Malware

Win32/Kryptik.CKFL information

Malware Removal

The Win32/Kryptik.CKFL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.CKFL virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Kryptik.CKFL?



File Info:

name: 1AEA39E3A9AEDCA7A2FE.mlw
path: /opt/CAPEv2/storage/binaries/3ac64b1cdbcd058c573e7f491e6c3377a6c1f0cf8c47866bf8882cde9561f9e9
crc32: 4F02629A
md5: 1aea39e3a9aedca7a2fea54441aa549c
sha1: 96139cd42eb41c8b30aa48d5499a210b81c46054
sha256: 3ac64b1cdbcd058c573e7f491e6c3377a6c1f0cf8c47866bf8882cde9561f9e9
sha512: 6f610a6d1203df9e196e43cce818cd1bfa9a4daac94b6953f00dea2c9a39d7ac060ecf23dd9ccf0f2ebc95c28efde88e35fc7b86df40cd0cf1588f1208427f05
ssdeep: 192:nTU9gtcVUz0wgJMGNT5NzNknCNbbWDpc1Wdto9KZjzqI/VENZgCBpa:AVk0wrG7NRkWbKU8to9KJzqI2NZTi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T169C2D56F16A135FED12E4F7504A283B1D620AF293E05458A7D4DF10E74BFE827EA070A
sha3_384: fa65ae661ebc91ff90aa97c41ca4737c7a676d8826ce5f4aa7f50fcaabb1d633f16cf0d0b6022e7ed8b1f57e41260d0d
ep_bytes: 53b8ffff0010e8a2f9ffff5bc3ccff25
timestamp: 1995-08-29 04:02:04


Version Info:

FileDescription: JuJu
FileVersion: 2.1.2.11
LegalCopyright: Copyright 2009-2013 all authors
OriginalFilename: JuJu.exe
ProductName: JuJu
ProductVersion: 2.1.2.11
CompanyName: JuJu corporation
Translation: 0x0411 0x04b2

Win32/Kryptik.CKFL also known as:

BkavW32.FamVT.GeND.Trojan
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.1aea39e3a9aedca7
SkyhighBehavesLike.Win32.Downloader.mm
ALYacTrojan.Ppatre.Gen.1
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Cryptodef.Win32.2990
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 004a8f1e1 )
K7GWTrojan ( 004a8f1e1 )
BaiduWin32.Trojan-Downloader.Waski.a
VirITTrojan.Win32.Generic.AW
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.CKFL
APEXMalicious
TrendMicro-HouseCallTROJ_UPATRE.SM37
ClamAVWin.Packed.Upatre-9952430-0
KasperskyTrojan-Downloader.Win32.Upatre.edv
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.Cryptodef.demivm
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.10bfc111
SophosMal/Zbot-QL
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoader11.30467
VIPRETrojan.Ppatre.Gen.1
TrendMicroTROJ_UPATRE.SM37
Trapminemalicious.high.ml.score
EmsisoftTrojan.Ppatre.Gen.1 (B)
IkarusTrojan.Win32.Bublik
JiangminTrojan/Cryptodef.ax
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Crypt.XPACK.Gen
VaristW32/Waski.T.gen!Eldorado
Antiy-AVLTrojan[Downloader]/Win32.Upatre
XcitiumTrojWare.Win32.TrojanDownloader.Waski.DA@5iyglc
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmTrojan-Downloader.Win32.Upatre.edv
CynetMalicious (score: 100)
AhnLab-V3Downloader/Win.Upatre.C5601519
Acronissuspicious
McAfeeDownloader-FSH!1AEA39E3A9AE
MAXmalware (ai score=88)
VBA32TrojanDownloader.Upatre
Cylanceunsafe
PandaTrj/Genetic.gen
RisingDownloader.Waski!8.184 (TFE:5:7tpvb6UfNTT)
YandexTrojan.DL.Upatre!cW1AiAwScKE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.A!tr.dldr
BitDefenderThetaAI:Packer.44A6E8B61F
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Win32/Kryptik.CKFL?

Win32/Kryptik.CKFL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment