Malware

Win32/Kryptik.HCHZ (file analysis)

Malware Removal

The Win32/Kryptik.HCHZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.HCHZ virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • A named pipe was used for inter-process communication
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Behavior consistent with a dropper attempting to download the next stage.
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.ip-adress.com

How to determine Win32/Kryptik.HCHZ?


File Info:

crc32: 62BA5BBD
md5: 2caf0f8679c88578bff748707388bd09
name: 444444.png
sha1: 93a93d3c25c64e207f8363d3e50da5f6e7659d0a
sha256: 3be863b929cd92c52228e7542bf9b1b987e04ec7b2b39c62e82b0fa31ea76387
sha512: a324ed56c66d02a35bfb6dd7cf9c3133bfd3abf78058425183172ab6d9158d5002c3e89e54b3d450e4e256e4583e83366c28391ad1c410a924c6fa924b933a5e
ssdeep: 3072:tQ/JeEz8Pg+nfqyrHVc1/EfYaAffGlTeHH1xGogkUcWC2kCcBZBLQcPbxSQN5U9S:a/JeE4PgrmhYJfTnxgoCagct3NSPbW
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Kryptik.HCHZ also known as:

BkavW32.AIDetectVM.malware
MicroWorld-eScanGen:Variant.Cerbu.69913
CylanceUnsafe
SangforMalware
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderGen:Variant.Cerbu.69913
Invinceaheuristic
APEXMalicious
ClamAVWin.Dropper.Qakbot-7641367-0
GDataGen:Variant.Cerbu.69913
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Cerbu.69913 (B)
F-SecureTrojan.TR/Vundo.Gen2
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.2caf0f8679c88578
IkarusTrojan-Banker.Dridex
AviraTR/Vundo.Gen2
eGambitPE.Heur.InvalidSig
ArcabitTrojan.Cerbu.D11119
MicrosoftTrojan:Win32/Wacatac.C!ml
Acronissuspicious
VBA32BScope.TrojanRansom.Shade
ALYacGen:Variant.Cerbu.69913
MAXmalware (ai score=86)
Ad-AwareGen:Variant.Cerbu.69913
MalwarebytesBackdoor.Qbot
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HCHZ
RisingMalware.Heuristic!ET#77% (RDMK:cmRtazqCWjaFaRnP08tZxAv65MAw)
SentinelOneDFI – Malicious PE
FortinetW32/GenKryptik.EHFB!tr
BitDefenderThetaGen:NN.ZexaF.34104.1nX@aS5dKjj

How to remove Win32/Kryptik.HCHZ?

Win32/Kryptik.HCHZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment