Win32/Kryptik.GJBG (file analysis)

The Win32/Kryptik.GJBG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GJBG virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Queries information on disks, possibly for anti-virtualization
Behavior consistent with a dropper attempting to download the next stage.
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Attempts to modify proxy settings
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

static.43.47.69.159.clients.your-server.de

How to determine Win32/Kryptik.GJBG?


File Info:
crc32: 3E67A35D
md5: 7d9319ebf80617dfb881129898f95b55
name: 7D9319EBF80617DFB881129898F95B55.mlw
sha1: 9c7069ac1b23b462dd910c4109598e1dcf85de8d
sha256: 097a58c5230c8ba0b5144b9a65b10b19bcddbca79093b9db9ccebe23c3a6f476
sha512: 227482d9c8f39c28ce4ca24b07dd6fbb34f4ac276d94a9c0f0f0c6106a7de7f0f3a74a9663b2f4ad8cd7bb32c282092725ae167c07015f434d564a1a9b0daf98
ssdeep: 49152:JBWU9w/M4pBq85YDsPGct4SXaehVwKF42:JBWUibpBqDoPGct/ht42
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Kryptik.GJBG also known as:

K7AntiVirus	Trojan ( 00537eb21 )
Lionic	Trojan.Win32.Ekstak.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.InstallCube.3557
CAT-QuickHeal	PUA.AgentPMF.S19884381
ALYac	Gen:Variant.Zusy.322613
Cylance	Unsafe
Zillya	Trojan.GenericKD.Win32.132045
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Trojan:Win32/Katusha.b1654741
K7GW	Trojan ( 00537eb21 )
Cybereason	malicious.bf8061
Cyren	W32/S-0c8e9629!Eldorado
Symantec	PUA.ICLoader
ESET-NOD32	a variant of Win32/Kryptik.GJBG
APEX	Malicious
Avast	Win32:ICLoader-X [Adw]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Packed.Win32.Katusha.gen
BitDefender	Gen:Variant.Zusy.322613
NANO-Antivirus	Trojan.Win32.Ekstak.ffojia
MicroWorld-eScan	Gen:Variant.Zusy.322613
Tencent	Trojan.Win32.Kryptik.gjbs
Ad-Aware	Gen:Variant.Zusy.322613
Sophos	Mal/Generic-S + Troj/Agent-AZKB
Comodo	Application.Win32.ICLoader.GS@84429a
BitDefenderTheta	Gen:NN.ZexaF.34236.esW@aysEoboi
McAfee-GW-Edition	BehavesLike.Win32.Dropper.vc
FireEye	Generic.mg.7d9319ebf80617df
Emsisoft	Application.Generic (A)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Ekstak.mqd
Avira	TR/ICLoader.Gen8
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASBOL.C50A
Microsoft	Trojan:Win32/Zpevdo!rfn
Arcabit	Trojan.Zusy.D4EC35
ZoneAlarm	HEUR:Packed.Win32.Katusha.gen
GData	Win32.Adware.ICLoader.D
TACHYON	Trojan/W32.Ekstak.2166784.S
AhnLab-V3	Malware/Win32.Generic.C2623966
Acronis	suspicious
McAfee	Packed-FHK!7D9319EBF806
MAX	malware (ai score=100)
VBA32	Trojan.Ekstak
Malwarebytes	Adware.ICLoader
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.AA23 (CLASSIC)
Yandex	Trojan.GenAsa!CUtkjZ7TxHw
Ikarus	Trojan.Win32.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.GYQC!tr
AVG	Win32:ICLoader-X [Adw]
Paloalto	generic.ml

How to remove Win32/Kryptik.GJBG?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.GJBG (file analysis)