Malware

Win32/Kryptik.FQHJ removal guide

Malware Removal

The Win32/Kryptik.FQHJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.FQHJ virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to modify desktop wallpaper
  • Deletes its original binary from disk
  • Exhibits behavior characteristic of Cerber ransomware
  • Attempts to execute a binary from a dead or sinkholed URL
  • Writes a potential ransom message to disk
  • EternalBlue behavior
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Generates some ICMP traffic
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
api.blockcypher.com
btc.blockr.io
bitaps.com
chain.so
crl3.digicert.com
ocsp.digicert.com
p27dokhpz2n7nvgr.1j9r76.top

How to determine Win32/Kryptik.FQHJ?


File Info:

crc32: 323296FE
md5: 20d1d821e96bff5344e5bf90665b1b90
name: 20D1D821E96BFF5344E5BF90665B1B90.mlw
sha1: 6d4627d869685ab21e3260246b99f696586e8375
sha256: 4bc2f201c918403e253f0e99c006ca2a0de121d95d28eb5a08a59767f86e37f8
sha512: fc053b6a70d11fd533eb351ccc556a224858d3a090cb66912c28e0ff034d8bb822bbf9747afaf226e73fd110603d5d29e583ba3b759bb73873ac03a507976469
ssdeep: 6144:rHJAFvJa3IoByv9ZkfLk+gDvJceCYLwF6zn4dt0zRt/4BZjo7SkL/R9o:rpARJa3p41ZkfLMbJcPYLLzn4u3wBp8
type: MS-DOS executable, MZ for MS-DOS

Version Info:

FileVersion: 9.1
CompanyName: WinAbilityxae Software Corporation
Translation: 0x0409 0x04b0

Win32/Kryptik.FQHJ also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005489e61 )
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen7.32870
CAT-QuickHealRansom.Cerber.A3
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
K7GWTrojan ( 005489e61 )
Cybereasonmalicious.1e96bf
SymantecRansom.Cerber
ESET-NOD32a variant of Win32/Kryptik.FQHJ
APEXMalicious
AvastFileRepMalware
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Zerber.fohm
BitDefenderTrojan.GenericKD.41050310
NANO-AntivirusTrojan.Win32.Kryptik.fnnhbc
MicroWorld-eScanTrojan.GenericKD.41050310
TencentWin32.Trojan.Zerber.Hqvh
Ad-AwareTrojan.GenericKD.41050310
SophosMal/Generic-R + Mal/Cerber-K
ComodoTrojWare.Win32.Ransom.Troldesh.AB@7g1ova
BitDefenderThetaGen:NN.ZexaF.34142.wmuaaOXeHBdi
TrendMicroRansom_HPCERBER.SMONT3
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
FireEyeGeneric.mg.20d1d821e96bff53
EmsisoftTrojan.GenericKD.41050310 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.frjne
AviraTR/Crypt.Agent.avtne
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.1F24106
MicrosoftRansom:Win32/Cerber.I
GDataTrojan.GenericKD.41050310
VBA32BScope.Trojan-Ransom.Zerber
MAXmalware (ai score=88)
PandaTrj/CI.A
TrendMicro-HouseCallRansom_HPCERBER.SMONT3
RisingTrojan.Kryptik!1.AE9C (CLASSIC)
YandexTrojan.Zerber!a95pLWF1Bs4
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.FRVT!tr.ransom
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Win32/Kryptik.FQHJ?

Win32/Kryptik.FQHJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment