Malware

About “Win32/Kryptik.CHPC” infection

Malware Removal

The Win32/Kryptik.CHPC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.CHPC virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 0.0.0.0:28599, :0, 127.0.0.1:11266
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates Zeus (Banking Trojan) mutexes
  • Zeus P2P (Banking Trojan)
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

pixiv.ru

How to determine Win32/Kryptik.CHPC?



File Info:

crc32: 21250C81
md5: 8b7e7d909467c47e809729e71f1717f2
name: 8B7E7D909467C47E809729E71F1717F2.mlw
sha1: 02f151a3dbbf1d526024062e174ad78c92523c62
sha256: 3969d1aa47523102d27a71aa091d9b8f6502f5d1321a91a816f06729f27b2051
sha512: f6121c13bda34a76bce2e2f8eff69382f1e935b4560096aaf33628d459933906d55536152962183a66912ad018045b8b59c4072b2bdc4ffc627d89c13b10d771
ssdeep: 6144:MnNAL1fA8afzqf+suAHTqtlhLunVlL+JhGoCfvYwmFc2QyCakvT8R:68QGxtHTU6nrYGlfvYwgcR+R
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Win32/Kryptik.CHPC also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0049dc2b1 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.2977
CynetMalicious (score: 99)
ALYacTrojan.Ransom.Cerber.1
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.161559
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 0049dc2b1 )
Cybereasonmalicious.09467c
SymantecPacked.Generic.530
ESET-NOD32a variant of Win32/Kryptik.CHPC
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ransom.Cerber.1
NANO-AntivirusTrojan.Win32.Zbot.dckhyt
MicroWorld-eScanTrojan.Ransom.Cerber.1
TencentMalware.Win32.Gencirc.114b138c
Ad-AwareTrojan.Ransom.Cerber.1
SophosMal/Generic-S + Troj/Hancitor-M
ComodoMalware@#2zshsf4tzi7ph
BitDefenderThetaAI:Packer.4ED3C8D021
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_FORUCON.BME
McAfee-GW-EditionPWSZbot-FABA!8B7E7D909467
FireEyeGeneric.mg.8b7e7d909467c47e
EmsisoftTrojan.Ransom.Cerber.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.bijut
WebrootTrojan.Dropper.Gen
AviraHEUR/AGEN.1124970
Antiy-AVLTrojan/Generic.ASMalwS.B06BE2
KingsoftWin32.Troj.Zbot.to.(kcloud)
MicrosoftPWS:Win32/Zbot
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Ransom.Cerber.1
AhnLab-V3Dropper/Win32.Necurs.C436007
McAfeePWSZbot-FABA!8B7E7D909467
MAXmalware (ai score=80)
VBA32BScope.TrojanPSW.Panda
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_FORUCON.BME
RisingTrojan.Generic@ML.96 (RDML:hjc4P/FK/0pT4+UHgOLKTg)
YandexTrojanSpy.Zbot!6A15mdl7mhc
IkarusTrojan-Spy.Win32.Zbot
FortinetW32/Generic.AC.397625!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Cerber.HxQBEpsA

How to remove Win32/Kryptik.CHPC?

Win32/Kryptik.CHPC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment