Malware

Win32/Kryptik.GLBQ removal

Malware Removal

The Win32/Kryptik.GLBQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GLBQ virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (7 unique times)
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Anomalous binary characteristics

Related domains:

www.billerimpex.com
www.macartegrise.eu
www.poketeg.com
perovaphoto.ru
asl-company.ru
www.fabbfoundation.gm
www.perfectfunnelblueprint.com
www.wash-wear.com
pp-panda74.ru
cevent.net
bellytobabyphotographyseattle.com
alem.be
apps.identrust.com
crl.identrust.com
boatshowradio.com
dna-cp.com
acbt.fr
r3.o.lencr.org
wpakademi.com
www.cakav.hu
www.mimid.cz
6chen.cn
goodapd.website
oceanlinen.com
tommarmores.com.br
nesten.dk
zaeba.co.uk
www.n2plus.co.th
koloritplus.ru
h5s.vn
marketisleri.com
www.toflyaviacao.com.br
www.rment.in
www.lagouttedelixir.com
www.krishnagrp.com
big-game-fishing-croatia.hr
ocsp.digicert.com
mauricionacif.com
www.ismcrossconnect.com
aurumwedding.ru
test.theveeview.com
relectrica.com.mx
ocsp.comodoca.com
bethel.com.ve
vjccons.com.vn
bloghalm.eu
cyclevegas.com
royal.by
www.himmerlandgolf.dk
hoteltravel2018.com
picusglancus.pl
unnatimotors.in
krasnaypolyana123.ru
smbardoli.org
blokefeed.club
evotech.lu
devdev.com.br
graftedinn.us

How to determine Win32/Kryptik.GLBQ?



File Info:

crc32: 7E4F6FED
md5: 31d8c6407bc4031bea3c96256288be8a
name: 31D8C6407BC4031BEA3C96256288BE8A.mlw
sha1: e0155131a512863c1247ee0a93f3e9ec895e16c4
sha256: 4e8398dda87b24d77499d2810d2d611ccb33a53cd0ce63dd34bd149ab3264639
sha512: e386d2247af78b57fbfb98b1bd9f0ef375f2ca33b8c1bf619726f905f9540e8869e3aba236d40f59812e49f3c984f65d31d8d9edd9ffc723a7591fca66c22547
ssdeep: 3072:Tzhfg25Xa1Ed7r0lKxuinflxT9JUCstRIG3G6fHE8msTdqCO/CU1yMjMeC0RnOYq:P52/in9cRvG6fHmsJqBDcAMeCsyP
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Win32/Kryptik.GLBQ also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zard.24
FireEyeGeneric.mg.31d8c6407bc4031b
McAfeeGenericRXGM-GK!31D8C6407BC4
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053d5bb1 )
BitDefenderGen:Heur.Mint.Zard.24
K7GWTrojan ( 0053d5bb1 )
Cybereasonmalicious.07bc40
BitDefenderThetaGen:NN.ZexaF.34590.tqW@ame3M1dO
APEXMalicious
KasperskyTrojan-Ransom.Win32.GandCrypt.gra
NANO-AntivirusTrojan.Win32.GandCrypt.fkopnc
AvastWin32:Trojan-gen
ComodoMalware@#18tth1txb0eh3
ZillyaTrojan.GandCrypt.Win32.1638
EmsisoftGen:Heur.Mint.Zard.24 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.XPACK.Gen2
Antiy-AVLTrojan[Ransom]/Win32.GandCrypt
ArcabitTrojan.Mint.Zard.24
ZoneAlarmTrojan-Ransom.Win32.GandCrypt.gra
CynetMalicious (score: 100)
VBA32TrojanRansom.GandCrypt
ALYacGen:Heur.Mint.Zard.24
ESET-NOD32a variant of Win32/Kryptik.GLBQ
RisingTrojan.Generic@ML.90 (RDML:u2vYWVCBjN0YHslpxDiqFA)
YandexTrojan.GandCrypt!jbOXi1X5Aks
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_97%
FortinetW32/Kryptik.GKVK!tr
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Win32/Kryptik.GLBQ?

Win32/Kryptik.GLBQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment