Malware

How to remove “Win32/GenKryptik.GCPY”?

Malware Removal

The Win32/GenKryptik.GCPY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenKryptik.GCPY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Tswana
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Win32/GenKryptik.GCPY?



File Info:

name: 86C225A92CF0BB9197B8.mlw
path: /opt/CAPEv2/storage/binaries/2afb93e31e34875da897a60336a485ce9db90669d671d15958747db4661e2ae2
crc32: C83C1B93
md5: 86c225a92cf0bb9197b8337dd4b7a01d
sha1: 68386dd2a3052fc3d55a6182371b42733d52145e
sha256: 2afb93e31e34875da897a60336a485ce9db90669d671d15958747db4661e2ae2
sha512: 41678b0d5d06fd369ab56318e165cbc6bd6937e04b936a0d96f26bc1d7836939b67177dd6a99045233c29e95a7c0b9d6bf24623feab0dd64a106760a3b042d6a
ssdeep: 6144:I2VafeaGvgA9WDR3+O4zdy/EZ4YhVVPE+O1voXc/:X+EvY3+6YDO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18E74AD00FED0D4A6E0BDC5707A25CBE8D639ACB16921D91373786B5F2EB31918F66231
sha3_384: 998c81a8d07ef1e3ec93fd46a9ffa005626ae289e0175f0f62bde209a09801e68a4c3192195292952020cfbd0ecece48
ep_bytes: e8bb430000e978feffff6a0868b80d41
timestamp: 2021-07-27 16:02:58


Version Info:

FileVersions: 37.94.20.18
InternationalName: polgwaoce.iwe
Copyright: Copyright (C) 2022, somoklos
ProjectsVersion: 95.99.51.33

Win32/GenKryptik.GCPY also known as:

BkavW32.AIDetect.malware1
FireEyeGeneric.mg.86c225a92cf0bb91
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/GenKryptik.GCPY
APEXMalicious
KasperskyUDS:Trojan.Win32.Injuke.gen
CynetMalicious (score: 100)
RisingTrojan.Generic@AI.91 (RDML:roVWrfByO4zsyPRnqae/NA)
SophosML/PE-A
McAfee-GW-EditionBehavesLike.Win32.Lockbit.fh
Trapminemalicious.high.ml.score
MicrosoftRansom:Win32/StopCrypt!ml
ZoneAlarmUDS:Trojan.Win32.Injuke.gen
Acronissuspicious
VBA32BScope.Trojan.AET.281105
CylanceUnsafe
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HHTS!tr
AVGDropperX-gen [Drp]
Cybereasonmalicious.2a3052
AvastDropperX-gen [Drp]

How to remove Win32/GenKryptik.GCPY?

Win32/GenKryptik.GCPY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment