Categories: Malware

Should I remove “Win32/Kryptik.GXVL”?

The Win32/Kryptik.GXVL file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Kryptik.GXVL virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
A named pipe was used for inter-process communication
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Writes a potential ransom message to disk
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.GXVL?

General:

Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: Mal/GandCrab-G

File Info:

Name: starticon9.exe

Size: 773120

Type: PE32 executable (GUI) Intel 80386, for MS Windows

MD5: 959b266cad13ba35aee35d8d4b723ed4

SHA1: 026d092515263021e450372713937d0c4f352e2f

SH256: 08b6c38e79c9ac0ce7a7fafaaae1334c41d70b860ff2c8eb6b2742c58cdb06b3

Version Info:

[No Data]

Win32/Kryptik.GXVL also known as:

ALYac	Trojan.Ransom.Stop
APEX	Malicious
AVG	Win32:DropperX-gen [Drp]
Acronis	suspicious
Ad-Aware	Trojan.GenericKD.41974832
AegisLab	Trojan.Win32.Zbot.m6l9
AhnLab-V3	Malware/Win32.RL_Generic.R297089
Alibaba	Trojan:Win32/Predator.7ed223b1
Antiy-AVL	RiskWare[NetTool]/Win32.TorTool
Arcabit	Trojan.Generic.D2807C30
Avast	Win32:DropperX-gen [Drp]
Avira	TR/AD.InstaBot.jleif
BitDefender	Trojan.GenericKD.41974832
BitDefenderTheta	Gen:NN.ZexaF.32251.VGW@aeeCGBn
CAT-QuickHeal	Trojan.WacatacPMF.S8723888
ClamAV	Win.Malware.Generic-7372283-0
Comodo	Malware@#x2jh9mfu691o
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.515263
Cylance	Unsafe
Cyren	W32/Trojan.ELLK-4283
DrWeb	Trojan.Encoder.858
ESET-NOD32	a variant of Win32/Kryptik.GXVL
Endgame	malicious (high confidence)
F-Prot	W32/Kryptik.API.gen!Eldorado
F-Secure	Trojan.TR/AD.InstaBot.jleif
FireEye	Generic.mg.959b266cad13ba35
Fortinet	Riskware/TorTool
GData	Trojan.GenericKD.41974832
Ikarus	Packed.Win32.Crypt
Invincea	heuristic
Jiangmin	NetTool.TorTool.aj
K7AntiVirus	Trojan ( 0055ac071 )
K7GW	Trojan ( 0055ac071 )
Kaspersky	not-a-virus:HEUR:NetTool.Win32.TorTool.vho
MAX	malware (ai score=100)
Malwarebytes	Trojan.MalPack.GS.Generic
McAfee	RDN/Generic PUP.z
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.bc
MicroWorld-eScan	Trojan.GenericKD.41974832
Microsoft	Trojan:Win32/Predator.PA!MTB
NANO-Antivirus	Trojan.Win32.Mlw.gfkhxv
Paloalto	generic.ml
Panda	Generic Malware
Qihoo-360	HEUR/QVM10.2.EEFB.Malware.Gen
Rising	Trojan.Kryptik!1.BED3 (CLASSIC)
SentinelOne	DFI – Malicious PE
Sophos	Mal/GandCrab-G
Symantec	Trojan Horse
Trapmine	malicious.high.ml.score
TrendMicro	Ransom.Win32.STOP.THKODAI
TrendMicro-HouseCall	Ransom.Win32.STOP.THKODAI
VBA32	Trojan.Azden
VIPRE	Trojan.Win32.Generic!BT
Webroot	W32.Trojan.Gen
Yandex	Trojan.Kryptik!P506+tUm8wk
Zillya	Trojan.Kryptik.Win32.1819028
ZoneAlarm	not-a-virus:HEUR:NetTool.Win32.TorTool.vho