Malware

About “Win32/Kryptik.BEOG” infection

Malware Removal

The Win32/Kryptik.BEOG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.BEOG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (23 unique times)
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Kelihos malware
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Installs WinPCAP

How to determine Win32/Kryptik.BEOG?


File Info:

name: 9D4958C6D4B13758EC7D.mlw
path: /opt/CAPEv2/storage/binaries/04d32a4fa9ddede4124fd5e1e53bf94f14ec32b76a9c1c862556b086265a8c95
crc32: BB15F8FE
md5: 9d4958c6d4b13758ec7d20a621cf614c
sha1: 096a5a0f2848a0f090179d84b25cf0aebc516874
sha256: 04d32a4fa9ddede4124fd5e1e53bf94f14ec32b76a9c1c862556b086265a8c95
sha512: bf044feae80fbd43807d834fbd11b87c04e4e9730efdf93f5f9622b05ed8a10e608cd59fe3bcde73066308e85ba74ae3b6e2a7951e9f3f3f3437ad9e209098c9
ssdeep: 24576:i/dhzMbCLKTFRKGVlr5xw/j5jIR+gP81nI:iHgbmOIGrr5G5jIR+8SI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BC0523AEAFA1BEA0EDAC203C1C93EF75554BAEADC5D8211C33D0F524DE44C34692519E
sha3_384: 2539aaa657a27c30992e46e501fae04472b12bba4fafef9e4315607c18c635d343f1e1c847d872039fbfa0203cf8bb05
ep_bytes: 33f68b35602040006800204b00ff1528
timestamp: 2004-03-24 17:22:11

Version Info:

0: [No Data]

Win32/Kryptik.BEOG also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.VIZ.Gen.1
FireEyeGeneric.mg.9d4958c6d4b13758
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacTrojan.VIZ.Gen.1
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f4e21 )
K7GWTrojan ( 0040f4e21 )
Cybereasonmalicious.6d4b13
CyrenW32/FakeAlert.ZO.gen!Eldorado
SymantecPacked.Generic.432
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BEOG
APEXMalicious
ClamAVWin.Trojan.Tepfer-61
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.VIZ.Gen.1
NANO-AntivirusTrojan.Win32.Kryptik.bvylhv
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:MalOb-IJ [Cryp]
Ad-AwareTrojan.VIZ.Gen.1
EmsisoftTrojan.VIZ.Gen.1 (B)
ComodoTrojWare.Win32.Kryptik.BOGE@4z0of6
DrWebTrojan.Packed.196
VIPRETrojan.VIZ.Gen.1
TrendMicroTROJ_HPKELIHOS.SM
McAfee-GW-EditionBehavesLike.Win32.Packed.bc
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Agent-ACJB
IkarusTrojan.Win32.FakeAlert
GDataTrojan.VIZ.Gen.1
WebrootW32.Rogue.Gen
AviraBDS/Kelihos.8053769
Antiy-AVLTrojan/Win32.AGeneric
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ArcabitTrojan.VIZ.Gen.1
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:Win32/Kelihos.F
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Ransom.R71980
McAfeePWS-Zbot
MAXmalware (ai score=86)
VBA32Malware-Cryptor.Hlux
MalwarebytesTrojan.MalPack.Generic
TrendMicro-HouseCallTROJ_HPKELIHOS.SM
RisingTrojan.Agent!1.6A31 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.BDPK!tr
BitDefenderThetaGen:NN.ZexaF.34582.XyW@a0Ij!kbi
AVGWin32:MalOb-IJ [Cryp]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Kryptik.BEOG?

Win32/Kryptik.BEOG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment