About “Win32/GenKryptik.GBCO” infection

The Win32/GenKryptik.GBCO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/GenKryptik.GBCO virus can do?

Unconventionial language used in binary resources: Arabic (Algeria)
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/GenKryptik.GBCO?


File Info:
name: 4C0B19D174885BFC35D8.mlw
path: /opt/CAPEv2/storage/binaries/7efa2d8e2755246a0cda857335efa94f4c4cded424c9f38cb02122d79f026a3c
crc32: 507A1509
md5: 4c0b19d174885bfc35d86a3299f386c9
sha1: 353dc6c54b576a654ca4433395e517397e8b1348
sha256: 7efa2d8e2755246a0cda857335efa94f4c4cded424c9f38cb02122d79f026a3c
sha512: 6e531dbfdd267503973375f595a21b05b9e40e2435716400693610ea61541a23029819f67db111aa16368a6b34377e0b44482f360741e1012942025c83685abd
ssdeep: 49152:a/tMwqZFe6iRyhJ3jkqQVSfWVXqASv1x1dKO/5t7WGiocfGJDcjQcy20RHrzKgiR:a/tMwXSjL+EnHOMz5ysZA5+bf6c
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13956D05675EBC1A5C85204B509ED97F1093F2A955923886D6FE00E8E0FBF4CB2A6133F
sha3_384: 192b490c1073f62f826008c98050ac5f461dc45c4f59efad47a40a00464ab3c745749299e812abb0bed2ab36705e8a53
ep_bytes: 558bec83c4f0b83c864800e8d4d9f7ff
timestamp: 1992-06-19 22:22:17

Version Info:
CompanyName: S te g  anos Software GmbH
FileDescription: Steganos Shredder
Translation: 0x0409 0x04e4

Win32/GenKryptik.GBCO also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Multi.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.62780860
ALYac	Trojan.GenericKD.62780860
Cylance	Unsafe
VIPRE	Trojan.GenericKD.62780860
Sangfor	Trojan.Win32.Agent.Vqiy
Cybereason	malicious.54b576
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GBCO
APEX	Malicious
ClamAV	Win.Packed.Generickdz-9948392-0
Kaspersky	HEUR:Trojan.Win32.Agentb.gen
BitDefender	Trojan.GenericKD.62780860
Tencent	Win32.Trojan.Agentb.Bujl
Ad-Aware	Trojan.GenericKD.62780860
Emsisoft	Trojan.GenericKD.62780860 (B)
DrWeb	Trojan.DownLoader45.25085
McAfee-GW-Edition	BehavesLike.Win32.Worm.th
FireEye	Generic.mg.4c0b19d174885bfc
GData	Trojan.GenericKD.62780860
Google	Detected
Avira	TR/Kryptik.icmcm
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASMalwS.813F
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R530013
McAfee	GenericRXUK-SU!4C0B19D17488
Malwarebytes	Malware.AI.4281529159
Rising	Trojan.Generic@AI.100 (RDML:tK+enqGLLcOOJQtWX/7y1g)
Ikarus	Trojan.Win32.Rozena
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.FSCS!tr
BitDefenderTheta	Gen:NN.ZelphiF.34726.@J0@aOWqDSdO
AVG	Win32:Evo-gen [Trj]
Avast	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Win32/GenKryptik.GBCO?

Win32/GenKryptik.GBCO removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X