Malware

Win32/GenKryptik.FOPI removal

Malware Removal

The Win32/GenKryptik.FOPI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenKryptik.FOPI virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Spoofs its process name and/or associated pathname to appear as a legitimate process

How to determine Win32/GenKryptik.FOPI?



File Info:

name: 4E907911648BCB4A0896.mlw
path: /opt/CAPEv2/storage/binaries/e7f2d947ceac1cf6434b37663e4c347a6eece2ceea6cf6f3c2358f4af8d7af9e
crc32: 6ABC892D
md5: 4e907911648bcb4a0896d3a80f3a7c14
sha1: 15ec6bcaf7a35bfc36d7cd5e6a277852528b54fd
sha256: e7f2d947ceac1cf6434b37663e4c347a6eece2ceea6cf6f3c2358f4af8d7af9e
sha512: d20bc361be951a81aab157ec8b400ace7b564d692545e189a0cb75f7908b48fc12bcd403e2cd5a27c205f87c4721a69ae56ced43c6153081038bc57f23bbf813
ssdeep: 6144:HL6tbK2oJbOe67nqbsDPc+knp8mpPBpk5wQXkweBJ0z+rGFBQ+3GDVA91oli:HL6sJK7qIDc1np8mBBC5wQUOz+r+6+3V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B664DF03B8938971FFEB38354822969D5F2F7B680B517C2E2745C27D0F61582AD2DA27
sha3_384: 94066260d3902ef748e7041b30c8215849268b03a4b83020df1e90d1b3fcf0fda8287aad72d28e0d9caeb1733baccae8
ep_bytes: e8a3020000e97afeffff558bec8b4508
timestamp: 2021-12-08 10:17:54


Version Info:

0: [No Data]

Win32/GenKryptik.FOPI also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader44.14457
MicroWorld-eScanGen:Trojan.ExplorerHijack.uqW@auMVUbb
FireEyeGeneric.mg.4e907911648bcb4a
McAfeeRDN/Generic.grp
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058bb0a1 )
AlibabaTrojan:Win32/GenKryptik.66ec62b2
K7GWTrojan ( 0058bb0a1 )
Cybereasonmalicious.1648bc
BitDefenderThetaAI:Packer.561392431E
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.FOPI
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Trojan.ExplorerHijack.uqW@auMVUbb
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan.Explorerhijack.Pgmy
Ad-AwareGen:Trojan.ExplorerHijack.uqW@auMVUbb
EmsisoftGen:Trojan.ExplorerHijack.uqW@auMVUbb (B)
TrendMicroTROJ_GEN.R011C0PLE21
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.ExplorerHijack.uqW@auMVUbb
JiangminTrojan.Generic.hedmk
MaxSecureTrojan.Malware.300983.susgen
Antiy-AVLTrojan/Generic.ASMalwS.34E9D76
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.ExplorerHijack.EBC922
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4830703
Acronissuspicious
VBA32Malware-Cryptor.Inject.gen
ALYacGen:Trojan.ExplorerHijack.uqW@auMVUbb
MAXmalware (ai score=86)
MalwarebytesMalware.AI.3817056900
TrendMicro-HouseCallTROJ_GEN.R011C0PLE21
RisingTrojan.Generic@ML.92 (RDML:MdwEE3hJD0/hnSKQJJKu9g)
YandexTrojan.GenKryptik!neebVtqKbyA
IkarusTrojan.Win32.Krypt
eGambitUnsafe.AI_Score_99%
FortinetW32/GenKryptik.FOPI!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Win32/GenKryptik.FOPI?

Win32/GenKryptik.FOPI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment