Categories: Malware

Win32/Kryptik.BAAR information

The Win32/Kryptik.BAAR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.BAAR virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial binary language: Russian
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the embedded win api malware family
Collects information to fingerprint the system
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Kryptik.BAAR?


File Info:
name: 7EBAE7F9E7D077285433.mlwpath: /opt/CAPEv2/storage/binaries/3bf8978f2b731107a596bf90ef684aba8058235640a6f6a2490cc76f7961dae4crc32: 75D5D95Amd5: 7ebae7f9e7d077285433407b4ef3b140sha1: acbcee1ab01d16015472e853bc1aa4a7ea4a9769sha256: 3bf8978f2b731107a596bf90ef684aba8058235640a6f6a2490cc76f7961dae4sha512: 1976693065d305d92e4b584a32fcaac098f1c3cdd11a929f9ae40d231fc50dd77d0aea088dcc18e26259b284278dfea6a5270159ab700ab0bdf3f321fca293f6ssdeep: 6144:5lzoa7yNgAIQo8OLamr3RLyRnHhq92gkqnC2v7LA+Fq3PTzhV4:5tB7yNgD83m38E92TqC25sPPItype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16874CF8E804DA095C03A4DB045C4EEFC85FDA2B7EBAC27DD3BA9DD06F789B42116594Csha3_384: fd6508078ff3ee6480a01704041573a6df0447a810f23dd10c5e6e97b14600db1e66511d37b27c0ae10b3dadd2511435ep_bytes: 558bec83ec508d45b050ff1534d04200timestamp: 2013-05-02 17:02:26
Version Info:
CompanyName: Корпорация  МайкрософтFileDescription: Редактор личных символовTranslation: 0x0419 0x04b0

Win32/Kryptik.BAAR also known as:

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.Lethic.Gen.11
FireEye	Generic.mg.7ebae7f9e7d07728
CAT-QuickHeal	Trojan.Mauvaise.SL1
Skyhigh	BehavesLike.Win32.Dropper.fc
McAfee	Dropper-FFI!7EBAE7F9E7D0
Malwarebytes	Gepys.Trojan.Dropper.DDS
VIPRE	Trojan.Lethic.Gen.11
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.9e7d07
BitDefenderTheta	Gen:NN.ZexaF.36802.wu3@a0ZWc5pc
VirIT	Trojan.Win32.Mods.AE
Symantec	Packed.Generic.459
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.BAAR
APEX	Malicious
Avast	Win32:Dropper-MRI [Drp]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Lethic.Gen.11
Sophos	Troj/Gepys-C
Baidu	Win32.Trojan.Agent.eq
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Mods.1
Zillya	Trojan.Kryptik.Win32.4659382
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.Lethic.Gen.11 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.bpved
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Dropper]/Win32.Gepys
Kingsoft	malware.kb.a.1000
Microsoft	TrojanDropper:Win32/Gepys!pz
Xcitium	TrojWare.Win32.Agent.rho@4x457v
Arcabit	Trojan.Lethic.Gen.11
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win32.Trojan.PSE1.V68JXL
Varist	W32/Agent.AZV.gen!Eldorado
AhnLab-V3	Trojan/Win32.Zbot.R64039
Acronis	suspicious
VBA32	Trojan.ShipUp
ALYac	Trojan.Lethic.Gen.11
Cylance	unsafe
Panda	Generic Suspicious
TrendMicro-HouseCall	TROJ_AGENT_055399.TOMB
Rising	Dropper.Gepys!1.AEB3 (CLASSIC)
Yandex	Trojan.GenAsa!lLUyx8f5sz0
Ikarus	Trojan-Dropper.Win32.Gepys
Fortinet	W32/Zbot.FG!tr
AVG	Win32:Dropper-MRI [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan[dropper]:Multi/Gepys