Win32/Kryptik.GYRN (file analysis)

The Win32/Kryptik.GYRN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Kryptik.GYRN virus can do?

Executable code extraction
Creates RWX memory
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX

How to determine Win32/Kryptik.GYRN?


File Info:
crc32: 755472C0
md5: 29e709ceb0fa00ed56cd9e3ced4fdc70
name: winservices.mnt
sha1: c66bede3d34261c2b86fb9f1d75ac5059c4233b9
sha256: 7aa3ef953f07267af9389d26ce7214cfcef453436c7dee78f39b924d21312464
sha512: d1800ad42f559aabb32b5da4430b68050d9f86ea52c017782d25ee7df31ec7cd238b67e9722125f0ba90faabc47481dfad48ef64c4785c4083969b3b0b766641
ssdeep: 3072:xP0eLiixjEWc6iRczWORSyoUTgu5S+fPZO+vmj6v3CPyf/K:xP1xFBWBrogL+hm+v3
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
Assembly Version: 8.4.3.7
LegalCopyright: Copyright xa9. 1999 - 2014 The OpenSSL Project, http://www.openssl.org/
InternalName: CdcBasic
FileVersion: 8.4.3.7
CompanyName: The OpenSSL Project, http://www.openssl.org/
FileDescription: Migration Market Aps
LegalTrademarks: Copyright xa9. 1999 - 2014 The OpenSSL Project, http://www.openssl.org/
Comments: Migration Market Aps
ProductName: CdcBasic
Languages: English
ProductVersion: 8.4.3.7
PrivateBuild: 8.4.3.7
OriginalFilename: CdcBasic.exe
Translation: 0x0409 0x04b0

Win32/Kryptik.GYRN also known as:

MicroWorld-eScan	Trojan.GenericKD.32739178
McAfee	RDN/Generic.hbg
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 0055c0431 )
K7GW	Trojan ( 0055c0431 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Trojan.Generic.D1F38F6A
Invincea	heuristic
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Kryptik.GYRN
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Banker.Win32.IcedID.tvlx
BitDefender	Trojan.GenericKD.32739178
Endgame	malicious (moderate confidence)
Comodo	Malware@#qx5t1fiduvjl
F-Secure	Trojan.TR/AD.PhotoDlder.kpgws
DrWeb	Trojan.DownLoader30.44798
TrendMicro	TrojanSpy.Win32.ICEDID.AX
McAfee-GW-Edition	RDN/Generic.hbg
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.29e709ceb0fa00ed
Sophos	Troj/Agent-BCZY
Ikarus	Trojan-Ransom.GandCrab
Cyren	W32/Trojan.XLRE-5857
Webroot	W32.Trojan.Gen
Avira	TR/AD.PhotoDlder.kpgws
Fortinet	W32/IcedID.BCZY!tr
Microsoft	Trojan:Win32/Occamy.B
ZoneAlarm	Trojan-Banker.Win32.IcedID.tvlx
AhnLab-V3	Trojan/Win32.Kryptik.C3584792
Acronis	suspicious
ALYac	Trojan.IcedID.gen
MAX	malware (ai score=86)
Ad-Aware	Trojan.GenericKD.32739178
Malwarebytes	Trojan.IcedID
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.ICEDID.AX
SentinelOne	DFI – Suspicious PE
GData	Trojan.GenericKD.32739178
BitDefenderTheta	Gen:NN.ZexaF.32515.mmKfaWxSYmai
AVG	FileRepMalware
Cybereason	malicious.3d3426
Avast	FileRepMalware
Qihoo-360	Win32/Trojan.115

How to remove Win32/Kryptik.GYRN?

Win32/Kryptik.GYRN removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X