Malware

About “Win32/Kryptik.BQGE” infection

Malware Removal

The Win32/Kryptik.BQGE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.BQGE virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Creates a copy of itself

How to determine Win32/Kryptik.BQGE?


File Info:

name: 9DE36C42C283B078D7D8.mlw
path: /opt/CAPEv2/storage/binaries/cff5be1d64de544b5717d4bf7b6dc97d0164dc2f32c40aba1e01185e40b6d68f
crc32: 45E769E9
md5: 9de36c42c283b078d7d8690188e9c38d
sha1: 0972550d2792e1d9a09115058e9e59289014137e
sha256: cff5be1d64de544b5717d4bf7b6dc97d0164dc2f32c40aba1e01185e40b6d68f
sha512: 89e005ff699a37ecf8280ddccd680632b81079aeabdf962648d7c9054a3bfb83949e09f620271069e32e9a890afc528db5153d10855485e4e5415d010140a898
ssdeep: 1536:Hr156a9MSEktad8ufZUCm2pzkxQGXAjWBIj5ACeAGZaqooxhQAusPW:Hr2a6otA8ufZ42W1AC9CIxo2hQAS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA93E1807252D566F6A6DF312803CCA3754127F9CFD57FA1A0A851507F704EA28EAA27
sha3_384: df2d43e92f5eb127ead212051c82fb98110dc71eb21a618d34660d6b447b7f6763917163723b38ed383bf42e2dfe005b
ep_bytes: 558bec6aff683c13410068822b400064
timestamp: 2008-11-17 06:47:38

Version Info:

Comments:
CompanyName: Trend Micro Inc.
FileDescription: Trend Micro AntiVirus Plus AntiSpyware
FileVersion: 17.50.0.1366
InternalName: 7zsfx.exe
LegalCopyright: Copyright (C) 1995-2012 Trend Micro Incorporated. All rights reserved.
LegalTrademarks: Copyright (C) Trend Micro Inc.
OriginalFilename: 7zsfx.exe
PrivateBuild: Build 1366 - 7/29/2009
ProductName: Trend Micro Internet Security
ProductVersion: 17.50
SpecialBuild: 1366
Translation: 0x0409 0x04e4

Win32/Kryptik.BQGE also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Zbot.34
FireEyeGeneric.mg.9de36c42c283b078
CAT-QuickHealTrojan.Rimecud.U
ALYacGen:Variant.Zbot.34
MalwarebytesMalware.Heuristic.1001
ZillyaTrojan.Kryptik.Win32.365838
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 700000161 )
BitDefenderGen:Variant.Zbot.34
K7GWTrojan ( 700000161 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.34582.fq0@aK5SAAfi
CyrenW32/Rimecud.Y.gen!Eldorado
SymantecW32.Pilleuz!gen36
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BQGE
TrendMicro-HouseCallTROJ_RIMECUD.SMX
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Autoruner1.bgajvn
RisingTrojan.Generic@AI.87 (RDML:d/RltKo5eE6PhTyy2bb4hQ)
Ad-AwareGen:Variant.Zbot.34
SophosML/PE-A + Troj/Rimecud-DD
ComodoTrojWare.Win32.Kryptik.AOFK@4s5sq6
DrWebWin32.HLLW.Autoruner1.14825
VIPREGen:Variant.Zbot.34
TrendMicroTROJ_RIMECUD.SMX
McAfee-GW-EditionW32/Rimecud.gen.dp
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Zbot.34 (B)
APEXMalicious
JiangminPack.Mal.AntiVM
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.24D
MicrosoftTrojan:Win32/Rimecud.A
SUPERAntiSpywareTrojan.Agent/Gen-Rimecud
GDataGen:Variant.Zbot.34
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Inject.R43586
McAfeeW32/Rimecud.gen.dp
VBA32Malware-Cryptor.Grygoryi.3
CylanceUnsafe
PandaTrj/Genetic.gen
TencentWin32.Trojan.Rimecud.chup
YandexTrojan.Kryptik!tTZyMpxril4
IkarusTrojan.Win32.Rimecud
FortinetW32/Kryptik.EQMA!tr
AVGWin32:Malware-gen
Cybereasonmalicious.2c283b
AvastWin32:Malware-gen

How to remove Win32/Kryptik.BQGE?

Win32/Kryptik.BQGE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment