Win32/Kryptik.EEVG malicious file

The Win32/Kryptik.EEVG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.EEVG virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Compression (or decompression)
Creates RWX memory
Performs some HTTP requests
Looks up the external IP address
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Behavior consistent with a dropper attempting to download the next stage.
Exhibits behavior characteristic of Upatre downloader
Attempts to modify proxy settings
Mimics icon used for popular non-executable file format
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

icanhazip.com

How to determine Win32/Kryptik.EEVG?


File Info:
crc32: DDE6DE1A
md5: 164be333c6d0d8c10c85eef63b10d91f
name: 164BE333C6D0D8C10C85EEF63B10D91F.mlw
sha1: e1210e10e9e473610a5cc116af33b1a69dfbbb31
sha256: f8f3a30630d7be83242535bd984e18aaf3a87de15bc6b3a866861373b445690f
sha512: 6b4c4926184a134a6f03a831c4fb13777effe208e3b117591b3c1828696d73f5dda8d7381db72e252937d2ce4c6c1adc054eac3c2c22b1b9d648ae6922aa3d90
ssdeep: 384:sxVbjozjGL59XsOX8qVEGQyQ/HaPQK9u8erXmcFAfBcpHUOK41024J+dYxpmBHo:4VI+LfrsFtGMXXmBqhF0DsgpmF3u/f
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Kryptik.EEVG also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Upatre.Gen.1
FireEye	Generic.mg.164be333c6d0d8c1
McAfee	Downloader-FAHF!164BE333C6D0
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0055dd191 )
BitDefender	Trojan.Upatre.Gen.1
K7GW	Trojan ( 0055dd191 )
Cybereason	malicious.3c6d0d
BitDefenderTheta	Gen:NN.ZexaF.34804.bCX@amathxfi
Cyren	W32/Upatre.GF.gen!Eldorado
Symantec	Downloader.Upatre!g18
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.MlwGen.dysysh
Rising	Trojan.Win32.Kryptik.an (CLOUD)
Ad-Aware	Trojan.Upatre.Gen.1
Sophos	ML/PE-A + Troj/Upatre-WK
Comodo	TrojWare.Win32.TrojanDownloader.Upatre.PUD@65ocu5
F-Secure	Trojan.TR/Dropper.Gen
Baidu	Win32.Trojan.Kryptik.rl
TrendMicro	TROJ_UPATRE.SMDJM
McAfee-GW-Edition	BehavesLike.Win32.Worm.mh
Emsisoft	Trojan.Upatre.Gen.1 (B)
Ikarus	Trojan.Kryptik
Jiangmin	Trojan.Generic.fkzp
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	TrojanDownloader:Win32/Upatre!rfn
Arcabit	Trojan.Upatre.Gen.1
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Upatre.Gen.1
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Downloader.R168295
Acronis	suspicious
VBA32	BScope.Trojan.Dynamer
ALYac	Trojan.Upatre.Gen.1
MAX	malware (ai score=100)
Malwarebytes	Malware.Heuristic.1001
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Kryptik.EEVG
TrendMicro-HouseCall	TROJ_UPATRE.SMDJM
Tencent	Win32.Trojan.Crypt.Dwtn
Yandex	Trojan.Kryptik!2k7HGkiBqRg
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Kryptik.EEVG!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM19.1.Malware.Gen

How to remove Win32/Kryptik.EEVG?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.EEVG malicious file