Malware

Win32/GenKryptik.GNNJ (file analysis)

Malware Removal

The Win32/GenKryptik.GNNJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenKryptik.GNNJ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/GenKryptik.GNNJ?



File Info:

name: 8381936A82AC5C9BE560.mlw
path: /opt/CAPEv2/storage/binaries/c39a2ba4726b0d2eb79e36a535d684327b220dccb5dde1eb232768db1576416c
crc32: 42757431
md5: 8381936a82ac5c9be560dcbb5498abca
sha1: 967b4ac3358f143198baecbc131134cd18b48384
sha256: c39a2ba4726b0d2eb79e36a535d684327b220dccb5dde1eb232768db1576416c
sha512: 119afcf1a0f13c3271dcc84874ac8a706eaf5e897ba6916fb5286446465d88b8e8b450ddaec8960bc1f26c4e8c33a3ea4c48817ee80a503a0f4142697585b972
ssdeep: 12288:kRh2WLmj4fgv3wTEzLCiw5QHtcWDgwF6z2V7QXoEg8Fw4+VBPMASismHmEx8XcsY:lG55IDaw4iVMasmHiFZ+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B056D217495E12EC0B75EB59929CBF968386F611E61A8D3BAC03E5D3F71983C03532B
sha3_384: 7ed4829b3c1a1d9bcdf8dd5bee74c9ccd1da157ad2a7a8095278d4549e804c5f021bd09f54defefaf88474a63d454162
ep_bytes: 64a100000000558bec6aff6810334500
timestamp: 2000-11-09 07:04:40


Version Info:

CompanyName: Design Science, Inc.
FileDescription: Microsoft Equation Editor
FileVersion: 00110900
InternalName: Equation Editor
LegalCopyright: Copyright © Design Science, Inc. 1990-2000
LegalTrademarks: 
OriginalFilename: EQNEDT32.EXE
ProductName: Microsoft Equation Editor
ProductVersion: 3.1
Translation: 0x0409 0x04e4

Win32/GenKryptik.GNNJ also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Doina.63205
FireEyeGeneric.mg.8381936a82ac5c9b
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/Convagent.DQ.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/GenKryptik.GNNJ
CynetMalicious (score: 100)
BitDefenderGen:Variant.Doina.63205
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Evo-gen [Trj]
EmsisoftGen:Variant.Doina.63205 (B)
VIPREGen:Variant.Doina.63205
GDataGen:Variant.Doina.63205
Antiy-AVLTrojan/Win32.Wacatac
ArcabitTrojan.Doina.DF6E5
ZoneAlarmHEUR:Backdoor.Win32.Convagent.gen
MicrosoftProgram:Win32/Wacapew.C!ml
GoogleDetected
AhnLab-V3Malware/Win.Generic.C5482099
ALYacGen:Variant.Doina.63205
MAXmalware (ai score=82)
Cylanceunsafe
FortinetW32/GenKryptik.GNNJ!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Win32/GenKryptik.GNNJ?

Win32/GenKryptik.GNNJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment