Win32/Kryptik.HBZR (file analysis)

The Win32/Kryptik.HBZR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HBZR virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Detects SunBelt Sandbox through the presence of a library
Detects Avast Antivirus through the presence of a library
Detects Sandboxie through the presence of a library
Attempts to remove evidence of file being downloaded from the Internet
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Operates on local firewall’s policies and settings
Creates a copy of itself
Attempts to modify or disable Security Center warnings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

tldrbox.top

How to determine Win32/Kryptik.HBZR?


File Info:
crc32: 0BFAB824
md5: 61c33d015983d06570ff7f7300c551e2
name: 64.exe
sha1: 29998990a7d301eb11e6e0c86cf81d15e3e4b0c0
sha256: 993d2f33be65ced84cdcaff1e57616a80f708ecfacb6f7b12c94aa65e121f080
sha512: a73de3556ac97f06cd61a95e3ba05ec85de492bab3010122ba1ad6794bc64865bc62d7b3287e650f4d4db40e4ae2049458213111fbed5a4f252da3c78c8192da
ssdeep: 1536:CMjf39BL7mI9iTf6NiVckp2oZIfnLQ7iRcVxXW+d1mQ9Lj+NVA5jDKPrv/g14ND:FHL71JiVY5n0mROpbx1joC5j+PM1CDZ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Kryptik.HBZR also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Trojan.GenericKD.33552839
FireEye	Generic.mg.61c33d015983d065
McAfee	Artemis!61C33D015983
Sangfor	Malware
K7AntiVirus	Trojan ( 00562e241 )
BitDefender	Trojan.GenericKD.33552839
K7GW	Trojan ( 00562e241 )
Cybereason	malicious.0a7d30
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34100.juW@aiMv31t
Cyren	W32/Trojan.LQAJ-8220
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HBZR
TrendMicro-HouseCall	TROJ_GEN.R002C0DCI20
Avast	Win32:CoinminerX-gen [Trj]
GData	Trojan.GenericKD.33552839
Kaspersky	Trojan-Banker.Win32.CliptoShuffler.azf
Alibaba	Trojan:Win32/Starter.ali2000005
NANO-Antivirus	Trojan.Win32.CliptoShuffler.hfgxal
AegisLab	Trojan.Win32.Malicious.4!c
APEX	Malicious
Ad-Aware	Trojan.GenericKD.33552839
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/AD.Phorpiex.wmsgb
DrWeb	Trojan.Siggen9.21890
TrendMicro	TROJ_GEN.R002C0DCI20
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.ch
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.33552839 (B)
SentinelOne	DFI – Suspicious PE
Jiangmin	Trojan/Swizzor.ggv
Webroot	W32.Trojan.Gen
Avira	TR/AD.Phorpiex.wmsgb
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win32.RanumBot
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D1FFF9C7
AhnLab-V3	Trojan/Win32.MalPe.R329073
ZoneAlarm	Trojan-Banker.Win32.CliptoShuffler.azf
Microsoft	Trojan:Win32/RanumBot.GA!MTB
Acronis	suspicious
ALYac	Trojan.Agent.Phorpiex
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ikarus	Trojan-Downloader.Win32.Zurgop
Fortinet	W32/Kryptik.HBYA!tr
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:CoinminerX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.a61

How to remove Win32/Kryptik.HBZR?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.HBZR (file analysis)