Categories: Malware

Win32/Kryptik.GCZE information

The Win32/Kryptik.GCZE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GCZE virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
A process created a hidden window
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Behavioural detection: Injection (inter-process)
Created a process from a suspicious location
Creates a copy of itself
A cryptomining command was executed
Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.GCZE?


File Info:
name: 7A15EA14137097688684.mlwpath: /opt/CAPEv2/storage/binaries/987bcfb0c2de66534390930961a8a25206c8a123ec022c9b2a8682604f924caccrc32: A572076Bmd5: 7a15ea141370976886849024d612d639sha1: 962deef2aa9db860797a33cc3266a19418e106e7sha256: 987bcfb0c2de66534390930961a8a25206c8a123ec022c9b2a8682604f924cacsha512: 6e147ee9385222d6aa28190207939e827dad7266f1d24c5e20eaa34c8796506aade6ca6642fcb8ddecbffa2afe7a2c4656c2ba840afa569fde897d713a790ab4ssdeep: 12288:ORPAn6V8XEnh15rL62LKs7RAdJW9t3BHlPcjS1GFAVKJ:ORId0nTNL6KKs7RuW9RBH1c+nmtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16EA4239D59146CC8D3384F3A591AF3F590C994938F7071641F0DC0EB8FB6BE9A78921Asha3_384: 576c4c9e9204501dd2c9a644262b17970a3def454756d242c5056230351aa446ce34c93232523e324b2b7f32506e2775ep_bytes: 60be00a0b3008dbe00708cff57eb0b90timestamp: 2007-07-11 07:46:39
Version Info:
FileVersion: 10.1.10.11LegalCopyright: Copyright (C) 2017, agnodngoudrbProductVersion: 10.1.10.11Translation: 0x0809 0x04b0

Win32/Kryptik.GCZE also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	DeepScan:Generic.BrResMon.1.37E05900
FireEye	Generic.mg.7a15ea1413709768
CAT-QuickHeal	W32.Virut.G
ALYac	DeepScan:Generic.BrResMon.1.37E05900
Cylance	Unsafe
K7AntiVirus	Trojan ( 00526c541 )
K7GW	Trojan ( 00526c541 )
Cybereason	malicious.413709
Symantec	W32.Virut.CF
ESET-NOD32	a variant of Win32/Kryptik.GCZE
APEX	Malicious
ClamAV	Win.Packed.Ulpm-9799291-0
Kaspersky	Virus.Win32.Virut.ce
BitDefender	DeepScan:Generic.BrResMon.1.37E05900
NANO-Antivirus	Trojan.Win32.Androm.exxymm
Ad-Aware	DeepScan:Generic.BrResMon.1.37E05900
TACHYON	Virus/W32.Virut.Gen
Emsisoft	DeepScan:Generic.BrResMon.1.37E05900 (B)
Comodo	Virus.Win32.Virut.CE@5jedjj
McAfee-GW-Edition	W32/Virut.ad.gen
Sophos	ML/PE-A + Mal/GandCrab-B
SentinelOne	Static AI – Malicious PE
Jiangmin	Win32/Virut.bv
Avira	W32/Virut.Gen
Antiy-AVL	Trojan/Generic.ASVirus.2F
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	DeepScan:Generic.BrResMon.1.37E05900
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Virut.E
McAfee	W32/Virut.ad.gen
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Tiggre
Malwarebytes	Trojan.MalPack
Panda	W32/Sality.AO
Rising	Malware.Obscure/Heur!1.A89E (CLASSIC)
Yandex	Trojan.GenAsa!Qt8+6lTfHcY
Ikarus	Virus.Win32.Virut
eGambit	Unsafe.AI_Score_53%
Fortinet	W32/Kryptik.GLKY!tr
BitDefenderTheta	AI:Packer.5CA7C84B1F
AVG	Win32:Crypt-KOW [Trj]
Avast	Win32:Crypt-KOW [Trj]
CrowdStrike	win/malicious_confidence_70% (D)
MaxSecure	Trojan.Malware.300983.susgen