Malware

What is “Win32/Kryptik.ACLH”?

Malware Removal

The Win32/Kryptik.ACLH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.ACLH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Kryptik.ACLH?



File Info:

name: 4D18BAC44DD643A893B9.mlw
path: /opt/CAPEv2/storage/binaries/583054789f8f14470615dd4b734703cea4002b16c7bc3a9a84b4993050aa5b2b
crc32: 02C3B4A4
md5: 4d18bac44dd643a893b963ba4af7d198
sha1: 4fb1c2430af2eca435ff88f02ea011963b2a5658
sha256: 583054789f8f14470615dd4b734703cea4002b16c7bc3a9a84b4993050aa5b2b
sha512: adf4c3e41fb8bc4bf097aa9aaf0ae274cf9ac43dc932fb43087455dfa92ba104fb546099ad56d82f1e76ade15bbecba2f72fcfa55450afa99df3bc2634fcc5d3
ssdeep: 384:L7IedR8xIfo6NjlXtaMcXVJymIuWGPZhh4WWieZWjHv:L7IeLUERtg0uWGPZhhdecv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12BA22A421EF70CD7F842257634FACE0182A16270067A9E530AA47D8D19A968F773A3E9
sha3_384: 8178ad7e4bf2d2deab800161fa8621e000baa6da83c214c4966c4420063d666d54bf265439914a4fee56eb7ef825d1a9
ep_bytes: 558bec81ec9c010000c785ecfeffff04
timestamp: 2012-03-30 05:59:04


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Winhlp32 Stub
FileVersion: 5.00.2134.1
InternalName: WINHSTB
LegalCopyright: Copyright (C) Microsoft Corp. 1991-1996
OriginalFilename: WINHLP32.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
Translation: 0x0409 0x04b0

Win32/Kryptik.ACLH also known as:

LionicTrojan.Win32.Zbot.ltTN
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Downloader.127
ClamAVWin.Trojan.Downloader-52490
FireEyeGeneric.mg.4d18bac44dd643a8
SkyhighPWS-Zbot.gen.bew
McAfeePWS-Zbot.gen.bew
MalwarebytesMalware.AI.2503314954
VIPREGen:Variant.Downloader.127
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 003906c71 )
AlibabaTrojanDownloader:Win32/Plosa.4ab9f8bb
K7GWTrojan-Downloader ( 003906c71 )
Cybereasonmalicious.30af2e
VirITTrojan.Win32.Plosa.FJB
SymantecPacked.Generic.362
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.ACLH
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Plosa.fjb
BitDefenderGen:Variant.Downloader.127
NANO-AntivirusTrojan.Win32.Plosa.cruijn
AvastWin32:Agent-AOHK [Spy]
TencentMalware.Win32.Gencirc.10b4dc6e
EmsisoftGen:Variant.Downloader.127 (B)
F-SecureTrojan.TR/Dldr.Karagany.IC
DrWebTrojan.DownLoad3.5546
ZillyaDownloader.Plosa.Win32.191
TrendMicroTROJ_FAKEAV.SMFY
SophosMal/BadCert-Gen
IkarusTrojan-Downloader.Win32.Plosa
JiangminTrojanDownloader.Plosa.co
WebrootW32.Downloader.Gen
GoogleDetected
AviraTR/Dldr.Karagany.IC
Antiy-AVLTrojan[Downloader]/Win32.Plosa
Kingsoftmalware.kb.a.998
MicrosoftTrojanDownloader:Win32/Karagany.I
XcitiumTrojWare.Win32.Kazy.FOF@4pekmj
ArcabitTrojan.Downloader.127
ZoneAlarmTrojan-Downloader.Win32.Plosa.fjb
GDataGen:Variant.Downloader.127
VaristW32/Karagany.L.gen!Eldorado
AhnLab-V3Trojan/Win32.Plosa.R24487
ALYacGen:Variant.Downloader.127
MAXmalware (ai score=100)
VBA32TrojanDownloader.Plosa
Cylanceunsafe
PandaTrj/Hexas.HEU
TrendMicro-HouseCallTROJ_FAKEAV.SMFY
RisingDownloader.Agent!1.673E (CLASSIC)
YandexTrojan.DL.Plosa!kW8OGsLFhOE
MaxSecureTrojan.Packed.Krap.iu
FortinetW32/ZBOT.HL!tr
AVGWin32:Agent-AOHK [Spy]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.ACLH?

Win32/Kryptik.ACLH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment