Categories: Malware

Win32/Kryptik.ANLB (file analysis)

The Win32/Kryptik.ANLB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.ANLB virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Attempts to access Bitcoin/ALTCoin wallets
Harvests credentials from local FTP client softwares
Installs WinPCAP
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Kryptik.ANLB?


File Info:
name: D40BB900B57E87AEF256.mlwpath: /opt/CAPEv2/storage/binaries/35a8c85be2a4bf30292c93eb0990bf6423bae78fb25f809fef4e73651a42ac71crc32: 44D0EC34md5: d40bb900b57e87aef25698f0f8d709ccsha1: 40f13b79578a96bc77ea2fd7811fb93b55468107sha256: 35a8c85be2a4bf30292c93eb0990bf6423bae78fb25f809fef4e73651a42ac71sha512: c47d0afb1aa634a1a8fd8220f11f47b5a3754b40ff5d7069a70f809345c6e9c22afe2add76e9a07a328dd2faab7cb11c50a932b37ddf51fffa663016f65dcfa1ssdeep: 24576:NOPSeVmQY6LGFt6s1z7aqZwkzsxuegBn:UEWGFtBzmibEmntype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T101F42340FF2D729EDA110838C2435EC62BB0766FCDD407E715ED6B2A95229F4859F60Bsha3_384: 93d17969b56c4e70c0ab292d958de2f5ad865ab3a389d7be904f101f264c854c0030cba0149895d21ae224faad08a403ep_bytes: 6affff0424810c24003040000fb70d9atimestamp: 1970-01-01 00:00:00
Version Info:
0: [No Data]

Win32/Kryptik.ANLB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.lmka
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Lethic.B
ALYac	Trojan.VIZ.Gen.1
Cylance	unsafe
VIPRE	Trojan.VIZ.Gen.1
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0040797b1 )
Alibaba	Trojan:Win32/Starter.ali2000005
K7GW	Trojan ( 0040797b1 )
Cybereason	malicious.0b57e8
Baidu	Win32.Trojan.Kryptik.zs
VirIT	Trojan.Win32.FakeAV_s.NC
Cyren	W32/FakeAlert.VZ.gen!Eldorado
Symantec	SecShieldFraud!gen10
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.ANLB
APEX	Malicious
Kaspersky	Trojan-PSW.Win32.Tepfer.bjga
BitDefender	Trojan.VIZ.Gen.1
NANO-Antivirus	Trojan.Win32.Slym.barfpm
ViRobot	Trojan.Win32.Z.Tepfer.788992.D
MicroWorld-eScan	Trojan.VIZ.Gen.1
Avast	Win32:FakeAlert-DAA [Trj]
Tencent	Malware.Win32.Gencirc.13be04c1
Emsisoft	Trojan.VIZ.Gen.1 (B)
F-Secure	Trojan.TR/Winwebsec.gnnaou
DrWeb	BackDoor.Slym.825
Zillya	Trojan.Tepfer.Win32.11512
TrendMicro	BKDR_KELIHOS.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.d40bb900b57e87ae
Sophos	Troj/FakeAV-FWY
SentinelOne	Static AI – Malicious PE
GData	Trojan.VIZ.Gen.1
Jiangmin	Trojan/Tepfer.Gen
Webroot	W32.Trojan.Gen
Avira	TR/Winwebsec.gnnaou
Antiy-AVL	Trojan/Win32.Kryptik
Xcitium	TrojWare.Win32.Kryptik.XXL@4rfof4
Arcabit	Trojan.VIZ.Gen.1
SUPERAntiSpyware	Trojan.Agent/Gen-RogueAV
ZoneAlarm	Trojan-PSW.Win32.Tepfer.bjga
Microsoft	Backdoor:Win32/Kelihos.F
Google	Detected
AhnLab-V3	Trojan/Win32.Tepfer.R40605
Acronis	suspicious
McAfee	FakeAV-SecurityTool.fz
MAX	malware (ai score=99)
VBA32	Trojan.FakeAV.01657
Malwarebytes	Trojan.LameShield
Panda	Adware/SystemTool
TrendMicro-HouseCall	BKDR_KELIHOS.SM
Rising	Rogue.Winwebsec!8.B21 (TFE:2:IZQcUVDdnFG)
Yandex	Trojan.GenAsa!/1sLuhlP+jE
Ikarus	Trojan-PWS.Win32.Tepfer
MaxSecure	Trojan.Malware.4710814.susgen
Fortinet	W32/FakeAlert.B!tr
BitDefenderTheta	Gen:NN.ZexaF.36250.WqW@amAs3fik
AVG	Win32:FakeAlert-DAA [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)