Malware

About “Win32/Kryptik.GEQU” infection

Malware Removal

The Win32/Kryptik.GEQU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GEQU virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Attempts to remove evidence of file being downloaded from the Internet
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself

How to determine Win32/Kryptik.GEQU?



File Info:

crc32: DC2319F2
md5: 8ca712835d751df9c1e1a4e17d7269f2
name: 8CA712835D751DF9C1E1A4E17D7269F2.mlw
sha1: 1e8d21162f9f97a383365b8da917c3f64389edf8
sha256: 746d94b8b2a5e50f6e7f653c94e0332b20591568a9f56a63cffd3229067638e3
sha512: 5be228e1f668d3363fd0d119e785e485a94d2f038ae3a0bd87860428700eea8ed8e2d9e510917131679508e0cc6d0a0c872593fe222628db705d99f8d7f5c3aa
ssdeep: 3072:hWn2Pbhg8PRGe39+1OkrdJlSDMaSeFZCpmCH6O/8ZAT16hU8CLAisWt:0nmpgw+PdJQD2+wmwT8eT4G/f
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2017, naseshgera
InternalName: sgahffjfghj.exe
FileVersion: 1.0.0.11
ProductVersion: 1.0.0.1
Translation: 0x0809 0x04b0

Win32/Kryptik.GEQU also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 00532e3d1 )
Elasticmalicious (high confidence)
DrWebBackDoor.IRC.Bot.4165
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Chapak.ZZ5
ALYacTrojan.BRMon.Gen.3
CylanceUnsafe
ZillyaDownloader.Upatre.Win32.65618
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/Gandcrab.137378eb
K7GWTrojan ( 655333331 )
Cybereasonmalicious.35d751
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GEQU
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.BRMon.Gen.3
NANO-AntivirusTrojan.Win32.Upatre.eyqusj
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
MicroWorld-eScanTrojan.BRMon.Gen.3
TencentWin32.Trojan.Generic.Edxv
Ad-AwareTrojan.BRMon.Gen.3
SophosMal/Generic-S + Mal/GandCrab-C
ComodoTrojWare.Win32.TrojanProxy.Bunitu.GET@7knqev
BitDefenderThetaGen:NN.ZexaF.34670.mu0@aq9s@8ii
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_GANDCRAB.SMALY-3
McAfee-GW-EditionGenericRXEF-WU!8CA712835D75
FireEyeGeneric.mg.8ca712835d751df9
EmsisoftTrojan.BRMon.Gen.3 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Generic.cvduw
AviraHEUR/AGEN.1117310
eGambitUnsafe.AI_Score_96%
MicrosoftRansom:Win32/Gandcrab.SF!MTB
ArcabitTrojan.BRMon.Gen.3
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.BRMon.Gen.3
AhnLab-V3Win-Trojan/Gandcrab02.Exp
Acronissuspicious
McAfeeGenericRXEF-WU!8CA712835D75
MAXmalware (ai score=96)
VBA32BScope.Trojan.Diple
MalwarebytesTrojan.MalPack
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_GANDCRAB.SMALY-3
RisingDownloader.Upatre!8.B5 (CLOUD)
YandexTrojan.Chapak!KreNR6LY8lo
IkarusTrojan-Dropper.Win32.Danabot
MaxSecureRansomeware.CRAB.gen
FortinetW32/GenKryptik.DWPH!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HwoCSsQA

How to remove Win32/Kryptik.GEQU?

Win32/Kryptik.GEQU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment