Malware

Win32/Kryptik.BXRP removal guide

Malware Removal

The Win32/Kryptik.BXRP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.BXRP virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Kryptik.BXRP?



File Info:

name: 264EB2F5AF85916661A3.mlw
path: /opt/CAPEv2/storage/binaries/c317c5d93f907689b4c4c43d87cefc5f74aae8c15278769011f2602a30737ce1
crc32: 13343E72
md5: 264eb2f5af85916661a37a8cdbfa8990
sha1: 0c18b1486efc8ca0c35f52d167305e84d2eb48a7
sha256: c317c5d93f907689b4c4c43d87cefc5f74aae8c15278769011f2602a30737ce1
sha512: 032ac3184da7c62039068fbc6f5b1b3a0d82d81ca48fec0c2634d07441cd645db91cf177feaa7a18bf2ae2b69f7f3096bb22e52f6a494604bd7da769e44ffa91
ssdeep: 192:zk6Jk5pIBSRE5zexo/tV/eXiYQShfQX8tHgrVtnXzfm/+JjnBpIBSRbtRX+8v+Wd:IkSG/3RX8tHEnD+ADv+W5kChwWeg1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19DC309E7E3A719F2E0AA46F50CF7693F0050A31CEC569E4845FAF2368E23E550C5E612
sha3_384: dba0c59da308a4530dd66a165b755d00c4852e21364675b5f701792509a980a4108a96d075d713301b75fc12fc14578e
ep_bytes: 5383c4bc54ff15102040008b742404ff
timestamp: 2011-11-26 16:47:00


Version Info:

0: [No Data]

Win32/Kryptik.BXRP also known as:

BkavW32.AIDetectMalware
AVGWin32:Agent-AUID [Trj]
Elasticmalicious (moderate confidence)
DrWebTrojan.DownLoad3.28161
MicroWorld-eScanGen:Variant.Barys.431079
FireEyeGeneric.mg.264eb2f5af859166
SkyhighBehavesLike.Win32.PolyPatch.cz
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Barys.431079
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
K7GWTrojan ( 004bcce41 )
BitDefenderThetaGen:NN.ZexaF.36804.hmX@aC2XO0oi
SymantecSMG.Heur!gen
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.BXRP
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:Agent-AUID [Trj]
KasperskyHEUR:Trojan-Downloader.Win32.Upatre.pef
BitDefenderGen:Variant.Barys.431079
NANO-AntivirusTrojan.Win32.DownLoad3.cvpgeh
RisingDownloader.Upatre!8.B5 (TFE:2:sCCVXQUhq2B)
EmsisoftGen:Variant.Barys.431079 (B)
F-SecureTrojan.TR/Crypt.ULPM.Gen
BaiduWin32.Trojan-Downloader.Waski.a
ZillyaDownloader.Upatre.Win32.80421
TrendMicroTROJ_UPATRE.SM37
Trapminemalicious.high.ml.score
SophosMal/Upatre-A
IkarusTrojan-Downloader.Win32.Upatre
JiangminTrojan/Generic.bahce
WebrootW32.Trojan.Gen
VaristW32/Upatre.RQ.gen!Eldorado
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Win32.Dorv
Kingsoftmalware.kb.b.999
MicrosoftTrojanDownloader:Win32/Upatre.AA
XcitiumTrojWare.Win32.Bublik.CEZE@595kvx
ArcabitTrojan.Barys.D693E7
ZoneAlarmHEUR:Trojan-Downloader.Win32.Upatre.pef
GDataGen:Variant.Barys.431079
GoogleDetected
AhnLab-V3Trojan/Win.Upatre.C5601807
Acronissuspicious
VBA32TrojanDownloader.Upatre
ALYacGen:Variant.Barys.431079
Cylanceunsafe
TrendMicro-HouseCallTROJ_UPATRE.SM37
TencentTrojan.Win32.Kryptik.kcd
YandexTrojan.GenAsa!oXb1ye2az2E
MAXmalware (ai score=87)
MaxSecureTrojan.Upatre.Gen
FortinetW32/Upatre.BH!tr
ZonerTrojan.Win32.21706
DeepInstinctMALICIOUS

How to remove Win32/Kryptik.BXRP?

Win32/Kryptik.BXRP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment