Win32/Kryptik.GUWV malicious file

The Win32/Kryptik.GUWV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.GUWV virus can do?

Executable code extraction
Creates RWX memory
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Kryptik.GUWV?


File Info:
crc32: 57330F6A
md5: e5a972508102bc3ea3fa6eb07561d846
name: E5A972508102BC3EA3FA6EB07561D846.mlw
sha1: 50df74351e75dbc6b51f37d5cc50092c80c2dada
sha256: e0a79f643ca57d0804b2ec37c4e44dc333a3e6377c00411dfc3b37d8f5003387
sha512: 921dddae283313e95b9774bce18bc6bbf6da1015fcb8cc24878e7d1d9d33f8a6e97e0fd8083c18e764aef3065bcfd80a4c1a8833b4545db5b22cfbf0d484bfa6
ssdeep: 6144:cKWkqA/H9gUfx3DhX7zl88+XqDngrbiQl3YmJKNYVlbXkG+6rfJQBi6US0l0Ct:cVkqwdZDhX3S8FDgiQOmNlbXkKzxJ5t
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (C) 2019, ghjhfkh
InternalName: fghfhjkngfk.exe
FileVersion: 1.0.5.4
ProductVersion: 1.9.6
Translation: 0x0841 0x04c4

Win32/Kryptik.GUWV also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 00555e5a1 )
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.26541
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Stop.MP4
ALYac	Trojan.Agent.Wacatac
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.1714553
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Kryptik.7e66c365
K7GW	Trojan ( 00553c571 )
Cybereason	malicious.08102b
Symantec	Packed.Generic.525
ESET-NOD32	a variant of Win32/Kryptik.GUWV
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.BrsecmonE.1
NANO-Antivirus	Trojan.Win32.Predator.ftzsjq
MicroWorld-eScan	Trojan.BrsecmonE.1
Tencent	Win32.Trojan.Generic.Akyr
Ad-Aware	Trojan.BrsecmonE.1
Sophos	Mal/Generic-S + Troj/Agent-BCFQ
Comodo	TrojWare.Win32.Wacatac.ST@8g39fc
BitDefenderTheta	Gen:NN.ZexaF.34170.By0@aKmyMZjG
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Trojan.Win32.SODINOK.SM.hp
McAfee-GW-Edition	BehavesLike.Win32.Generic.gh
FireEye	Generic.mg.e5a972508102bc3e
Emsisoft	Trojan.BrsecmonE.1 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.PSW.Predator.ic
Avira	TR/AD.PredatorThief.fhd
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.2C1698D
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/CryptInject
GData	Trojan.BrsecmonE.1
AhnLab-V3	Win-Trojan/MalPe22.Suspicious.X1995
Acronis	suspicious
McAfee	GenericRXIF-NQ!E5A972508102
VBA32	TrojanPSW.Stealer
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Trojan.Win32.SODINOK.SM.hp
Rising	Trojan.Kryptik!1.BA76 (CLASSIC)
Ikarus	Trojan.Krypt
MaxSecure	Trojan.Malware.74449336.susgen
Fortinet	W32/Kryptik.GWIV!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Win32/Kryptik.GUWV?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.GUWV malicious file