Categories: Malware

Win32/Kryptik.HBTR (file analysis)

The Win32/Kryptik.HBTR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HBTR virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Japanese
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Attempts to modify proxy settings
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

precambrianera.com

a.tomx.xyz

ip-api.com

How to determine Win32/Kryptik.HBTR?


File Info:
crc32: A536E40Fmd5: fc1419e60b9a4aa80e49129717a3bc78name: msupdate.exesha1: 5c17b4e9bf4f88409cad43e5e87c7008d6fa14adsha256: 5bc508169c99dac78d4910a674eaadc0b35d90eb10715a7a27c353797668eb47sha512: 080d5fef66f549c43987f0f43e569a5af2e9bdfc8e8f15404e3922f439a3710ba65e431b50c4060703cc84af11668d1430b4ccdadd5b7cd344e5f81e6f72f7a6ssdeep: 12288:Pq5MjSzcmVCSIfZ/5lGClqhNqMJfCtOLOkKK8oMA6z4:Pq5Mx4C1zlGClktCtOl3P7type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Win32/Kryptik.HBTR also known as:

Bkav	W32.AIDetectVM.malware
MicroWorld-eScan	Trojan.GenericKD.33520737
FireEye	Generic.mg.fc1419e60b9a4aa8
McAfee	Artemis!FC1419E60B9A
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 005620aa1 )
BitDefender	Trojan.GenericKD.33520737
K7GW	Trojan ( 005620aa1 )
Cybereason	malicious.60b9a4
TrendMicro	Trojan.Win32.BANDIT.SM
APEX	Malicious
Paloalto	generic.ml
GData	Trojan.GenericKD.33520737
Kaspersky	Trojan.Win32.Chapak.ejqb
Alibaba	Trojan:Win32/Chapak.2fd8bf76
NANO-Antivirus	Trojan.Win32.Chapak.hendqc
AegisLab	Trojan.Multi.Generic.4!c
Avast	Win32:DropperX-gen [Drp]
Tencent	Win32.Trojan.Chapak.Eddk
Ad-Aware	Trojan.GenericKD.33520737
Emsisoft	Trojan.GenericKD.33520737 (B)
DrWeb	Trojan.Siggen9.18218
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Vundo.hc
MaxSecure	Trojan.Malware.1207211.susgen
Trapmine	suspicious.low.ml.score
Sophos	Mal/RyPack-A
Ikarus	Trojan.Win32.Crypt
Cyren	W32/Trojan.RYXA-1797
Jiangmin	Trojan.Chapak.jbo
Antiy-AVL	Trojan/Win32.Chapak
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D1FF7C61
ZoneAlarm	Trojan.Win32.Chapak.ejqb
Microsoft	Trojan:Win32/Azorult.RSV!MTB
AhnLab-V3	Trojan/Win32.MalPe.R327978
Acronis	suspicious
VBA32	BScope.Trojan.AET.281105
ALYac	Trojan.GenericKD.33520737
Malwarebytes	Trojan.Agent
ESET-NOD32	a variant of Win32/Kryptik.HBTR
TrendMicro-HouseCall	Trojan.Win32.BANDIT.SM
Rising	Trojan.Kryptik!8.8 (CLOUD)
SentinelOne	DFI – Malicious PE
Fortinet	W32/Kryptik.HBSU!tr
BitDefenderTheta	Gen:NN.ZexaF.34100.JGW@auHUOKkG
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.14a