Categories: Malware

Win32/Kryptik.GUFP removal

The Win32/Kryptik.GUFP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.GUFP virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Ursnif3 malware family

How to determine Win32/Kryptik.GUFP?


File Info:

name: D03A4F5ABE81827FDACF.mlwpath: /opt/CAPEv2/storage/binaries/685a702b80118d7d27d903b87e4c1f74e5dc53d438fa883bcc3bf4cfcaaa9093crc32: 94EA4248md5: d03a4f5abe81827fdacfb4e6097eb23fsha1: 850cd4875ebd6a74b3f8cb70f6e039b5e10b1e29sha256: 685a702b80118d7d27d903b87e4c1f74e5dc53d438fa883bcc3bf4cfcaaa9093sha512: d3cafda7a1df3d35768045808cd7f02f0da38ce8c9b502c8be61758d75a638b510ff53fda336ca454b0c2081569223bc83bc8ef4797f7f5fbfd636293fbe9bedssdeep: 12288:1V3BBccxdqbp+lCPuYMJcpxD4fibfDvl:XVy+lUuY8qxDKaptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BEE4E6336E919C6CE4AACEF41AAA41655C68EE50BF3080CB258131DA45FD9D07B3DED3sha3_384: 569e53ad365a5159656d0195747ffc4630a738ab133fadccc63c316ff8b396409b6769f21f2e761b1d05ed3cdb8a003bep_bytes: 558bece858fdffff5dc3cccccccccccctimestamp: 2016-06-24 11:04:30

Version Info:

CompanyName: Netpeak PiecethingFileDescription: Whycompany ParentthanFileVersion: 14.4.93.50 DuringfourInternalName: devenv.exeLegalCopyright: © Netpeak Piecething.All rights reserved.OriginalFilename: An.exeProductName: Whycompany ParentthanProductVersion: 14.4.93.50Translation: 0x0409 0x04b0

Win32/Kryptik.GUFP also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Gozi.10!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Mint.Zard.53
ClamAV Win.Malware.Ursnif-7001379-1
FireEye Generic.mg.d03a4f5abe81827f
McAfee GenericRXIX-GN!D03A4F5ABE81
Cylance Unsafe
VIPRE Gen:Heur.Mint.Zard.53
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00550b4a1 )
Alibaba TrojanBanker:Win32/Kryptik.e9f0569c
K7GW Trojan ( 00550b4a1 )
CrowdStrike win/malicious_confidence_100% (W)
ESET-NOD32 a variant of Win32/Kryptik.GUFP
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Trojan-Banker.Win32.Gozi.div
BitDefender Gen:Heur.Mint.Zard.53
NANO-Antivirus Trojan.Win32.Gozi.fryudx
Avast Win32:Malware-gen
Tencent Malware.Win32.Gencirc.10b9b0eb
Ad-Aware Gen:Heur.Mint.Zard.53
Emsisoft Gen:Heur.Mint.Zard.53 (B)
Comodo Malware@#3rm3qr3i8oruh
DrWeb Trojan.Gozi.513
Zillya Trojan.Gozi.Win32.2391
TrendMicro TROJ_GEN.R002C0PG822
McAfee-GW-Edition GenericRXIX-GN!D03A4F5ABE81
Trapmine malicious.moderate.ml.score
Sophos Mal/Generic-S + Mal/EncPk-AOY
SentinelOne Static AI – Suspicious PE
GData Gen:Heur.Mint.Zard.53
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1210433
MAX malware (ai score=99)
Antiy-AVL Trojan/Generic.ASMalwS.498F
Kingsoft Win32.Troj.Banker.(kcloud)
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Trojan/Win32.Ursnif.R278315
ALYac Gen:Heur.Mint.Zard.53
TACHYON Banker/W32.Gozi.678912
VBA32 TrojanBanker.Gozi
Malwarebytes Malware.AI.4239500580
TrendMicro-HouseCall TROJ_GEN.R002C0PG822
Rising Trojan.Kryptik!8.8 (TFE:5:T6Z9CDvQQIT)
Yandex Trojan.PWS.Gozi!JhY1F9ajz9Q
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.74406979.susgen
Fortinet W32/Kryptik.GUFP!tr
BitDefenderTheta Gen:NN.ZexaF.34698.PC0@aqO0wMei
AVG Win32:Malware-gen
Cybereason malicious.abe818
Panda Trj/GdSda.A

How to remove Win32/Kryptik.GUFP?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

1 week ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

1 week ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

1 week ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

1 week ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

1 week ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

1 week ago