Win32/Kryptik.GCAT information

The Win32/Kryptik.GCAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GCAT virus can do?

Executable code extraction
Presents an Authenticode digital signature
Creates RWX memory
Unconventionial language used in binary resources: Russian
Queries information on disks, possibly for anti-virtualization
Behavior consistent with a dropper attempting to download the next stage.
Detects the presence of Wine emulator via registry key
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

ec2-52-29-33-28.eu-central-1.compute.amazonaws.com

How to determine Win32/Kryptik.GCAT?


File Info:
crc32: 92CB985C
md5: 14392973e05086037e839db142c4fbb1
name: 14392973E05086037E839DB142C4FBB1.mlw
sha1: 2ffd889c1255003fb2f605f4037d2125ac261e8f
sha256: 5eda70a6e052e8b9b205631b651485fdab220e01189f68a2429a1326978f8319
sha512: 3a37dedec5f632bd9a2a8a1817c524980a9b86ef5c178534b4709755d9b2b683f952f2d096414572775a4984ab43df0ccfb3189d474c89cf4096761d032dc803
ssdeep: 49152:i66j8KvnolQvw/2Bju1dchPGct4yuEeVhGAfC+lRM:iaKfoawrKPGctAVfjfM
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2005-2017 Piriform Ltd
InternalName: ccleaner
FileVersion: 5, 32, 00, 6129
CompanyName: Piriform Ltd
Comments: CCleaner
ProductName: CCleaner
ProductVersion: 5, 32, 00, 6129
FileDescription: CCleaner
OriginalFilename: ccleaner.exe
Translation: 0x0409 0x04b0

Win32/Kryptik.GCAT also known as:

K7AntiVirus	Trojan ( 005241d51 )
Elastic	malicious (high confidence)
DrWeb	Trojan.InstallCube.2647
Cynet	Malicious (score: 100)
CAT-QuickHeal	SwBundler.ICLoader.YB5
ALYac	Gen:Variant.Adware.ICloader.Barys.7
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.1353657
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
Alibaba	Trojan:Win32/Katusha.61cffbd4
K7GW	Trojan ( 005241d51 )
Cybereason	malicious.3e0508
Cyren	W32/S-af01ab11!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GCAT
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
ClamAV	Win.Packed.Icloader-6952325-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Adware.ICloader.Barys.7
NANO-Antivirus	Trojan.Win32.InstallCube.exewhl
MicroWorld-eScan	Gen:Variant.Adware.ICloader.Barys.7
Tencent	Malware.Win32.Gencirc.114cef4d
Ad-Aware	Gen:Variant.Adware.ICloader.Barys.7
Sophos	Mal/Generic-S
Comodo	Application.Win32.ICLoader.GEM@7kji8x
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Packed-OF!14392973E050
FireEye	Generic.mg.14392973e0508603
Emsisoft	Application.AdLoad (A)
SentinelOne	Static AI – Malicious PE
Avira	TR/Crypt.XPACK.Gen
Microsoft	PUADlManager:Win32/InstallCube
GData	Gen:Variant.Adware.ICloader.Barys.7
AhnLab-V3	PUP/Win32.ICLoader.R218959
Acronis	suspicious
McAfee	Packed-OF!14392973E050
MAX	malware (ai score=96)
VBA32	BScope.Trojan.InstallCube
Malwarebytes	Adware.FileTour
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.AFA6 (CLASSIC)
Yandex	Trojan.GenAsa!qcxgSRfj7gI
Ikarus	PUA.Win32.ICLoader
MaxSecure	Packed.Packed.WIN32.Katusha.gen_211988
Fortinet	W32/CoinMiner.GYQC!tr
AVG	Win32:DangerousSig [Trj]
Paloalto	generic.ml

How to remove Win32/Kryptik.GCAT?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.GCAT information