About "Win32/Kryptik.GKFM" infection

The Win32/Kryptik.GKFM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GKFM virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (6 unique times)
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

Related domains:

oneteenager.com

www.btwordpress.xyz

www.hologramrawmaterial.com

petirnews.com

www.scheckin.com

www.alltest.pl

hifipig.com

2ndeye.com

www.xn--80adgp0a.xn--p1ai

mubara.net

How to determine Win32/Kryptik.GKFM?


File Info:
crc32: A8BCB4B6
md5: e83678d7a93d2f1decdb689618b3f475
name: E83678D7A93D2F1DECDB689618B3F475.mlw
sha1: 554c009abdc78b7175ce552db39aaf296c311502
sha256: 9d3603aa46b2459bb7589e2615c71b84d7e25e635e1b70b11a42d4f2b4f54aae
sha512: 91ac4d4dd84097d32b1a44b59107133ab83904df64f5a4bb8a8d97e7e5cdcbd54c2614010d5901926f80e110619b75cde52068519ebdf9c4bd79a5d8f9a6d80f
ssdeep: 1536:r0NdEic7zbwOdEJ/Wvx8CTKgGq5ZRWP/fa0MU/qcFhg1jFhpkaDnJ90cDEcdfsv7:rfVhKCEa/IZgJLaaDnJmEJ45
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Kryptik.GKFM also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0053b4261 )
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop8.35877
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.31182354
Cylance	Unsafe
Zillya	Trojan.GenericKD.Win32.168821
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	TrojanBanker:Win32/ClipBanker.35f31c41
K7GW	Trojan ( 0053b4261 )
Cybereason	malicious.7a93d2
Symantec	Ransom.Hermes!gen3
ESET-NOD32	a variant of Win32/Kryptik.GKFM
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Banker.Win32.ClipBanker.bk
BitDefender	Trojan.GenericKD.31182354
NANO-Antivirus	Trojan.Win32.Kryptik.fhbmub
MicroWorld-eScan	Trojan.GenericKD.31182354
Tencent	Malware.Win32.Gencirc.114d2829
Ad-Aware	Trojan.GenericKD.31182354
Sophos	Mal/Generic-S
Comodo	Malware@#ydfvbhm2k4mk
BitDefenderTheta	Gen:NN.ZexaF.34690.smW@aahy6ecG
TrendMicro	Ransom.Win32.BITPAYMER.SM.hp
McAfee-GW-Edition	BehavesLike.Win32.Generic.dm
FireEye	Generic.mg.e83678d7a93d2f1d
Emsisoft	Trojan.GenericKD.31182354 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Banker.ClipBanker.h
Webroot	W32.Adware.Gen
Avira	HEUR/AGEN.1131446
eGambit	Unsafe.AI_Score_67%
Antiy-AVL	Trojan/Generic.ASMalwS.27DCE7E
Microsoft	Trojan:Win32/Occamy.C
ZoneAlarm	Trojan-Banker.Win32.ClipBanker.bk
GData	Trojan.GenericKD.31182354
AhnLab-V3	Trojan/Win32.Cloxer.C2690060
Acronis	suspicious
McAfee	GenericRXGI-YJ!E83678D7A93D
MAX	malware (ai score=78)
VBA32	BScope.Trojan.Fuerboos
Malwarebytes	Malware.AI.3750304246
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom.Win32.BITPAYMER.SM.hp
Rising	Downloader.Godzilla!8.E3AB (CLOUD)
Yandex	Trojan.GenAsa!41LKSqJQ0x0
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/Kryptik.GKQG!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Win32/Kryptik.GKFM?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Win32/Kryptik.GKFM” infection