Malware

Win32/Kryptik.CNCB removal instruction

Malware Removal

The Win32/Kryptik.CNCB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.CNCB virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Portuguese (Brazil)
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Win32/Kryptik.CNCB?



File Info:

name: 6B1803FCB488769FD275.mlw
path: /opt/CAPEv2/storage/binaries/02a375200007c1658c613d0f399586b160ee601519fb124679e51191e013eabf
crc32: AF3267CB
md5: 6b1803fcb488769fd2758afeee48ea95
sha1: 091cb81776b5964708728c35e604ff1ed811f8cc
sha256: 02a375200007c1658c613d0f399586b160ee601519fb124679e51191e013eabf
sha512: 7681675403c164efb6644984ebccee57b0f076cd6e4d33c690778d34c2794f86ebe54e223ccc970ea885f2a602764cf3b1da164c409183ed49752e168f6f2b62
ssdeep: 192:TpHkSRkLSdUw0aniGrBGSZyW+FHi9VLSJ1imROQOKBQqk6674AfWfdoEFpoo+GPS:TNButwXoJSLS7b4Kd67PWfzF/35I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T108B2B7E452CEED99FD4A193D4A35A207857AFD765F2902DFAD90781E0C336C3A132A43
sha3_384: 03c834caea72ce9468ce2826bd85fe71afc4976b0d3d48f80e079162534bdac304ef3ccf4ab163e0cd7e21d441bf0067
ep_bytes: b9ff00ff0051e8d0f9ffffe960e3ffff
timestamp: 2087-10-16 02:11:06


Version Info:

CompanyName: KING
Copy: No
FileDescription: KING Corporation
FileVersion: Version 70.163
InternalName: KING
LegalCopyright: Copyright by KING Corporation
OriginalFilename: KING
Translation: 0x0416 0x04e2

Win32/Kryptik.CNCB also known as:

BkavW32.FamVT.GeND.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Upatre.Gen.3
CAT-QuickHealTrojanDwnldr.Upatre.AA4
ALYacTrojan.Upatre.Gen.3
CylanceUnsafe
VIPRETrojan.Upatre.Gen.3
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan-Downloader.Waski.a
VirITTrojan.Win32.Generic.CZS
CyrenW32/Trojan.YBNJ-9394
SymantecDownloader.Upatre!gen5
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.CNCB
APEXMalicious
ClamAVWin.Trojan.Downloader-66467
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Upatre.Gen.3
NANO-AntivirusTrojan.Win32.Upatre.djbjoc
AvastWin32:Agent-AULS [Trj]
TencentMalware.Win32.Gencirc.10b5730f
Ad-AwareTrojan.Upatre.Gen.3
EmsisoftTrojan.Upatre.Gen.3 (B)
DrWebTrojan.Upatre.3499
ZillyaTrojan.Kryptik.Win32.776932
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.Downloader.mm
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.6b1803fcb488769f
SophosML/PE-A + Mal/Zbot-QL
IkarusTrojan-Downloader.Win32.Upatre
GDataWin32.Trojan.PSE1.R5PYO1
JiangminTrojan/Generic.bjggo
AviraHEUR/AGEN.1233315
Antiy-AVLTrojan/Generic.ASMalwS.3CF7
ArcabitTrojan.Upatre.Gen.3
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/PWSZbot.GSB!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ZBot.R121305
McAfeeDownloader-FSH
MAXmalware (ai score=80)
VBA32BScope.Trojan.Upatre
MalwarebytesMalware.AI.2751275052
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingTrojan.Generic@AI.93 (RDML:LeTazs1minJTbsaXF2n7Pg)
YandexTrojan.Kryptik!NKXQC88HeL0
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Waski.A!tr
BitDefenderThetaGen:NN.ZexaF.34806.bq1@a8ldsSgG
AVGWin32:Agent-AULS [Trj]
Cybereasonmalicious.cb4887
PandaTrj/Genetic.gen

How to remove Win32/Kryptik.CNCB?

Win32/Kryptik.CNCB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment