

Should I remove “Win32/GenKryptik.FBTA”?

Malware Removal

The Win32/GenKryptik.FBTA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/GenKryptik.FBTA virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Slovak
  • The binary likely contains encrypted or compressed data.
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

telete.in
apps.identrust.com
yearofthepig.top

How to determine Win32/GenKryptik.FBTA?


File Info:

crc32: 28C47DC4
md5: ca2c146134e8291dc39dfd026c7efb6d
name: CA2C146134E8291DC39DFD026C7EFB6D.mlw
sha1: b4e6b97d99e7c271ff57482017ebd50a3d739ebc
sha256: beee1a1b8af35afe886fcae2df177e56496ad0c6c821bf54308acc25d2ac1145
sha512: 3c4876ece747992d68bf9de1b0cae8331272cd191bee0638b2b860c9e852652e97f76ec40abb1e93d842d0eb1cafbac358c5b9459167a4a49501d7879ccf02be
ssdeep: 6144:9MzG3VGsddwmKAgIQJyRUzmxc9sf/yEvflP6rrw2kLMrSugt4g:H7dxK9IOyezm6Sf/hv9PwwrLMut
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/GenKryptik.FBTA also known as:

Elasticmalicious (high confidence)
FireEyeGeneric.mg.ca2c146134e8291d
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056f9be1 )
K7GWTrojan ( 0056f9be1 )
BitDefenderThetaGen:NN.ZexaF.34804.zqW@a0YlhFjG
CyrenW32/Kryptik.DHT.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastFileRepMalware
KasperskyHEUR:Exploit.Win32.Shellcode.gen
RisingMalware.Heuristic!ET#91% (RDMK:cmRtazrzpKVJpxwbz5+5XFbyHT4J)
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
SophosML/PE-A
ZoneAlarmHEUR:Exploit.Win32.ShellCode.vho
MicrosoftTrojan:Win32/Glupteba!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!CA2C146134E8
MalwarebytesTrojan.MalPack.GS
ESET-NOD32a variant of Win32/GenKryptik.FBTA
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HJLQ!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_80% (D)
Qihoo-360HEUR/QVM10.1.5178.Malware.Gen

How to remove Win32/GenKryptik.FBTA?

Win32/GenKryptik.FBTA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment