Malware

Win32/Kryptik.ASXB (file analysis)

Malware Removal

The Win32/Kryptik.ASXB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.ASXB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (6 unique times)
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Exhibits behavior characteristic of Kelihos malware
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests credentials from local FTP client softwares
  • Installs WinPCAP

How to determine Win32/Kryptik.ASXB?


File Info:

name: 164257195268149975F9.mlw
path: /opt/CAPEv2/storage/binaries/48fa91dadcb7c3a4898e5a9fb4fefe529f54a06a20a55519587bbd07730f2f3b
crc32: 38C45F12
md5: 164257195268149975f959a888bc7f2c
sha1: 0971f0701d74cabf00001b59b63a29400dc64443
sha256: 48fa91dadcb7c3a4898e5a9fb4fefe529f54a06a20a55519587bbd07730f2f3b
sha512: 4c1b6c393ddb89fc0254abbdc74f60966bd70b378dd7551a49e7bae42175318e30a5850bef26398f745155d949b9aff2a25800480cce78e66b6f1da283a633e1
ssdeep: 24576:tNmQ2OY0Dp+JgWMARqiGQcz1UlpoRv+u:tNmQ2J0MqBARqhQcz1UlpoYu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18A0533C18277DD39D4692C7007CD3AB976CBC988913ED7489B8130C5626AACDC97AEC7
sha3_384: 7d30a8b8dd5e8bea8f4d50313255817613504d7a5c64669b6dc95c192dcd4792df0b7fe532a7eba77a33a1eedc95ef30
ep_bytes: 558bec83ec78ba5700000083eaee8955
timestamp: 2012-05-07 10:55:35

Version Info:

CompanyName: zoPJSqBzR
FileDescription: W2vImut
FileVersion: 44.249.4743.45733
InternalName: 6WACyU
OriginalFilename: B2A766lhevAM2
ProductName: tFOn
ProductVersion: 32.194.2791.42370
Translation: 0x0409 0x04b0

Win32/Kryptik.ASXB also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.29555
ALYacGen:Variant.Razy.29555
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f4771 )
K7GWTrojan ( 0040f4771 )
Cybereasonmalicious.952681
CyrenW32/Kazy.V.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.ASXB
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.29555
NANO-AntivirusTrojan.Win32.Kryptik.blcwew
AvastWin32:Mystic
Ad-AwareGen:Variant.Razy.29555
EmsisoftGen:Variant.Razy.29555 (B)
ComodoTrojWare.Win32.Kryptik.ATAT@4tis21
VIPREGen:Variant.Razy.29555
McAfee-GW-EditionGeneric BackDoor.afz
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.1642571952681499
SophosML/PE-A + Mal/EncPk-ANM
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.29555
AviraTR/Dropper.Gen
MAXmalware (ai score=89)
ArcabitTrojan.Razy.D7373
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeGeneric BackDoor.afz
VBA32SScope.Malware-Cryptor.SB.01724
MalwarebytesMachineLearning/Anomalous.100%
RisingTrojan.Kryptik!1.ABDA (CLASSIC)
IkarusVirus.Win32.Cryptor
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.XUW!tr
BitDefenderThetaGen:NN.ZexaF.34582.Zu0@aWomt7jK
AVGWin32:Mystic
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Kryptik.ASXB?

Win32/Kryptik.ASXB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment