What is “Win32/GenKryptik.FZNB”?

The Win32/GenKryptik.FZNB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/GenKryptik.FZNB virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/GenKryptik.FZNB?


File Info:
name: DD0D6E34A9AC9CCBF848.mlw
path: /opt/CAPEv2/storage/binaries/c5e1ad422b3079df3bf73456985966161c521acf3de162b548815ab0190b5c3e
crc32: DAFEB470
md5: dd0d6e34a9ac9ccbf848c8bdfbe31ae7
sha1: c0a2af8dbd786aab13151f06764320a2b0e75d4d
sha256: c5e1ad422b3079df3bf73456985966161c521acf3de162b548815ab0190b5c3e
sha512: 6310d9e2397e853159a5997dcd25d9b3730c9d692b685cc786382e9b5069719b1dc1b1d3089cd1aaad462f4f3bc2e687559d432454172ff233cb253b2033ced2
ssdeep: 24576:YX1V9zN/SzOdsqvjT9+3WBzXzQBWg+OVukOwt2bifNcCQ1N5DWNR/fnPWn:YdvjE3WBzXzQggyiNcCCqy
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T109456D64E78380F0E92315F0104BFFFBDA30562A4431CD6BEAC9CE51FAB2D926665275
sha3_384: e9c6e67c161a13d2e13a08c7dfa318ca073a7846a11a4c2057ee5ba1fea482a3bf87433302a9098edeb1c658591e10f7
ep_bytes: c7056050530000000000e9b1fcffff90
timestamp: 2022-09-03 10:37:27

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Displays NIC MAC information
FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
InternalName: GetMac.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: GetMac.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.1
Translation: 0x0409 0x04b0

Win32/GenKryptik.FZNB also known as:

MicroWorld-eScan	Gen:Variant.Babar.98252
FireEye	Generic.mg.dd0d6e34a9ac9ccb
McAfee	GenericRXUB-MI!DD0D6E34A9AC
Sangfor	Trojan.Win32.Agent.V36a
K7AntiVirus	Trojan ( 005979b31 )
Alibaba	Trojan:Win32/GenKryptik.2d4943e4
K7GW	Trojan ( 005979b31 )
CrowdStrike	win/malicious_confidence_90% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.FZNB
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Gen:Variant.Babar.98252
Avast	Win32:CrypterX-gen [Trj]
Ad-Aware	Gen:Variant.Babar.98252
DrWeb	Trojan.PWS.Stealer.32832
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Babar.98252 (B)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Babar.98252
Avira	TR/Kryptik.epdqr
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASMalwS.5123
Arcabit	Trojan.Babar.D17FCC
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
AhnLab-V3	Infostealer/Win.RedLine.R513520
ALYac	Gen:Variant.Babar.98252
VBA32	BScope.TrojanPSW.RedLine
Malwarebytes	Malware.AI.4168729592
TrendMicro-HouseCall	TROJ_GEN.R002H09I322
Rising	Trojan.Kryptik!8.8 (TFE:5:VjxjjwM7beD)
Ikarus	Win32.Outbreak
Fortinet	W32/PossibleThreat
AVG	Win32:CrypterX-gen [Trj]

How to remove Win32/GenKryptik.FZNB?

Win32/GenKryptik.FZNB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X