Win32/Kryptik.GYEZ (file analysis)

The Win32/Kryptik.GYEZ file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Kryptik.GYEZ virus can do?

• Executable code extraction
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Mimics the system’s user agent string for its own requests
• Expresses interest in specific running processes
• Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
• Drops a binary and executes it
• Deletes its original binary from disk
• Attempts to remove evidence of file being downloaded from the Internet
• Attempts to repeatedly call a single API many times in order to delay analysis time
• Installs itself for autorun at Windows startup
• Creates a copy of itself
• Anomalous binary characteristics

How to determine Win32/Kryptik.GYEZ?

General:
Operating System: Windows 7 / 8 / 8.1 / 10
Virus Name: W32.Trojan.Gen


File Info:
Name: e0bw719.exe
Size: 748906
Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5: a250cac74c010332503120fd2d895c5a
SHA1: 3d54b939d72c5f4414451a374b0b47c76a1bac86
SH256: ee4a69b385b0e5d861e321420ea93c60e60505cd7f9b984aa1404fcd1998d099
 
Version Info:
 [No Data] 

Win32/Kryptik.GYEZ also known as:

ALYac	Trojan.Agent.Emotet
AVG	FileRepMalware
Ad-Aware	Trojan.Autoruns.GenericKDS.32704618
AegisLab	Trojan.Win32.Emotet.L!c
AhnLab-V3	Trojan/Win32.Emotet.R298664
Alibaba	Trojan:Win32/Emotet.aa5d947e
Arcabit	Trojan.Autoruns.GenericS.D1F3086A
Avira	TR/AD.Emotet.owart
BitDefender	Trojan.Autoruns.GenericKDS.32704618
BitDefenderTheta	Gen:NN.ZexaCO3.32250.TOX@aWtJ6dl
Comodo	Malware@#2ty79p5a7u66m
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.9d72c5
Cyren	W32/Kryptik.AQA.gen!Eldorado
DrWeb	Trojan.Emotet.775
ESET-NOD32	a variant of Win32/Kryptik.GYEZ
Endgame	malicious (high confidence)
F-Prot	W32/Emotet.AAV.gen!Eldorado
F-Secure	Trojan.TR/AD.Emotet.owart
FireEye	Generic.mg.a250cac74c010332
Fortinet	W32/Dapato.PZNU!tr
GData	Trojan.Autoruns.GenericKDS.32704618
Ikarus	Trojan-Banker.Emotet
Invincea	heuristic
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Kaspersky	Trojan-Banker.Win32.Emotet.eaia
MAX	malware (ai score=85)
Malwarebytes	Trojan.Injector
McAfee	Emotet-FOL!A250CAC74C01
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.bh
MicroWorld-eScan	Trojan.Autoruns.GenericKDS.32704618
Microsoft	Trojan:Win32/Emotet.SK!MSR
NANO-Antivirus	Trojan.Win32.Emotet.ggtvtw
Paloalto	generic.ml
Panda	Trj/Agent.PM
Qihoo-360	Win32/Trojan.d35
Rising	Trojan.Generic@ML.94 (RDML:eMZ9PTKEj980fnzBgUVmXw)
SentinelOne	DFI – Malicious PE
Sophos	Mal/EncPk-APC
Symantec	Trojan Horse
Trapmine	malicious.moderate.ml.score
TrendMicro	TROJ_GEN.R057C0DKC19
TrendMicro-HouseCall	TROJ_GEN.R057C0DKC19
VBA32	Trojan.Emotet
VIPRE	Trojan.Win32.Generic!BT
Webroot	W32.Trojan.Gen
ZoneAlarm	Trojan-Banker.Win32.Emotet.eaia

How to remove Win32/Kryptik.GYEZ?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.