Malware

Win32/Kryptik.GWU malicious file

Malware Removal

The Win32/Kryptik.GWU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GWU virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Win32/Kryptik.GWU?



File Info:

name: 10CFB44F4440E925C78C.mlw
path: /opt/CAPEv2/storage/binaries/e939494e7252d550f2ac2af751bb69d3f4021591bcf26aa1f18306e51d9d002f
crc32: 911D8CB6
md5: 10cfb44f4440e925c78c1751da05c9fd
sha1: a9032f2944c96d100e980a23d09f52ea3d9b4197
sha256: e939494e7252d550f2ac2af751bb69d3f4021591bcf26aa1f18306e51d9d002f
sha512: 6974d0c227a1a8cbffab5c029cfb88bb2b2d01ee7d3063b4b9402bc9fe160358e1a1b5666161e0ecc546f668411cf94ecb2b262cabb6c3049e53460c8e4ffe02
ssdeep: 3072:82qncqHrHJFOukJLS1rWriV/um/8SwMXapWW/RhZ:82qcqHJEuk41hFLiMXGWW/d
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B9E3F16771E43F05C63B7EF63047CE3DD869452B2568A5E8E3DE4382A9F1EA4053A06C
sha3_384: 792e4be1a2a0cbde2435af3abd3ce0a349efc084a518560fe844b109918497ea15d46fb5438fc44b76252cfb2c5a1e06
ep_bytes: 60be153035018dbeebdf0aff57eb0b90
timestamp: 2004-04-14 12:38:05


Version Info:

0: [No Data]

Win32/Kryptik.GWU also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.387
MicroWorld-eScanGen:Variant.Zbot.23
FireEyeGeneric.mg.10cfb44f4440e925
McAfeePWS-Zbot.gen.pp
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.208437
SangforSuspicious.Win32.Save.a
AlibabaTrojanPSW:Win32/Kryptik.eba6e8b8
Cybereasonmalicious.f4440e
BitDefenderThetaAI:Packer.0A82CE421E
VirITTrojan.Win32.Cryptic.AZT
CyrenW32/Zbot.AU.gen!Eldorado
SymantecTrojan.Zbot
ESET-NOD32a variant of Win32/Kryptik.GWU
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-675653
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zbot.23
NANO-AntivirusTrojan.Win32.Panda.cpcbf
SUPERAntiSpywareTrojan.Agent/Gen-Zeus
AvastWin32:Malware-gen
TencentWin32.Trojan.Spy.Dxnj
Ad-AwareGen:Variant.Zbot.23
SophosMal/Generic-R + Mal/Zbot-U
ComodoMalware@#fdx5363ihrhj
VIPREPacked.Win32.Zbot.gen.y.7 (v)
McAfee-GW-EditionBehavesLike.Win32.ZBot.cc
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Variant.Zusy.345 (B)
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Zbot.23
JiangminTrojan/Generic.bbuu
WebrootW32.Malware.Gen
AviraTR/Spy.Zbot.acyp
Antiy-AVLTrojan/Generic.ASMalwS.184A71D
ViRobotTrojan.Win32.A.Zbot.145408.BS
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R37324
ALYacGen:Variant.Zbot.23
VBA32Trojan.Zeus.EA.0999
APEXMalicious
RisingSpyware.Zbot!8.16B (TFE:5:srPWp0ziW1V)
YandexTrojan.GenAsa!jAQEp+U3/d0
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Zbot.U!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Kryptik.GWU?

Win32/Kryptik.GWU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment