Win32/Kryptik.GJNV (file analysis)

The Win32/Kryptik.GJNV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GJNV virus can do?

Executable code extraction
Presents an Authenticode digital signature
Creates RWX memory
A process created a hidden window
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Attempts to identify installed AV products by registry key
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Kryptik.GJNV?


File Info:
crc32: 53A75634
md5: cb23803c3dc2cce619b2999f973c7b78
name: CB23803C3DC2CCE619B2999F973C7B78.mlw
sha1: 60b47e065257fee7e022e236c56ec31a3cbae901
sha256: 1dd520a63be927ccb861c25788e35ee9001c5098d51a8c45ecba69a09207cd3a
sha512: 30a13080d114b260a6dcb63cb63b464660f01f2ba93cb1ae2b2a2969d3b1bec08bd59aabf1b6083398dc30845f34ed31ba8996c1876fd2557a47b05f28c972cc
ssdeep: 1536:aQ+cX2S8cP2Spig75jryJ8jpxTZkak4dGuD32oilXYby09XN:P+qrig0J8fTyakoGuD3ilXYby05N
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: telnet.exe
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7600.16385
FileDescription: Microsoft Telnet Client
OriginalFilename: telnetc.exe
Translation: 0x0409 0x04b0

Win32/Kryptik.GJNV also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 00539a4c1 )
Lionic	Hacktool.Win32.Krap.lKMc
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen7.56935
ClamAV	Win.Dropper.Bunitu-9893704-0
ALYac	Trojan.Mint.Zamg.O
Malwarebytes	Malware.AI.1730890973
Zillya	Trojan.Yakes.Win32.69183
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Bunitu.ali1000105
K7GW	Trojan ( 00539a4c1 )
Cybereason	malicious.c3dc2c
Cyren	W32/Agent.CET.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GJNV
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Yakes.xgcn
BitDefender	Trojan.Mint.Zamg.O
NANO-Antivirus	Trojan.Win32.Kryptik.fhpyfg
MicroWorld-eScan	Trojan.Mint.Zamg.O
Tencent	Malware.Win32.Gencirc.10cc06d4
Ad-Aware	Trojan.Mint.Zamg.O
Sophos	Mal/Generic-S + Mal/Cerber-AM
Comodo	TrojWare.Win32.Yakes.ADC@7vd6j1
BitDefenderTheta	Gen:NN.ZexaF.34266.tq1@aSXTeKci
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom.Win32.SHADE.SMB.hp
FireEye	Generic.mg.cb23803c3dc2cce6
Emsisoft	Trojan.Mint.Zamg.O (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.NetStream.hw
Avira	HEUR/AGEN.1117922
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.2804F75
Arcabit	Trojan.Mint.Zamg.O
SUPERAntiSpyware	Trojan.Agent/Gen-Emotet
GData	Trojan.Mint.Zamg.O
AhnLab-V3	Trojan/Win32.Yakes.R237311
Acronis	suspicious
McAfee	Trickbot-FRDP!CB23803C3DC2
MAX	malware (ai score=99)
VBA32	BScope.TrojanProxy.Bunitu
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom.Win32.SHADE.SMB.hp
Rising	Trojan.Kryptik!1.B397 (CLASSIC)
Yandex	Trojan.GenAsa!ZEESzy/x0qw
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GLWT!tr
AVG	Win32:DangerousSig [Trj]
Paloalto	generic.ml

How to remove Win32/Kryptik.GJNV?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.GJNV (file analysis)