Malware

Win32/Kryptik.GSQB information

Malware Removal

The Win32/Kryptik.GSQB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GSQB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • CAPE detected the Fareit malware family
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients
  • Anomalous binary characteristics

Related domains:

myp0nysite.ru

How to determine Win32/Kryptik.GSQB?



File Info:

name: 3641D288A33C8FCB7702.mlw
path: /opt/CAPEv2/storage/binaries/4aaedd164321f8fcd667099380a70b836e365d9bd97b7fe403afd1985c1f2754
crc32: A49B10AD
md5: 3641d288a33c8fcb77025ba25e9438d3
sha1: 1bb1d00e52de7fd8220b20f99063c240e5b3cc70
sha256: 4aaedd164321f8fcd667099380a70b836e365d9bd97b7fe403afd1985c1f2754
sha512: c95e6b52e39507ded4c969cfba2028e72973a041ff43b147d857289ae1519e678b2381a1822a35ff846dd7411d175f736489caa52ded45181f5f83385a38e0c2
ssdeep: 12288:9ChpiyjZ+ZLEhzhQ76O4YpRQghJLqy4l6XQ3/aItAxuFkr:6p9Pzk6O4YYEB065xZr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T185E4AD12B7B29131C06221B11696AA355D7DED204B36ADD7BBCF1F096F206C0AF3B671
sha3_384: 204b7986ef6995e4081dbec5ebcdfce02d8286e541d4b24d72f324e064b93dca2a30440e748c56feef6181ca23395767
ep_bytes: e8e1c50000e9000000006a1468389f47
timestamp: 2019-04-29 18:55:41


Version Info:

FileVersion: 6.8.2.3
FileDescription: Gamers Visible Interviews Iptv Bravery
ProductName: Hostid
CompanyName: Hewlett-Packard
LegalCopyright: Copyright (c) 2014 - . All rights reserved. Hewlett-Packard
ProductVersion: 6.8.2.3
Translation: 0x0409 0x04b0

Win32/Kryptik.GSQB also known as:

Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen2.13028
MicroWorld-eScanTrojan.BrsecmonE.1
FireEyeGeneric.mg.3641d288a33c8fcb
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacTrojan.BrsecmonE.1
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1632767
SangforTrojan.Win32.Fareit.ldxvb
K7AntiVirusTrojan ( 0054d1231 )
AlibabaTrojan:Win32/APosT.c3c3f826
K7GWTrojan ( 0054d1231 )
Cybereasonmalicious.8a33c8
BitDefenderThetaGen:NN.ZexaF.34294.Ou0@a4gURqli
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GSQB
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.APosT.hgg
BitDefenderTrojan.BrsecmonE.1
NANO-AntivirusTrojan.Win32.APosT.fptqoq
AvastFileRepMalware
TencentWin32.Trojan.Apost.Liqj
Ad-AwareTrojan.BrsecmonE.1
SophosMal/Generic-S + Mal/Generic-L
ComodoMalware@#3he3ekz16jdh1
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Injector.jh
EmsisoftTrojan.BrsecmonE.1 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.BrsecmonE.1
JiangminTrojan.APosT.sg
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1125203
Antiy-AVLTrojan/Generic.ASMalwS.2B48EDA
MicrosoftTrojan:Win32/Skeeyah.A!bit
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.Generic.C3181763
McAfeeArtemis!3641D288A33C
VBA32BScope.Trojan.APosT
RisingTrojan.Generic@ML.81 (RDML:15L4nV7uAO2IW4nE22Agyg)
YandexTrojan.APosT!wcigr/DV9HE
IkarusTrojan.Crypter
MaxSecureTrojan.Malware.73513158.susgen
FortinetW32/Kryptik.GSQB!tr
WebrootW32.Trojan.GenKD
AVGFileRepMalware
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Win32/Kryptik.GSQB?

Win32/Kryptik.GSQB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment