Malware

Win32/Kryptik.BNEA malicious file

Malware Removal

The Win32/Kryptik.BNEA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.BNEA virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Mimics icon used for popular non-executable file format
  • Anomalous binary characteristics

How to determine Win32/Kryptik.BNEA?



File Info:

name: 22FA088C17F0CD74BC93.mlw
path: /opt/CAPEv2/storage/binaries/2421a5d630a7fdf561fd966088d6b92222a0d16c91d300179d54c7af933de54f
crc32: 72374F16
md5: 22fa088c17f0cd74bc931db37c085d78
sha1: 7476e8f8810caba17c123443f8c99330e09c2544
sha256: 2421a5d630a7fdf561fd966088d6b92222a0d16c91d300179d54c7af933de54f
sha512: 84e338cedeed746a85a2d8c0f3a0f9cf18414d9bddd2f853ea9d293f70f5ec76894fc6bf203b6f533a218dd5a5346a1aba0e08b1aef300716680056dfe1c2a07
ssdeep: 384:OEsITcsPGRTAQkSx4IWR/lFYs3xMR5WYKZseH5I:OEsIZPGgSx4IWZHXBQFKVI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A10382B0F182AC71D446043936BEB88C881F1E017B5959EF7D89B22D42B53C171B9FAE
sha3_384: 4af2091b32ccdbe00a8a79188d17cb1bc87fa5e3c026814161071df749f99e39cc36acdd5c77db14741db01113dae89e
ep_bytes: 6a00ff1504309a00a300409a00e8cefe
timestamp: 2013-09-05 15:20:12


Version Info:

0: [No Data]

Win32/Kryptik.BNEA also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Trojan.Ipatre.1
FireEyeGeneric.mg.22fa088c17f0cd74
CAT-QuickHealTrojanDownloader.Upatre.A5
ALYacGen:Trojan.Ipatre.1
CylanceUnsafe
VIPREGen:Trojan.Ipatre.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0048cecc1 )
BitDefenderGen:Trojan.Ipatre.1
K7GWTrojan ( 0048cecc1 )
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderThetaGen:NN.ZexaF.34786.cuX@a40cYpfi
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BNEA
BaiduWin32.Trojan-Spy.Zbot.a
TrendMicro-HouseCallTROJ_UPATRE.SM37
KasperskyVHO:Trojan-Spy.Win32.SpyEyes.gen
APEXMalicious
RisingTrojan.DL.Win32.Upatre.agk (CLASSIC)
Ad-AwareGen:Trojan.Ipatre.1
SophosML/PE-A
ComodoTrojWare.Win32.Xpack.AL@52f59j
DrWebTrojan.DownLoad4.14925
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionDownloader-FRZ!22FA088C17F0
Trapminesuspicious.low.ml.score
EmsisoftGen:Trojan.Ipatre.1 (B)
IkarusTrojan.Crypt2
JiangminTrojanDownloader.Agent.ejzn
AviraHEUR/AGEN.1234175
Antiy-AVLTrojan/Generic.ASBOL.C6E4
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan-Downloader.Upatre.BJ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Bublik.C192078
McAfeeDownloader-FRZ
MAXmalware (ai score=89)
VBA32BScope.Malware-Cryptor.Ponik
MalwarebytesMalware.AI.1067209053
PandaGeneric Malware
YandexTrojan.GenAsa!jYTZBwHjums
SentinelOneStatic AI – Malicious PE
FortinetW32/Small.AABB!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.c17f0c
AvastWin32:Trojan-gen

How to remove Win32/Kryptik.BNEA?

Win32/Kryptik.BNEA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment