Categories: Malware

Should I remove “Win32/Kryptik.GKTD”?

The Win32/Kryptik.GKTD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GKTD virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Turkish
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Anomalous binary characteristics

How to determine Win32/Kryptik.GKTD?


File Info:
crc32: D0469195md5: 3c5e0553238b26a42dbda106b53942f1name: 3C5E0553238B26A42DBDA106B53942F1.mlwsha1: 98f0b2843b4a902eabaea1632bf0b1e1172b576esha256: 73537ff1f2b9bb5ca386c6963e249d12f51f000f7c148f27f28b94879aa26bdfsha512: f7c7f0be69f12e6f2f19f9db3926e7b6f38969ea4010944dc638b8bcfacc9ff39496c8b61f7276f45f1daebe7791f617f439cc12a7bb92b2abb7c4802642ef62ssdeep: 3072:WeZES1O+tSng+L4XctpYlQy80T5Ztu5xR/oAYnqrG9gwVNBX/8:BjA3gItuaq1Z8QSQgMX/8type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
InternalName: sdafsdgsfdg.exeFileVersion: 1.0.0.1Translation: 0x0809 0x04b0

Win32/Kryptik.GKTD also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0053c6c71 )
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.BRMon.Gen.4
McAfee	Packed-FLX!3C5E0553238B
Cylance	Unsafe
Zillya	Trojan.GandCrypt.Win32.588
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Trojan.BRMon.Gen.4
K7GW	Trojan ( 0053c6c71 )
Cybereason	malicious.3238b2
BitDefenderTheta	Gen:NN.ZexaF.34670.ku0@aihi!HhG
Cyren	W32/Kryptik.IF.gen!Eldorado
Symantec	Packed.Generic.525
ESET-NOD32	a variant of Win32/Kryptik.GKTD
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.GandCrypt.evt
Alibaba	Ransom:Win32/GandCrypt.002002
NANO-Antivirus	Trojan.Win32.GandCrypt.fhrdoa
SUPERAntiSpyware	Ransom.GandCrab/Variant
Tencent	Win32.Trojan.Gandcrypt.Llhu
Ad-Aware	Trojan.BRMon.Gen.4
Sophos	Mal/Generic-R + Mal/GandCrab-B
Comodo	TrojWare.Win32.TrojanSpy.Ursnif.EM@7vyz23
DrWeb	Trojan.PWS.Stealer.23869
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Mal_HPGen-50
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
FireEye	Generic.mg.3c5e0553238b26a4
Emsisoft	Trojan.BRMon.Gen.4 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1106537
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan[Ransom]/Win32.GandCrypt
Microsoft	Trojan:Win32/Predator!ml
Arcabit	Trojan.BRMon.Gen.4
AegisLab	Trojan.Win32.GandCrypt.4!c
ZoneAlarm	Trojan-Ransom.Win32.GandCrypt.evt
GData	Win32.Trojan-Ransom.GandCrab.U
AhnLab-V3	Win-Trojan/MalPe34.Suspicious.X2029
Acronis	suspicious
VBA32	BScope.Trojan.Fuery
MAX	malware (ai score=100)
Malwarebytes	Trojan.MalPack
TrendMicro-HouseCall	Mal_HPGen-50
Rising	Ransom.GandCrypt!8.F33E (CLOUD)
Yandex	Trojan.GenAsa!tRRhLL3XKiA
Ikarus	Trojan.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GKSY!tr
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Ransom.GandCrab.HwoCyAQA