Should I remove “Win32/GenKryptik.GQNN”?

The Win32/GenKryptik.GQNN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/GenKryptik.GQNN virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Punjabi
Authenticode signature is invalid

How to determine Win32/GenKryptik.GQNN?


File Info:
name: 1A2C352F4D5134BA2F90.mlw
path: /opt/CAPEv2/storage/binaries/4f9965ffa4c2eb107233153ec81642cf068f1d1061704081f0c5487e95968307
crc32: 159AD25A
md5: 1a2c352f4d5134ba2f90e7c7bdfd002b
sha1: f7f38f6684c1a2eec575f6011098c0bcfd6dc46e
sha256: 4f9965ffa4c2eb107233153ec81642cf068f1d1061704081f0c5487e95968307
sha512: b293750aeba8a49190d37512b207f79830809d0be7ee64ba1b475bf248dcebedeb08e722cb4ec6bcee5cdb3229aee61c69fe49e136ee10d42d33f3f4cc08a638
ssdeep: 3072:jwm9LOpl7ugrk5s5EoMJUSr5UGpN4EhwiQ8VnYmLPHoxrO7bR:j59yp1/C8ArBpN4EhVfn9HomR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D254E64382F17D45EA768B728F2F86EC772EF1909E59B7691218DE1F14B1072C2A3B11
sha3_384: 51068ad958d90be70ed41ea404b120040ac7ad2e00dcd9e2d93ff42af7c52a256a08e52fbddda9b20180df00468f07ef
ep_bytes: e848210000e978feffff6a0868286042
timestamp: 2023-05-01 03:01:28

Version Info:
FileDescription: Calling
LegalCopyright: Copyright (C) 2022, Crazy
OriginalFilename: Jungle
ProductsVersion: 82.63.22.97
ProductionVersion: 47.50.69.96
Translation: 0x25ac 0x0e92

Win32/GenKryptik.GQNN also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Mokes.m!c
Elastic	malicious (high confidence)
ClamAV	Win.Packer.pkr_ce1a-9980177-0
FireEye	Generic.mg.1a2c352f4d5134ba
Skyhigh	BehavesLike.Win32.Lockbit.dm
McAfee	Artemis!1A2C352F4D51
Sangfor	Ransom.Win32.Save.a
K7AntiVirus	Trojan ( 0056d16b1 )
K7GW	Trojan ( 0056d16b1 )
Cybereason	malicious.684c1a
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/GenKryptik.GQNN
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win32:DropperX-gen [Drp]
Tencent	Trojan.Win32.Obfuscated.gen
Trapmine	malicious.high.ml.score
Sophos	Troj/Krypt-VK
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Dropper.Gen
Google	Detected
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
AhnLab-V3	Downloader/Win.BeamWinHTTP.R520470
VBA32	BScope.Trojan.Yakes
Cylance	unsafe
Rising	Trojan.SmokeLoader!1.EB63 (CLASSIC)
Ikarus	Trojan.Win32.Azorult
Fortinet	W32/GenKryptik.ERHN!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Win32/GenKryptik.GQNN?

Win32/GenKryptik.GQNN removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X