Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Malware
Threat report

Win32/Kryptik.GUKE removal

Published Nov 3, 2021 Malware category 3 min read
Report context

What to verify before removal

This report keeps Win32/Kryptik.GUKE removal in the active library because the detection has enough technical context to support a careful second-opinion scan and cleanup decision.

The technical section is meant to connect the detection name with observable evidence such as persistence entries, dropped files, unusual processes, and browser or network changes. Compare the identifiers here with the local file before deleting anything, then use the cleanup workflow to scan, quarantine, and verify the system state.

  • Confirm the detection name matches Win32/Kryptik.GUKE removal before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Win32/Kryptik.GUKE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Kryptik.GUKE virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

Related domains:

mooreny.top
ip-api.com

How to determine Win32/Kryptik.GUKE?



File Info:

crc32: 924A1D6B
md5: 5346d91126ef6808754c60562610755b
name: 5346D91126EF6808754C60562610755B.mlw
sha1: e7d5045be680f29b3a743a36110cd3897d1d5803
sha256: f3cd869fdd26aac5ccc06a34241eabf9f53917b4607772dd7b29b54e3785de76
sha512: ef40f4b5a4b7c18db63918cd3926ddc747eb7a1c85b530f3076372bbe47965bb352afd2e588622ce1762590ee0ed189cb8be58fd457c979a42afbbe6e95358dd
ssdeep: 12288:+6E5pASLcRX6WWps2fAtPid4TFUGUmD7ZyRAOtAhsrgO58kETwjiHOA:+6EgDRX6GOWKd4TLARAOCCUOGkEkjiH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Win32/Kryptik.GUKE also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Ransom.Stop.MP4
ALYac Trojan.GenericKDZ.56886
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.126ef6
Cyren W32/Kryptik.ZO.gen!Eldorado
Symantec Packed.Generic.525
ESET-NOD32 a variant of Win32/Kryptik.GUKE
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.GenericKDZ.56886
MicroWorld-eScan Trojan.GenericKDZ.56886
Ad-Aware Trojan.GenericKDZ.56886
Sophos Mal/Generic-R + Mal/GandCrab-G
Comodo TrojWare.Win32.Fakecsrss.AV@88nqyj
BitDefenderTheta Gen:NN.ZexaF.34170.PuW@aG0ycOhG
TrendMicro Trojan.Win32.SODINOK.SM.hp
McAfee-GW-Edition BehavesLike.Win32.Generic.jh
FireEye Generic.mg.5346d91126ef6808
Emsisoft Trojan.GenericKDZ.56886 (B)
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Chapak.ewn
Avira TR/AD.VidarStealer.blrs
eGambit Unsafe.AI_Score_99%
Microsoft Trojan:Win32/Mufila.DSK!MTB
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.GenericKDZ.56886
AhnLab-V3 Win-Trojan/MalPe18.Suspicious.X1989
Acronis suspicious
McAfee GenericRXHW-HZ!5346D91126EF
MAX malware (ai score=88)
VBA32 BScope.Backdoor.Backboot
Malwarebytes Trojan.MalPack.GS.Generic
TrendMicro-HouseCall Trojan.Win32.SODINOK.SM.hp
Rising Trojan.Generic@ML.100 (RDML:XGHBGfceD4+R9CqGFg4YvQ)
Yandex Trojan.Agent!9cgpL2/L8tY
Ikarus Trojan.Crypt
Fortinet W32/CoinMiner.EKYZ!tr
AVG Win32:Malware-gen

How to remove Win32/Kryptik.GUKE?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.