Malware

Win32/Kryptik.AETY removal tips

Malware Removal

The Win32/Kryptik.AETY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.AETY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.AETY?



File Info:

name: 1F63014560B89F65F034.mlw
path: /opt/CAPEv2/storage/binaries/b28474a8f14804820e795d033134d21962d912b2032efdb49dca153c055f1217
crc32: BAE23D6B
md5: 1f63014560b89f65f034a6e6e8fbd5f6
sha1: 09fcd13df09fd09e82080e5050a28668f26629ca
sha256: b28474a8f14804820e795d033134d21962d912b2032efdb49dca153c055f1217
sha512: 03a71c71ec3008d8d69c35722e437c63b034940e070721f4b1ce1c7711fe352824030f207653cc3d82c10f46753871f282c64604163f6c8e921baaaacb2d68f2
ssdeep: 768:wwbqIUD9a9nQ+a7X58ubZ+Y2nHd4sD4RIwsMkbYY4Y9lGNn8:wwlKXPcYM1cLjkbYY4ian8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14D130A253BB80877F4F7077219F31A749A7FF4210B3449CA2340958E1D25AD9AB377AA
sha3_384: 139d184e5a0b0d4733d3616da162fb0a4f5f9fdb2057639ce874229e9f5a07e3e900b5a163efc9097a8bc89abc1d000a
ep_bytes: 558bec81ec94010000c785e4feffff04
timestamp: 2012-04-25 14:05:43


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Character Map
FileVersion: 5.00.2134.1
InternalName: charmap.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename: charmap.exe
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
Translation: 0x0409 0x04b0

Win32/Kryptik.AETY also known as:

LionicTrojan.Win32.Generic.lw2L
DrWebTrojan.Packed.2376
MicroWorld-eScanGen:Variant.Downloader.127
FireEyeGeneric.mg.1f63014560b89f65
CAT-QuickHealTrojan.Karagany.G
ALYacGen:Variant.Downloader.127
CylanceUnsafe
VIPREGen:Variant.Downloader.127
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 003906c71 )
K7GWTrojan-Downloader ( 003906c71 )
Cybereasonmalicious.560b89
CyrenW32/Karagany.L.gen!Eldorado
SymantecPacked.Generic.362
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AETY
APEXMalicious
TrendMicro-HouseCallTROJ_KGANY.SMK
Paloaltogeneric.ml
KasperskyPacked.Win32.Krap.iu
BitDefenderGen:Variant.Downloader.127
NANO-AntivirusTrojan.Win32.Plosa.qieuh
AvastWin32:Downloader-ODT [Trj]
TencentWin32.Trojan.Falsesign.Eaxn
Ad-AwareGen:Variant.Downloader.127
SophosML/PE-A + Mal/BadCert-Gen
ComodoTrojWare.Win32.Kryptik.ASR@4oc4x0
BaiduWin32.Adware.Kryptik.b
ZillyaTrojan.Kryptik.Win32.835582
TrendMicroTROJ_KGANY.SMK
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Downloader.127 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Downloader.127
WebrootW32.Rogue.Gen
GoogleDetected
AviraTR/Downloader.Gen8
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.4
ZoneAlarmPacked.Win32.Krap.iu
MicrosoftTrojanDownloader:Win32/Karagany.I
CynetMalicious (score: 100)
AhnLab-V3Downloader/Win32.Plosa.R23954
McAfeePWS-Zbot.gen.bew
VBA32BScope.Trojan-Downloader.61205
MalwarebytesMalware.AI.2297916656
RisingDownloader.Agent!1.6727 (CLASSIC)
IkarusPacker.Win32.Krap
MaxSecureTrojan.Packed.Krap.iu
FortinetW32/ZBOT.HL!tr
AVGWin32:Downloader-ODT [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.AETY?

Win32/Kryptik.AETY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment