Malware

Win32/GenKryptik.GCXD removal guide

Malware Removal

The Win32/GenKryptik.GCXD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/GenKryptik.GCXD virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Rhaeto (Romance)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the Tofsee malware family
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/GenKryptik.GCXD?


File Info:

name: E99252F9AC9E15E7AC4A.mlw
path: /opt/CAPEv2/storage/binaries/829ba4941f9f57c218e9b90a91302ca77375e657566a80fa493561d795c026a6
crc32: FB7619D4
md5: e99252f9ac9e15e7ac4a12092037f88f
sha1: ea29a92f68d5a5bd8bdd0b86fd53d664ab85d7f7
sha256: 829ba4941f9f57c218e9b90a91302ca77375e657566a80fa493561d795c026a6
sha512: 627fe681436e7a288468fb6a6aacd382cd8676a4b854ac86bd25bb3127d16534b45f28761184f5690d0f4d4ba34962d7e0828e7d5c75628b91bfb2cee3a571f8
ssdeep: 12288:LK+gxEIZYZFGYPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPH:LK+gxEIZaFG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15BE67C958FE06D9AD4FB06B49A638F71C3BD9C86E1D12BA23840DC0C3CB49856E53DB5
sha3_384: ae6fa561629519c0f5cbce826d91473e42914e7aa91f572018b4372cd83d13cd3f9357f2ff4a5c1a9603a91dcf02ba75
ep_bytes: e8605f0000e978feffffcccccccccccc
timestamp: 2022-01-29 20:21:23

Version Info:

Translations: 0x0580 0x00ae

Win32/GenKryptik.GCXD also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader45.34524
FireEyeGeneric.mg.e99252f9ac9e15e7
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0059b9cf1 )
K7GWTrojan ( 0059b9cf1 )
Cybereasonmalicious.f68d5a
CyrenW32/Kryptik.ICN.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/GenKryptik.GCXD
APEXMalicious
TrendMicro-HouseCallMal_Tofsee
KasperskyHEUR:Trojan.Win32.Zenpak.gen
AvastWin32:BotX-gen [Trj]
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.Lockbit.tm
Trapminemalicious.moderate.ml.score
SentinelOneStatic AI – Suspicious PE
GoogleDetected
AviraTR/Crypt.EPACK.Gen2
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
RisingMalware.Obscure!1.A3BB (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:BotX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/GenKryptik.GCXD?

Win32/GenKryptik.GCXD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment