The Win32/Kryptik.GYFP file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
What Win32/Kryptik.GYFP virus can do?
- Executable code extraction
- At least one process apparently crashed during execution
- Creates RWX memory
- Possible date expiration check, exits too soon after checking local time
- Drops a binary and executes it
- Deletes its original binary from disk
- Attempts to remove evidence of file being downloaded from the Internet
- Attempts to repeatedly call a single API many times in order to delay analysis time
- Installs itself for autorun at Windows startup
- Checks the system manufacturer, likely for anti-virtualization
- Creates a copy of itself
- Anomalous binary characteristics
How to determine Win32/Kryptik.GYFP?
General:
Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: Trojan.GenericKD.42009984
File Info:
Name: h9wkn_80.exe
Size: 584214
Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5: d28c6e8dec5d3f5b9d18c04c0078abc2
SHA1: 06fae14406bc9e3d64b3adb244e6423f01a1d568
SH256: b6fd47b0370579b700bcd0f22141bb87d2278580e4e04d43e83e152154d750d5
Version Info:
[No Data]
Win32/Kryptik.GYFP also known as:
| ALYac | Trojan.Agent.Emotet |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.42009984 |
| AegisLab | Trojan.Win32.Generic.4!c |
| AhnLab-V3 | Malware/Win32.Generic.C3559579 |
| Alibaba | Trojan:Win32/Emotet.48d09dbe |
| Antiy-AVL | Trojan[Banker]/Win32.Emotet |
| Arcabit | Trojan.Generic.D2810580 |
| Avast | Win32:Malware-gen |
| Avira | TR/AD.Emotet.cxhta |
| BitDefender | Trojan.GenericKD.42009984 |
| BitDefenderTheta | Gen:NN.ZexaF.32250.JOX@aSMID0gG |
| Comodo | Malware@#3r3w9nysm7wad |
| CrowdStrike | win/malicious_confidence_60% (W) |
| Cybereason | malicious.406bc9 |
| Cylance | Unsafe |
| Cyren | W32/Trojan.IXEV-5483 |
| DrWeb | Trojan.DownLoader30.39010 |
| ESET-NOD32 | a variant of Win32/Kryptik.GYFP |
| Endgame | malicious (moderate confidence) |
| F-Prot | W32/Casur.Q.gen!Eldorado |
| F-Secure | Trojan.TR/AD.Emotet.cxhta |
| FireEye | Generic.mg.d28c6e8dec5d3f5b |
| Fortinet | W32/GenKryptik.DXOD!tr |
| GData | Trojan.GenericKD.42009984 |
| Ikarus | Trojan-Banker.Emotet |
| Invincea | heuristic |
| K7AntiVirus | Trojan ( 0055b4da1 ) |
| K7GW | Trojan ( 0055b4da1 ) |
| Kaspersky | Trojan-Banker.Win32.Emotet.easr |
| MAX | malware (ai score=99) |
| Malwarebytes | Trojan.TrickBot |
| McAfee | RDN/Emotet |
| McAfee-GW-Edition | RDN/Emotet |
| MicroWorld-eScan | Trojan.GenericKD.42009984 |
| Microsoft | Trojan:Win32/Emotet.AH!MSR |
| Paloalto | generic.ml |
| Panda | Trj/CI.A |
| Qihoo-360 | HEUR/QVM01.1.36B5.Malware.Gen |
| Rising | Trojan.Generic@ML.95 (RDML:8U7MQ7I97z4mVlu1x1RpAw) |
| SentinelOne | DFI – Suspicious PE |
| Sophos | Mal/EncPk-APC |
| Symantec | Trojan Horse |
| TrendMicro | TrojanSpy.Win32.EMOTET.SMD.hp |
| TrendMicro-HouseCall | TROJ_GEN.R002H09KC19 |
| VBA32 | Trojan.Casur |
| VIPRE | Trojan.Win32.Generic!BT |
| Webroot | W32.Trojan.Emotet |
| ZoneAlarm | Trojan-Banker.Win32.Emotet.easr |
How to remove Win32/Kryptik.GYFP?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment