Categories: Malware

Win32/Kryptik.EGGR information

The Win32/Kryptik.EGGR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.EGGR virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
A process created a hidden window
Unconventionial language used in binary resources: Danish
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Attempts to stop active services
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Creates a copy of itself
Attempts to create or modify system certificates
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.EGGR?


File Info:
crc32: DE994256md5: 7066ccfb34a503e92b126d73a6bdbfc0name: 7066CCFB34A503E92B126D73A6BDBFC0.mlwsha1: b5230add42c358456f8aa5b46f32ab01963c76a0sha256: 05664cda58aa6857c513f189a6d25ba969212723fb5badb286a75ad7883fd9e1sha512: e23e5e24966eda8650f8fc994aca0522ddaba4d24232d16d8a2afadd970236019a50eb100f3e9e9cf38b1c1fac3497487fcbbe9479764749888fdd62e6641bcdssdeep: 6144:gUQcksnxq7pth5N1HxvDkrPSH+EN/ULJeWk:pdxQpth5vhDP+4UAWktype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Sonic Foundry, Inc. Copyright xa9. 1999 - 2014InternalName: AutotextFileVersion: 8.5.87.7CompanyName: Sonic Foundry, Inc.PrivateBuild: 8.5.87.7LegalTrademarks: Sonic Foundry, Inc. Copyright xa9. 1999 - 2014Comments: Attractive Included Cmplimentary Folk InfringesProductName: AutotextLanguages: EnglishProductVersion: 8.5.87.7FileDescription: Attractive Included Cmplimentary Folk InfringesOriginalFilename: AutotextTranslation: 0x0406 0x04b0

Win32/Kryptik.EGGR also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 00519a301 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.11008
Malwarebytes	MachineLearning/Anomalous.100%
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 00519a301 )
Cybereason	malicious.d42c35
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.EGGR
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Fury.lq
Alibaba	Ransom:Win32/Kryptik.04d34aa4
NANO-Antivirus	Trojan.Win32.Fury.faldeo
Tencent	Win32.Trojan.Fury.Aexq
Sophos	Mal/Generic-S
Comodo	Malware@#24hbafprc1l19
BitDefenderTheta	Gen:NN.ZexaF.34088.ou0@ayj3aadG
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Mal_MiliCry-1h
McAfee-GW-Edition	Generic.clm
FireEye	Generic.mg.7066ccfb34a503e9
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Fury.do
Avira	HEUR/AGEN.1108827
Antiy-AVL	Trojan/Generic.ASMalwS.2246AB6
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Ransom:Win32/Genasom
ZoneAlarm	Trojan-Ransom.Win32.Fury.lq
AhnLab-V3	Win-Trojan/Sagecrypt.Gen
Acronis	suspicious
VBA32	Trojan-Ransom.Fury
MAX	malware (ai score=99)
TrendMicro-HouseCall	Mal_MiliCry-1h
Rising	Trojan.Generic@ML.100 (RDML:orYg6OYaIlD9mHRfqB2J7Q)
Yandex	Trojan.Fury!qe851808WkU
Ikarus	Trojan.Crypt
Fortinet	W32/Fury.LQ!tr
Panda	Trj/CI.A
Qihoo-360	Win32/Ransom.Fury.HwoCEpsA