Malware

Win32/GenKryptik.FOBQ malicious file

Malware Removal

The Win32/GenKryptik.FOBQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenKryptik.FOBQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/GenKryptik.FOBQ?



File Info:

name: E923D0DEB219DCFC4E41.mlw
path: /opt/CAPEv2/storage/binaries/085de8cbd4627169bad612c5acd43d732c1ba1a2823e289d94c50ea689535ce1
crc32: C1E6EB2D
md5: e923d0deb219dcfc4e413e65d1fd6aea
sha1: bb7947a02366c40a25f758d7e92049b1269c9ac5
sha256: 085de8cbd4627169bad612c5acd43d732c1ba1a2823e289d94c50ea689535ce1
sha512: 4f587cb7756f8e1532cbfa42a1a24bccabb292505431d5ea69515c8fc2bfbab7c5edadfc1cb0a1c2a26c88b53239a93d3849cdd73e7a12f8e556b65478672884
ssdeep: 12288:AdtrdL3Pbv7n/v/D9uvDMgVrF6L+gWpGKseAuekL3Pbv7n/v/D4:AdNfuvpF6W03
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14FF50AD1FB17DE0BF7A4D43D95226FA58DDE30EB2BA3A4F4F4ACA595DA8C120014A107
sha3_384: eb99788ac2884926b3579ef63218a97d2bb3a499be3aaeaf2cc89a354b557e35157b783fb75d20d041881b4008809314
ep_bytes: 31ffff152e2a420089c26839aa242d68
timestamp: 2021-11-27 03:37:49


Version Info:

FileVersion: 7, 6, 3, 4
CompanyName: Fortinet
FileDescription: Hepatoumbilical
InternalName: Seasickness
Photosynthometer: Noninformative
Impudently: Avouchable
Oligarchism: Pachydermous
Unforeseenly: Dravidian
Leitneriaceous: Untimesome
Eightyfold: Vestmented
Skittishly: Thwarting
Branchiostomidae: Manifestationist
Antenati: Glaniostomi
Sulpharsenate: Cephaloconic
Photoplaywright: Binoxalate
Foreground: Dialyze
Nonscientific: Copresbyter
Projectedly: Unskilledly
Overinflation: Insignificantly
Condescendence: Dodonian
Intercommunity: Outstand
Precaria: Nonabdication
Polyprotodont: Antu
Synergia: Geobotanist
Anhaline: Supralocal
Claut: Dactylorhiza
Machi: Argent
Gastroptosis: Intraphilosophic
Onomatopy: Jadeite
Boswellia: Amylaceous
Uroerythrin: Monody
Puelchean: Malleolable
Coeloblastic: Serotherapeutics
Protore: Roussillon
Mitered: Waapa
Tortoiselike: Archjockey
Unoverpaid: Cowhearted
Unsaturated: Spatangina
Unreciprocated: Chaperonless
Roughhouser: Frigidly
Vasal: Pedrail
Unsupplanted: Pterylology
Lilylike: Rehypothecate
Mongolism: Palaetiological
Choel: Duodenal
Unintimidated: Antipyretic
Outheel: Severance
Barleyhood: Dhobi
Cornuated: Imam
Aestheticize: Bagonet
Strewment: Subpurlin
Scalper: Detailedly
Quinquagenary: Theoriai
Hydroidean: Echinospermum
Bespit: Unhyphened
Imitant: Benedictus
Qualifiable: Conchitis
Nomenclate: Denarcotize
Ulvales: Semicivilization
Martinoe: Gracilescent
Chondrogenesis: Longways
Pepper: Decursively
Dullbrained: Acupunctuation
Transmissometer: Protochronicler
Fugitate: Calcarine
PrivateBuild: Leucorrheal
Translation: 0x0409 0x04e4

Win32/GenKryptik.FOBQ also known as:

LionicTrojan.Win32.SelfDel.4!c
MicroWorld-eScanTrojan.GenericKD.38236129
FireEyeGeneric.mg.e923d0deb219dcfc
CAT-QuickHealTrojan.Selfdel
McAfeeArtemis!E923D0DEB219
CylanceUnsafe
SangforTrojan.Win32.SelfDel.hvni
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/SelfDel.cdeb7992
K7GWTrojan ( 0058afe91 )
K7AntiVirusTrojan ( 0058afe91 )
CyrenW32/SelfDel.H.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.FOBQ
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.SelfDel.hvni
BitDefenderTrojan.GenericKD.38236129
NANO-AntivirusTrojan.Win32.SelfDel.jinzvg
AvastWin32:MalwareX-gen [Trj]
RisingTrojan.Kryptik!1.DAA1 (CLASSIC)
Ad-AwareTrojan.GenericKD.38236129
EmsisoftTrojan.GenericKD.38236129 (B)
Comodofls.noname@0
F-SecureTrojan.TR/AD.GenSteal.zrtjn
DrWebTrojan.Siggen15.56532
TrendMicroTROJ_GEN.R003C0WKU21
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataTrojan.GenericKD.38236129
AviraTR/AD.GenSteal.zrtjn
Antiy-AVLTrojan/Win32.GenKryptik
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2476FE1
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.CryptBot.C4790455
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34114.At2@ainf5npi
ALYacTrojan.GenericKD.38236129
MAXmalware (ai score=87)
VBA32Trojan.SelfDel
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallTROJ_GEN.R003C0WKU21
YandexTrojan.SelfDel!U+V+LDDrJ/Y
IkarusTrojan-Spy.Win32.CoinStealer
MaxSecureTrojan.Malware.131177208.susgen
FortinetW32/GenKryptik.FOBQ!tr
AVGWin32:MalwareX-gen [Trj]
PandaTrj/Agent.AAF

How to remove Win32/GenKryptik.FOBQ?

Win32/GenKryptik.FOBQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment