Malware

What is “Win32/Kryptik.EIO”?

Malware Removal

The Win32/Kryptik.EIO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.EIO virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Win32/Kryptik.EIO?



File Info:

name: 812D1E3069518355D673.mlw
path: /opt/CAPEv2/storage/binaries/e4ed405ea4b6b39e0a1f59ee2ee13c45db80c055bbd2290e401548bd9c168b2d
crc32: 640B5FD0
md5: 812d1e3069518355d673ac89e1fac3e8
sha1: 1b4d0c82a455689ee4b9e43eb23ebc5780be02f8
sha256: e4ed405ea4b6b39e0a1f59ee2ee13c45db80c055bbd2290e401548bd9c168b2d
sha512: 344435b82aaa1fb469b56edbc2988259a429e4f88a5b0e3c3cc35a7a84dd8e1a447aa3d9d520427203f0d81debd8d3cda3f2b61ae631d703ff0a0a7ecc9f0bde
ssdeep: 3072:ItFUx6AKxj/dis1gDErWJM8H4zWtncAkuORN1402gQjK1MAzbBVgPELKAN406r/v:IXUoAi1L1gn2kk53SgQG1HB2PEBN4N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C90412D0E2F38AC9E8500BBAFD26D525763E3DDC03EBB45902CC57BCC9C42629C96496
sha3_384: a6f1430a22a60160a7a003340f5c01b518ff23f7eb2f6234398cc9ed75bae3ebc00ca9076adb734c5a07079a8f91800d
ep_bytes: 60be000043008dbe0010fdff5783cdff
timestamp: 2007-11-01 05:54:46


Version Info:

CompanyName: АЦЙтфЦХбЭюкпюйКЙЙцЗТшшАЫЮкъ
FileDescription: иаДУэяьйХЬСьПхщПорсДхгдШшхН
FileVersion: 40.64.102.19
InternalName: ъРзыГииТсЪйюЙвШЯхВбшлНифЦдцМ
LegalCopyright: 4755-4076
OriginalFilename: kDuJ.exe
ProductName: ЗлЯкЛМЗбВсжньЭЧЦыЦЭвГШваАйчф
ProductVersion: 40.64.102.19
Translation: 0x04b0 0x0417

Win32/Kryptik.EIO also known as:

BkavW32.AIDetect.malware1
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bredo.6
FireEyeGeneric.mg.812d1e3069518355
ALYacGen:Variant.Bredo.6
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.65053
SangforTrojan.Win32.Kryptik.EIO
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojanPSW:Win32/Kryptik.4e445270
K7GWTrojan ( f1000f011 )
K7AntiVirusTrojan ( f1000f011 )
VirITTrojan.Win32.Citem.DXX
CyrenW32/Zbot.AK.gen!Eldorado
SymantecTrojan.Bredolab!gen10
ESET-NOD32a variant of Win32/Kryptik.EIO
APEXMalicious
ClamAVWin.Trojan.Agent-423496
KasperskyPacked.Win32.Krap.hm
BitDefenderGen:Variant.Bredo.6
NANO-AntivirusTrojan.Win32.Krap.bdzjd
AvastWin32:Trojan-gen
TencentWin32.Trojan.Spy.Dwsz
Ad-AwareGen:Variant.Bredo.6
SophosMal/Generic-R + Mal/Qbot-B
ComodoMalCrypt.Indus!@1qrzi1
F-SecureTrojan.TR/Spy.Z.qsu.183808
DrWebTrojan.Packed.20343
VIPRETrojan.Win32.Nedsym.f (v)
TrendMicroBKDR_QAKBOT.SMC
McAfee-GW-EditionBehavesLike.Win32.Downloader.cc
EmsisoftGen:Variant.Bredo.6 (B)
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Bredo.6
JiangminPacked.Krap.ehbq
WebrootW32.Malware.Gen
AviraTR/Spy.Z.qsu.183808
MAXmalware (ai score=100)
Antiy-AVLTrojan[Packed]/Win32.Krap
KingsoftWin32.Troj.Generic.KD.(kcloud)
ArcabitTrojan.Bredo.6
ZoneAlarmPacked.Win32.Krap.hm
MicrosoftPWS:Win32/Zbot.gen!R
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.Krap.C4399136
McAfeeGenericRXAA-AA!812D1E306951
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallBKDR_QAKBOT.SMC
RisingDropper.Obitel!8.1F55 (CLOUD)
YandexTrojan.GenAsa!aO2MQdZZ1CI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1382627.susgen
FortinetW32/Krypt.A!tr.dldr
BitDefenderThetaAI:Packer.E86C5FE81F
AVGWin32:Trojan-gen
Cybereasonmalicious.069518
PandaTrj/Krapack.gen

How to remove Win32/Kryptik.EIO?

Win32/Kryptik.EIO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment