Should I remove "Win32/Kryptik.GDCD"?

The Win32/Kryptik.GDCD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GDCD virus can do?

Executable code extraction
Creates RWX memory
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Checks the CPU name from registry, possibly for anti-virtualization
Anomalous binary characteristics

Related domains:

ipv4bot.whatismyipaddress.com

dns1.soprodns.ru

nomoreransom.coin

nomoreransom.bit

dns2.soprodns.ru

gandcrab.bit

How to determine Win32/Kryptik.GDCD?


File Info:
crc32: 8D905E7F
md5: a53618973afc705e9a123b084976c166
name: A53618973AFC705E9A123B084976C166.mlw
sha1: 624d6445ed8ae417839e02f300472c7f04d07648
sha256: 4ef69a181f31fbf41815c6c78be1328b7d8ba1e65323e13eb455765605000a23
sha512: ea0e87fb4dc1252f0a755de4ea69dc1d79f33c2067ee71291d183978717430654384e57cdefac18ae9f51903e8d13597602bdb4f79ed1e81a62455324000eec0
ssdeep: 6144:jZJNhuNmse02+DrcuoCjccpS7RgjdQpagsTDYSf08:TNh9se02+D4lcpS9ad4LsTDC8
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Kryptik.GDCD also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Emotet.Gen.3
FireEye	Generic.mg.a53618973afc705e
CAT-QuickHeal	Trojan.Chapak.ZZ6
McAfee	Packed-ZG!A53618973AFC
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0053305e1 )
BitDefender	Trojan.Emotet.Gen.3
K7GW	Trojan ( 0052743e1 )
Cybereason	malicious.73afc7
BitDefenderTheta	Gen:NN.ZexaF.34590.syW@aut7KNj
Cyren	W32/S-135e99c5!Eldorado
Symantec	Packed.Generic.525
APEX	Malicious
Avast	FileRepMalware
ClamAV	Win.Packed.Gandcrab-6502433-0
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Banker1.exzppm
ViRobot	Trojan.Win32.Ransom.302592.J
Tencent	Malware.Win32.Gencirc.10b588ba
Ad-Aware	Trojan.Emotet.Gen.3
Sophos	Mal/Generic-R + Mal/GandCrab-A
Comodo	TrojWare.Win32.Cloxer.AY@7o68fu
F-Secure	Heuristic.HEUR/AGEN.1103299
DrWeb	Trojan.PWS.Banker1.25405
Zillya	Trojan.GandCrypt.Win32.78
TrendMicro	Ransom_HPGANDCRAB.SMONT
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Emsisoft	Trojan.Emotet.Gen.3 (B)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Avira	HEUR/AGEN.1103299
MAX	malware (ai score=98)
Antiy-AVL	Trojan[Ransom]/Win32.GandCrypt
Microsoft	Ransom:Win32/GandCrab!rfn
Arcabit	Trojan.Emotet.Gen.3
SUPERAntiSpyware	Ransom.GandCrypt/Variant
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Emotet.Gen.3
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.GandCrypt.C2407383
Acronis	suspicious
VBA32	TrojanRansom.GandCrypt
Malwarebytes	Trojan.MalPack
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.GDCD
TrendMicro-HouseCall	Ransom_HPGANDCRAB.SMONT
Rising	Trojan.Kryptik!1.B048 (CLOUD)
Yandex	Trojan.GenAsa!M7GRZmxDq18
Ikarus	Trojan-Downloader.Win32.Zurgop
Fortinet	W32/GenKryptik.BAPN!worm
AVG	FileRepMalware
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	Win32/Trojan.c3b

How to remove Win32/Kryptik.GDCD?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Win32/Kryptik.GDCD”?