Categories: Malware

Win32/Kryptik.HAHS information

The Win32/Kryptik.HAHS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HAHS virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Mimics the system’s user agent string for its own requests
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Turkish
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Attempts to remove evidence of file being downloaded from the Internet
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a copy of itself

How to determine Win32/Kryptik.HAHS?


File Info:
crc32: 393C72A7md5: 9c725697bd838b64360b3448a5007e6aname: O5OX9EZ16uVGT48hh.exesha1: 971169dcce3545edabf580c3b8e341704b79e0acsha256: 51cd8fee8bfe6788ba746af2c326d3257577dd28bcf06f375266eb5afd219404sha512: f7a19b9b614329db1cf43814675c0df23aef26001a4be13e974cf013dd68e0c4ab089ce6223c7b51c34171626fae21133d5c57d0148a734511a33c38477bed48ssdeep: 6144:k0F9DaXWpLDFRwDYxOovkF9rTJM0DpirrDJLw76z0AO8CZBn0bKS5sJBmHtei:k0F9DaXCLDyR1il05BHRmHUitype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2000InternalName: MPEGPlayerFileVersion: 1, 0, 0, 1CompanyName: LegalTrademarks: ProductName: MPEGPlayer ApplicationProductVersion: 1, 0, 0, 1FileDescription: MPEGPlayer MFC ApplicationOriginalFilename: MPEGPlayer.EXETranslation: 0x0409 0x04b0

Win32/Kryptik.HAHS also known as:

DrWeb	Trojan.DownLoader32.48774
FireEye	Trojan.Autoruns.GenericKDS.32954646
McAfee	RDN/Emotet
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.Autoruns.GenericKDS.32954646
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.cce354
BitDefenderTheta	Gen:NN.ZexaE.34082.yq1@aeUs1npO
F-Prot	W32/Emotet.AFB.gen!Eldorado
Symantec	Packed.Generic.534
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Emotet-7543391-1
GData	Trojan.Autoruns.GenericKDS.32954646
Kaspersky	HEUR:Trojan.Win32.Agent.gen
Alibaba	Trojan:Win32/starter.ali1000037
AegisLab	Trojan.Win32.Generic.4!c
Tencent	Malware.Win32.Gencirc.10b8b4cf
Sophos	Mal/Encpk-AOZ
F-Secure	Trojan.TR/AD.Emotet.jaipm
TrendMicro	TrojanSpy.Win32.EMOTET.THAAGBO
McAfee-GW-Edition	RDN/Emotet
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.Autoruns.GenericKDS.32954646 (B)
Cyren	W32/Emotet.AFB.gen!Eldorado
Jiangmin	Trojan.Banker.Emotet.nch
Webroot	W32.Trojan.Emotet
Avira	TR/AD.Emotet.jaipm
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
Arcabit	Trojan.Autoruns.GenericS.D1F6D916
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
AhnLab-V3	Trojan/Win32.Emotet.R313216
VBA32	BScope.Trojan.Downloader
ALYac	Trojan.Agent.Emotet
Ad-Aware	Trojan.Autoruns.GenericKDS.32954646
Malwarebytes	Trojan.Emotet
Panda	Trj/Emotet.A
ESET-NOD32	a variant of Win32/Kryptik.HAHS
TrendMicro-HouseCall	TrojanSpy.Win32.EMOTET.THAAGBO
Rising	Trojan.Emotet!8.B95 (CLOUD)
Fortinet	W32/GenKryptik.ECCU!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Generic/Trojan.5eb