About “Win32/GenKryptik.GHMT” infection

The Win32/GenKryptik.GHMT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/GenKryptik.GHMT virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/GenKryptik.GHMT?


File Info:
name: 825E8A4D67B0F39BD88D.mlw
path: /opt/CAPEv2/storage/binaries/45bb1b20cbc08ed40ad9befa1301871806a9a8aac2583ec302126acc3f811fe9
crc32: A06A7600
md5: 825e8a4d67b0f39bd88de8109fa683dc
sha1: 7db354095c1272de772ac7692e414584b4aab86a
sha256: 45bb1b20cbc08ed40ad9befa1301871806a9a8aac2583ec302126acc3f811fe9
sha512: 27c8319e8612eb2231d67806d5d2033416926767120a36d4f14284041e7a9b97c756b80fd16ff3d607f8f0f884881919e70ee266ea88a3994eb1d8c986eee5a9
ssdeep: 1536:2GIPJmQDREjcA8lvL2c+WKkViLkP3T8hQaAI80QzFTMO+yNM102pbG4HiGTiL:2Nx9REjN8l1nRiQP3T8hgHdxTMnyNMNu
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F9A3BF3FA7040F22EF8312F22AC6FCC1EA1A426B16661594986DDB7D325197DC2773D8
sha3_384: db2a6077ace6cd1057e8f130d7208d9990f84065644abe15e4c0b2783c4a29a5f04392663befc0d58ad9091a00fb0f0b
ep_bytes: b9000000005381e8ad34d22721d08b34
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

Win32/GenKryptik.GHMT also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.fOW@IjyPY!b
FireEye	Generic.mg.825e8a4d67b0f39b
McAfee	Glupteba-FTSD!825E8A4D67B0
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	AI:Packer.E42EBCE31B
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GHMT
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan.Win32.Convagent.gen
BitDefender	Gen:Trojan.Heur.fOW@IjyPY!b
NANO-Antivirus	Virus.Win32.Gen.ccmw
Tencent	Trojan.Win32.Copak.zd
Sophos	ML/PE-A
F-Secure	Trojan.TR/Crypt.XPACK.Gen
VIPRE	Gen:Trojan.Heur.fOW@IjyPY!b
McAfee-GW-Edition	BehavesLike.Win32.RAHack.nc
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Trojan.Heur.fOW@IjyPY!b (B)
SentinelOne	Static AI – Suspicious PE
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=84)
Arcabit	Trojan.Heur.E50B78
ZoneAlarm	VHO:Trojan.Win32.Convagent.gen
GData	Gen:Trojan.Heur.fOW@IjyPY!b
AhnLab-V3	Trojan/Win.FTSD.C5394285
Acronis	suspicious
VBA32	BScope.Trojan.Wacatac
ALYac	Gen:Trojan.Heur.fOW@IjyPY!b
Cylance	unsafe
Rising	Trojan.Kryptik!1.BF57 (CLASSIC)
Fortinet	W32/GenKryptik.CTNW!tr
DeepInstinct	MALICIOUS

How to remove Win32/GenKryptik.GHMT?

Win32/GenKryptik.GHMT removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X