Malware

Win32/Kryptik.BWAI removal guide

Malware Removal

The Win32/Kryptik.BWAI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.BWAI virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine Win32/Kryptik.BWAI?


File Info:

name: 115A63DFC64711F362AA.mlw
path: /opt/CAPEv2/storage/binaries/627a362c4628b8222b6feff32e007eeb12940d2acea456335f31f19babc04439
crc32: CE2527F8
md5: 115a63dfc64711f362aadb7782b4db6b
sha1: 096d88caf896b427a7d8abeef1ff1c90ae96aabb
sha256: 627a362c4628b8222b6feff32e007eeb12940d2acea456335f31f19babc04439
sha512: b35e77e45506ba456d07be475064d56a5ebfe3ecbb4a55d0a4a15e60a3ee32774141c688f8cab8296377946d2ad8e3eae7506514df47525c42e2359e73f459bb
ssdeep: 1536:uW4WiqXhphnBlLQYEY2ngwhfhe2cJUu4YB14KIymj/WAv83EcyEgOs4gPN:uW4WfP7lLQYENlfvKywTOvcwPN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1F31B07F9B3B270CAC4C4B1F149A1B609175D0926011863776C7E463FAE96AFBAEF50
sha3_384: 4b5fbb0548f57092f44ee0ba8a74018fec8a6bdd041aa10d4741d551514b4a98beed8f921a869432428bfb6b5c8f8f27
ep_bytes: 5589e583ec18c7042402000000ff1554
timestamp: 2013-06-11 08:57:38

Version Info:

0: [No Data]

Win32/Kryptik.BWAI also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Application.LoadMoney.1
CAT-QuickHealPUA.LLCMail.DC7
ALYacGen:Application.LoadMoney.1
CylanceUnsafe
VIPREGen:Application.LoadMoney.1
SangforPUP.Win32.LoadMoney.1
CrowdStrikewin/malicious_confidence_90% (W)
K7GWTrojan ( 0049ebb61 )
K7AntiVirusTrojan ( 0040f53f1 )
BaiduWin32.Trojan.Kryptik.dl
VirITTrojan.Win32.Cryptor.ND
CyrenW32/LoadMoney.B.gen!Eldorado
SymantecSecurityRisk.gen1
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BWAI
APEXMalicious
ClamAVWin.Malware.Loadmoney-6795240-0
Kasperskynot-a-virus:AdWare.Win32.LMN.apm
BitDefenderGen:Application.LoadMoney.1
NANO-AntivirusTrojan.Win32.LMN.dnqtsx
SUPERAntiSpywareTrojan.Agent/Gen-Cryptor
AvastWin32:LoadMoney-ATG [Adw]
Ad-AwareGen:Application.LoadMoney.1
SophosTroj/LdMon-A
ComodoTrojWare.Win32.Kryptik.BWTO@598f3v
F-SecurePotentialRisk.PUA/LoadMoney.qoib
DrWebTrojan.LoadMoney.1
ZillyaDownloader.LMNGen.Win32.8
McAfee-GW-EditionPWS-Zbot-FBDD!115A63DFC647
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.115a63dfc64711f3
EmsisoftGen:Application.LoadMoney.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Application.LoadMoney.1
JiangminTrojan/Generic.atwqf
WebrootW32.Rogue.Gen
AviraPUA/LoadMoney.qoib
Antiy-AVLRiskWare[Downloader]/Win32.LMN.gen
ArcabitApplication.LoadMoney.1
ZoneAlarmnot-a-virus:AdWare.Win32.LMN.apm
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.C170541
McAfeePWS-Zbot-FBDD!115A63DFC647
MAXmalware (ai score=75)
VBA32BScope.Downloader.LMN
MalwarebytesPUP.Optional.LoadMoney
RisingTrojan.Agent!1.6956 (CLASSIC)
YandexTrojan.GenAsa!HyGEJZrzJjc
IkarusTrojan.Win32.Dorv
MaxSecurenot-a-virus:Downloader.LMN.a
FortinetW32/Generic.AC.6F6F!tr
AVGWin32:LoadMoney-ATG [Adw]
Cybereasonmalicious.fc6471

How to remove Win32/Kryptik.BWAI?

Win32/Kryptik.BWAI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment