Malware

How to remove “Win32/Kryptik.AXFD”?

Malware Removal

The Win32/Kryptik.AXFD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.AXFD virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information to fingerprint the system

How to determine Win32/Kryptik.AXFD?



File Info:

name: CBE070EF2CC6BA5ED5C4.mlw
path: /opt/CAPEv2/storage/binaries/06dbfa3f1f278765a7816587ce57c99f2ec7228b8079ea740a801bb7221f624c
crc32: 4B04B309
md5: cbe070ef2cc6ba5ed5c42b062d22301c
sha1: 8433333e8abb42d7d9327d71a98bcececc8784d3
sha256: 06dbfa3f1f278765a7816587ce57c99f2ec7228b8079ea740a801bb7221f624c
sha512: 5c4d0056cf56c5c0046d6c3382ad772a861dc6ce9d3e53b66253e1eb95872478f47be55bcdceffbc696abe64b7088df5925100a7cb0a4bc7ba6d3c9dfd37a313
ssdeep: 3072:LPJa9UjrL5vSfmKpsx7HGTWeswMqOAESE6asU9Jr/Dln0UzPof0SeCcPMlE:jAUTxSfm8sxrVwM8I6I9hrl/zAcSebP3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15554BEB480C0923AD89842F55C92AD3A8E2DFC664AA45DDB114D7CD63FB36C087EE51F
sha3_384: 679c39f69d7393d1802fb6630d52bb59ef14ffa98702f0289e49c542dad73af8c29d2e2a863f7a46571bf1a3c5abbdbd
ep_bytes: 558bec51558f05f06d4300ff35f06d43
timestamp: 2013-03-21 10:37:01


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft DirectPlay Voice Test
FileVersion: 5.03.2600.5512 (xpsp.080413-0845)
InternalName: dpvsetup.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: dpvsetup.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.03.2600.5512
Translation: 0x0409 0x04b0

Win32/Kryptik.AXFD also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.853043
CAT-QuickHealTrojanDropper.Gepys.A
ALYacGen:Variant.Razy.853043
CylanceUnsafe
ZillyaTrojan.ShipUp.Win32.1191
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00557ff21 )
BitDefenderGen:Variant.Razy.853043
K7GWTrojan ( 00557ff21 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.Razy.DD0433
BaiduWin32.Trojan.Agent.eq
VirITTrojan.Win32.Generic.OJN
CyrenW32/Zbot.JC.gen!Eldorado
SymantecPacked.Generic.406
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AXFD
APEXMalicious
ClamAVWin.Packed.Shipup-6840400-0
KasperskyTrojan.Win32.ShipUp.bok
NANO-AntivirusTrojan.Win32.ShipUp.bobrtq
RisingTrojan.Kryptik!1.AB8B (CLASSIC)
Ad-AwareGen:Variant.Razy.853043
SophosML/PE-A + Troj/Gyepis-B
ComodoTrojWare.Win32.Kryptik.AYQE@4wlbfl
DrWebTrojan.Redirect.140
VIPREGen:Variant.Razy.853043
TrendMicroTROJ_KRYPTK.SML3
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.cbe070ef2cc6ba5e
EmsisoftGen:Variant.Razy.853043 (B)
IkarusTrojan.Win32.ShipUp
JiangminTrojan/ShipUp.aag
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.217
MicrosoftTrojan:Win32/ShipUp.DSK!MTB
GDataGen:Variant.Razy.853043
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Shipup.R58811
Acronissuspicious
McAfeePWS-Zbot-FATW!CBE070EF2CC6
MAXmalware (ai score=89)
VBA32BScope.Malware-Cryptor.Hlux
MalwarebytesTrojan.FakeMS.ED
PandaTrj/Hexas.HEU
TrendMicro-HouseCallTROJ_KRYPTK.SML3
TencentMalware.Win32.Gencirc.10b59384
YandexTrojan.GenAsa!z1P8Zet3YrQ
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.AYTK!tr
BitDefenderThetaGen:NN.ZexaF.34582.rq3@aOBBkOmi
AVGWin32:Gepys-J [Trj]
Cybereasonmalicious.f2cc6b
AvastWin32:Gepys-J [Trj]

How to remove Win32/Kryptik.AXFD?

Win32/Kryptik.AXFD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment