Malware

Win32/Kryptik.CMHS removal tips

Malware Removal

The Win32/Kryptik.CMHS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.CMHS virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial binary language: Portuguese (Brazil)
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Win32/Kryptik.CMHS?



File Info:

name: 1F5AB78F2A2F11D2D4CC.mlw
path: /opt/CAPEv2/storage/binaries/0085b08e2810c1b43c31c3b26968b022978a816464bd36f6a5475657cb4eca24
crc32: 7AB49C8D
md5: 1f5ab78f2a2f11d2d4cc2a7c9d430123
sha1: 04cb8fa085b6dbbab93c399a9dc5713e6ab751a6
sha256: 0085b08e2810c1b43c31c3b26968b022978a816464bd36f6a5475657cb4eca24
sha512: 9647df670cd59d507823dc4422191dc20bc26b1f280da95bd369acd127b6fd033d2ac6fabfd72a2d3d152c83920af84e9df8e6ae2a8dd155b465241823807726
ssdeep: 192:yuJ5vKe3A1u3X0Aaolso1Q/9TukoRxj/Qhw/9LtHwXJVRufVJ:yuJ5ie3Aw3Xflu/9akoLjJ9LtHwLRS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10BA273788BD60AB8F622CEB249B2865B7534BD117362079B4550BA714C33DF39F3E894
sha3_384: eff3735d6adac3ad64630eeaa6ee8a91403463873b5de4da97119f0f7b1185a60bb86022db12a63162effbffa6b9f195
ep_bytes: 55505050e827f2ffff5dc3ff6a8b6acc
timestamp: 2071-10-05 01:41:45


Version Info:

CompanyName: FASTER
FileDescription: FASTER company
FileVersion: Version 0.1.8
InternalName: FASTER
LegalCopyright: Copyright by FASTER Inc.
OriginalFilename: FASTER
Translation: 0x0416 0x04e4

Win32/Kryptik.CMHS also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.1f5ab78f2a2f11d2
CAT-QuickHealTrojanDwnldr.Upatre.AA4
ALYacTrojan.Ppatre.Gen.1
CylanceUnsafe
ZillyaDownloader.Upatre.Win32.54397
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.f2a2f1
BitDefenderThetaGen:NN.ZexaF.34114.bq1@aijOHMnO
VirITTrojan.Win32.Generic.DCC
CyrenW32/A-10a39d23!Eldorado
SymantecDownloader.Upatre!gen5
ESET-NOD32a variant of Win32/Kryptik.CMHS
APEXMalicious
ClamAVWin.Downloader.Upatre-5744092-0
KasperskyTrojan-Downloader.Win32.Upatre.elp
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.Kryptik.dgtmdt
AvastWin32:Agent-AULS [Trj]
TencentMalware.Win32.Gencirc.10b1adf6
Ad-AwareTrojan.Ppatre.Gen.1
EmsisoftTrojan.Ppatre.Gen.1 (B)
ComodoTrojWare.Win32.TrojanDownloader.Waski.EB@5j320p
BaiduWin32.Trojan-Downloader.Waski.a
VIPRELooksLike.Win32.Upatre.a (v)
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.mm
SophosML/PE-A + Troj/Agent-AJCY
GDataTrojan.Ppatre.Gen.1
JiangminTrojanDownloader.Upatre.gv
AviraTR/Crypt.ZPACK.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.C78D69
ArcabitTrojan.Ppatre.Gen.1
MicrosoftTrojan:Win32/PWSZbot.GSB!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Downloader.R120631
Acronissuspicious
McAfeeDownloader-FSH
MAXmalware (ai score=86)
VBA32TrojanDownloader.Upatre
MalwarebytesTrojan.Downloader
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingDownloader.Waski!1.A489 (RDMK:cmRtazqx9UB4beKIdrUHXyyJBOjI)
YandexTrojan.GenAsa!zbyKuNjPV4k
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.A!tr
AVGWin32:Agent-AULS [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Kryptik.CMHS?

Win32/Kryptik.CMHS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment