Malware

Should I remove “Win32/Kryptik.GKTD”?

Malware Removal

The Win32/Kryptik.GKTD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.GKTD virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Win32/Kryptik.GKTD?


File Info:

crc32: D0469195
md5: 3c5e0553238b26a42dbda106b53942f1
name: 3C5E0553238B26A42DBDA106B53942F1.mlw
sha1: 98f0b2843b4a902eabaea1632bf0b1e1172b576e
sha256: 73537ff1f2b9bb5ca386c6963e249d12f51f000f7c148f27f28b94879aa26bdf
sha512: f7c7f0be69f12e6f2f19f9db3926e7b6f38969ea4010944dc638b8bcfacc9ff39496c8b61f7276f45f1daebe7791f617f439cc12a7bb92b2abb7c4802642ef62
ssdeep: 3072:WeZES1O+tSng+L4XctpYlQy80T5Ztu5xR/oAYnqrG9gwVNBX/8:BjA3gItuaq1Z8QSQgMX/8
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: sdafsdgsfdg.exe
FileVersion: 1.0.0.1
Translation: 0x0809 0x04b0

Win32/Kryptik.GKTD also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053c6c71 )
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.BRMon.Gen.4
McAfeePacked-FLX!3C5E0553238B
CylanceUnsafe
ZillyaTrojan.GandCrypt.Win32.588
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderTrojan.BRMon.Gen.4
K7GWTrojan ( 0053c6c71 )
Cybereasonmalicious.3238b2
BitDefenderThetaGen:NN.ZexaF.34670.ku0@aihi!HhG
CyrenW32/Kryptik.IF.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GKTD
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.GandCrypt.evt
AlibabaRansom:Win32/GandCrypt.002002
NANO-AntivirusTrojan.Win32.GandCrypt.fhrdoa
SUPERAntiSpywareRansom.GandCrab/Variant
TencentWin32.Trojan.Gandcrypt.Llhu
Ad-AwareTrojan.BRMon.Gen.4
SophosMal/Generic-R + Mal/GandCrab-B
ComodoTrojWare.Win32.TrojanSpy.Ursnif.EM@7vyz23
DrWebTrojan.PWS.Stealer.23869
VIPRETrojan.Win32.Generic!BT
TrendMicroMal_HPGen-50
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.3c5e0553238b26a4
EmsisoftTrojan.BRMon.Gen.4 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1106537
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan[Ransom]/Win32.GandCrypt
MicrosoftTrojan:Win32/Predator!ml
ArcabitTrojan.BRMon.Gen.4
AegisLabTrojan.Win32.GandCrypt.4!c
ZoneAlarmTrojan-Ransom.Win32.GandCrypt.evt
GDataWin32.Trojan-Ransom.GandCrab.U
AhnLab-V3Win-Trojan/MalPe34.Suspicious.X2029
Acronissuspicious
VBA32BScope.Trojan.Fuery
MAXmalware (ai score=100)
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallMal_HPGen-50
RisingRansom.GandCrypt!8.F33E (CLOUD)
YandexTrojan.GenAsa!tRRhLL3XKiA
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GKSY!tr
PandaTrj/Genetic.gen
Qihoo-360Win32/Ransom.GandCrab.HwoCyAQA

How to remove Win32/Kryptik.GKTD?

Win32/Kryptik.GKTD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment