Malware

Win32/Kryptik.GKTL information

Malware Removal

The Win32/Kryptik.GKTL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.GKTL virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (5 unique times)
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Behavior consistent with a dropper attempting to download the next stage.
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
static.16.249.201.195.clients.your-server.de
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com
crl.usertrust.com

How to determine Win32/Kryptik.GKTL?


File Info:

crc32: D5DC39D1
md5: 21ad08bd5d8b7a10e01d8fe109bcbef2
name: 21AD08BD5D8B7A10E01D8FE109BCBEF2.mlw
sha1: dc2c7b7c9d689af5cab7b079aa922fab2ca5b6cd
sha256: 1a6a7cc815d767ad772783b7e7100daa5d2eb723101c5ef3d01e5fdd73b86b47
sha512: 3592ca0fbc24ceeb9e9b9a5b0d6366e7ce37d5a484c744c16d5f2cc396330d4960d6cc4892579d80b0760a716079ef6dcfe23ecd8121d9c484d0e272a3534701
ssdeep: 24576:uj+zeGSdExSqdxxB8e+c8s8Hk7aqOXWnVR:uqVYg80UHXqzVR
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: Installer/Uninstaller
FileVersion: 28,0,0,161
CompanyName: Systems Incorporated
ProductName: Installer/Uninstaller
ProductVersion: 28,0,0,161
FileDescription: Installer/Uninstaller
OriginalFilename: FlashUtil.exe
Translation: 0x0409 0x04b0

Win32/Kryptik.GKTL also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053c4e01 )
DrWebTrojan.InstallCube.3714
CynetMalicious (score: 100)
CAT-QuickHealTrojan.IGENERICPMF.S3577729
ALYacApplication.Bundler.ICLoader.5.Gen
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1492205
SangforSuspicious.Win32.Save.a
AlibabaTrojan:Win32/Katusha.9c93db5d
K7GWTrojan ( 0053c4e01 )
Cybereasonmalicious.d5d8b7
CyrenW32/ICLoader.BL.gen!Eldorado
SymantecPUA.ICLoader
ESET-NOD32a variant of Win32/Kryptik.GKTL
APEXMalicious
AvastWin32:DangerousSig [Trj]
ClamAVWin.Packed.Icloader-7057426-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderApplication.Bundler.ICLoader.5.Gen
NANO-AntivirusTrojan.Win32.InstallCube.fhnitp
MicroWorld-eScanApplication.Bundler.ICLoader.5.Gen
TencentMalware.Win32.Gencirc.10cc6084
Ad-AwareApplication.Bundler.ICLoader.5.Gen
SophosGeneric PUA NM (PUA)
ComodoApplication.Win32.ICLoader.GS@84429a
BitDefenderThetaGen:NN.ZexaF.34236.or1@a8gkk4li
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionGenericRXGM-DQ!21AD08BD5D8B
FireEyeGeneric.mg.21ad08bd5d8b7a10
EmsisoftApplication.AdFile (A)
SentinelOneStatic AI – Malicious PE
AviraTR/ICLoader.Gen8
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.2804C97
MicrosoftPUADlManager:Win32/InstallCube
GDataApplication.Bundler.ICLoader.5.Gen
AhnLab-V3PUP/Win32.ICLoader.R237220
Acronissuspicious
McAfeeGenericRXGM-DQ!21AD08BD5D8B
VBA32BScope.Trojan.InstallCube
MalwarebytesAdware.FileTour.BatBitRst
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.AA23 (CLASSIC)
YandexTrojan.GenAsa!PPMCFhdOlIA
IkarusPUA.ICLoader
MaxSecurePacked.Packed.WIN32.Katusha.gen_212003
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:DangerousSig [Trj]

How to remove Win32/Kryptik.GKTL?

Win32/Kryptik.GKTL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment