Malware

How to remove “Win32/Kryptik.GEFZ”?

Malware Removal

The Win32/Kryptik.GEFZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GEFZ virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Detects Sandboxie through the presence of a library
  • Attempts to remove evidence of file being downloaded from the Internet
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself

Related domains:

sadasdxzczxaik2.xyz
sadasdxzcasdxaik2.xyz
oltarkwosm.online
ww38.oltarkwosm.online
skjdfhjbitbit.bit
santalopezcruz.bit

How to determine Win32/Kryptik.GEFZ?



File Info:

crc32: E5B44028
md5: a67eada0b1e595d89805654097118780
name: A67EADA0B1E595D89805654097118780.mlw
sha1: a2912eb474a57b5f6f0f4200c18a11681224ee10
sha256: abfaac7097fb5a3d1fad825cd894645da38133dd953adaac7050fe7d5369eb94
sha512: 5e5ae6c7db140b0514b2c2b7b5d084fc362fa83d44fd0275d3a131fe1cb8583ff9d1073f59c8290f0ff1b543432328f16a9b73bcfecf707a9fc3df089ea3013c
ssdeep: 12288:F3IobHu9QTXCGg2g6vXFNuQEDbcZHaqF7l/c4MHbH0ERs:NNbHuWpvVREDbnqF7l/xUUr
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2006-2014 
InternalName: TwnJacks
FileVersion: 8.8.7.5
CompanyName: Nero AG
LegalTrademarks: Copyright (c) 2006-2014 
ProductName: TwnJacks
ProductVersion: 8.8.7.5
FileDescription: Zombied Summary
OriginalFilename: TwnJacks.exe
Translation: 0x0409 0x04b0

Win32/Kryptik.GEFZ also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0056e97b1 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacTrojan.Autoruns.GenericKDS.44436884
CylanceUnsafe
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 0056e97b1 )
Cybereasonmalicious.0b1e59
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GEFZ
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Foreign.nzcq
BitDefenderTrojan.Autoruns.GenericKDS.44436884
NANO-AntivirusTrojan.Win32.MalwareCrypter.eyunly
MicroWorld-eScanTrojan.Autoruns.GenericKDS.44436884
TencentWin32.Trojan.Foreign.Lmks
Ad-AwareTrojan.Autoruns.GenericKDS.44436884
ComodoMalware@#2nvxw6qs7dsqt
BitDefenderThetaGen:NN.ZexaF.34758.Eq0@aKan6oli
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.gh
FireEyeGeneric.mg.a67eada0b1e595d8
EmsisoftTrojan.Autoruns.GenericKDS.44436884 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1115366
Antiy-AVLTrojan/Generic.ASMalwS.24F470C
MicrosoftTrojan:Win32/Occamy.B
ArcabitTrojan.Autoruns.GenericS.D2A60D94
AegisLabTrojan.Win32.Foreign.j!c
GDataTrojan.Autoruns.GenericKDS.44436884
AhnLab-V3Malware/Win32.Generic.C2473354
Acronissuspicious
McAfeeArtemis!A67EADA0B1E5
MAXmalware (ai score=97)
PandaTrj/CI.A
YandexTrojan.Foreign!V6p1Y1z0DdU
IkarusTrojan-Ransom.GandCrab
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/Kryptik.GEFZ?

Win32/Kryptik.GEFZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment