Malware

Win32/Kryptik.GOTR removal tips

Malware Removal

The Win32/Kryptik.GOTR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GOTR virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Access the NetLogon registry key, potentially used for discovery or tampering
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the IcedID malware family

How to determine Win32/Kryptik.GOTR?



File Info:

name: 422CBD71019AF1B2159D.mlw
path: /opt/CAPEv2/storage/binaries/05547b44eb4960c3b458e578cf72f3df5ac040189dc3663bcac2c404065f7459
crc32: B5FB76A6
md5: 422cbd71019af1b2159df728f5bf2869
sha1: 4011561ce0a4890aa43b8d00aa5906fd0e70d268
sha256: 05547b44eb4960c3b458e578cf72f3df5ac040189dc3663bcac2c404065f7459
sha512: 3e1872bb03faf82bed32d96107eb0a1475a55b0931d5965be002f2be1c5320a1987f8b8ccf69a50e1ec9ee11583e158577e9013e19701b3aacb8d0f6a0751160
ssdeep: 6144:3tFYpz+ciYpByzP4H9fS2LwWYWGYlMNz:3tFYYSpUzP4HXYPz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172649E42B9D08C69C0E6263B8EDBC9B05919BF160764980733F47F5BFA3B9935912387
sha3_384: 50a2dc7dc25fe32883a0817af03482553c277aad067febc566feac0cb38a0998e0a78b2e7e386d8a75e46f64d38f6f8e
ep_bytes: e827370000e9000000006a146888ed42
timestamp: 2014-12-11 12:23:20


Version Info:

CompanyName: Logic Solutions Hat
ProductVersion: 4.5.59.72
ProductName: Fewdeep
LegalCopyright: Copyright © 2006 Logic Solutions Hat. All rights reserved
FileDescription: Fewdeep
OriginalFilename: singlegood.exe
InternalName: Fewdeep
Translation: 0x0409 0x04b0

Win32/Kryptik.GOTR also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.179205
FireEyeGeneric.mg.422cbd71019af1b2
ALYacGen:Variant.Strictor.179205
CylanceUnsafe
ZillyaTrojan.IcedID.Win32.18
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005438f51 )
K7GWTrojan ( 005438f51 )
Cybereasonmalicious.1019af
CyrenW32/Kryptik.RD.gen!Eldorado
SymantecPacked.Generic.534
ESET-NOD32a variant of Win32/Kryptik.GOTR
APEXMalicious
ClamAVWin.Packed.Icedid-7359860-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Strictor.179205
NANO-AntivirusTrojan.Win32.IcedID.fldeqk
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b216fa
Ad-AwareGen:Variant.Strictor.179205
SophosML/PE-A
ComodoTrojWare.Win32.IcedID.CE@7zzmva
DrWebTrojan.IcedID.15
McAfee-GW-EditionUrsnif-FQIR!422CBD71019A
EmsisoftGen:Variant.Strictor.179205 (B)
IkarusTrojan.Crypt
GDataGen:Variant.Strictor.179205
JiangminTrojan.Banker.IcedID.ep
AviraHEUR/AGEN.1139684
Antiy-AVLTrojan/Generic.ASMalwS.29D656A
ArcabitTrojan.Strictor.D2BC05
SUPERAntiSpywareTrojan.Agent/Gen-IcedID
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Ursnif.R248990
Acronissuspicious
McAfeeUrsnif-FQIR!422CBD71019A
MAXmalware (ai score=89)
VBA32Trojan.Fuerboos
MalwarebytesTrojan.IcedID
RisingTrojan.Generic@ML.99 (RDML:SEn05QpW8Vvy78NhKppoTg)
YandexTrojan.PWS.IcedID!Lfr1B2Nk4yI
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.GNRO!tr
BitDefenderThetaGen:NN.ZexaF.34084.su0@auG16tji
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Win32/Kryptik.GOTR?

Win32/Kryptik.GOTR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment