Categories: Malware

About “Win32/Kryptik.CTUB” infection

The Win32/Kryptik.CTUB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.CTUB virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Arabic
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/Kryptik.CTUB?


File Info:
name: 012566768B75BEBEA8E9.mlwpath: /opt/CAPEv2/storage/binaries/1a19be8ae2b5f15517a6eeb455dd0f62e01cb216db12e32e5916305b37af348dcrc32: 2FFB2EC6md5: 012566768b75bebea8e9f9911e8e1d08sha1: 77c14f4eaa471a00d6e3635dc640b0c4e7b2ef0csha256: 1a19be8ae2b5f15517a6eeb455dd0f62e01cb216db12e32e5916305b37af348dsha512: 1f50979de07f8028c045b5c88755934e1fa1427e778cd127162eef0d12eac68a6f6797c6b48f68f87001235b609eecdc5801aa41e65b2f710740d2aedd99ac22ssdeep: 6144:fC9yyk0u1sLS1BCr4nPilnL+Lqp8hBhmk30p0bSHiF9sYVB+uSDMquR56kscj914:IBZgkL++Xk3TfT+uNFnDiZUdG/t4sDtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T176B4F153E787CFA2D3B524B5018B2B294B346AC452952D0353ECD8AA76D77B2304F7ACsha3_384: 6dda8fd2b884ac75d2af0101d0e4940602ace192c5f7904690a37002a6c1171c655dfa576625af546f86856d37213868ep_bytes: 558bec81eca0010000b8c00000008985timestamp: 2010-02-11 01:45:03
Version Info:
ProductVersion: 13.29.12559.17888OriginalFilename: lbaess.exeCompanyName: Emnsaem CorporatuFileDescription: Emnsaem Visatl Studie 2020FileVersion: 13.29.12559.17888InternalName: laess.exeTranslation: 0x0409 0x04b0

Win32/Kryptik.CTUB also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO
ClamAV	Win.Trojan.Agent-1329235
FireEye	Generic.mg.012566768b75bebe
CAT-QuickHeal	TrojanSpy.Zbot.MUE.A6
McAfee	Trojan-FFFI!012566768B75
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO
Sangfor	Trojan.Win32.Kryptik.CTUB
K7AntiVirus	Spyware ( 0040f9df1 )
K7GW	Spyware ( 0040f9df1 )
Cybereason	malicious.68b75b
Baidu	Win32.Adware.Kryptik.d
VirIT	Trojan.Win32.Panda.LKX
Cyren	W32/Zbot.VQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.CTUB
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO
NANO-Antivirus	Trojan.Win32.Panda.dlixko
Avast	Win32:Agent-AUYE [Trj]
Tencent	Malware.Win32.Gencirc.10c73d7c
Ad-Aware	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO
Emsisoft	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO (B)
Comodo	TrojWare.Win32.PWS.Zbot.CGI@5j78ox
DrWeb	Trojan.PWS.Panda.7719
Zillya	Trojan.Zbot.Win32.172020
TrendMicro	TSPY_ZBOT.SMAC
McAfee-GW-Edition	Trojan-FFFI!012566768B75
Sophos	ML/PE-A + Mal/Zbot-TA
SentinelOne	Static AI – Malicious PE
GData	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO
Jiangmin	Trojan/Generic.azska
Avira	TR/Dropper.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.3303
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Microsoft	PWS:Win32/Zbot
Google	Detected
AhnLab-V3	Malware/Win32.Generic.C680444
BitDefenderTheta	AI:Packer.A547411F20
ALYac	Gen:Trojan.Heur2.FU.Fu1@au0R5WEO
Malwarebytes	Trojan.Zemot
TrendMicro-HouseCall	TSPY_ZBOT.SMAC
Rising	Malware.Undefined!8.C (TFE:3:4k6i2NBuFCM)
Yandex	Trojan.GenAsa!nkxEnkBRnhc
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.DSCV!tr
AVG	Win32:Agent-AUYE [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (D)