Malware

Win32/Kryptik.HCXA malicious file

Malware Removal

The Win32/Kryptik.HCXA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HCXA virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

ylsn.site

How to determine Win32/Kryptik.HCXA?



File Info:

crc32: 859FE13A
md5: 558713166c5fea252113e26ac52e5ce9
name: q.exe
sha1: 9b907b437b1cd71adf9ac25724cf757d81e637dd
sha256: ddd61c8ceadba7f9d8ec027480686e308ec9195e1a6ee2ae50ba071aa1b20589
sha512: 6b8b0524bab4dba3a9e1d389bceb27619ee075ad3d938891a9c2c77d5e3577d9c308f6225310ebfdfa3d5bfdb00f1a3c31a6322690e5b9c0e944b0af941d082e
ssdeep: 6144:UVtdCRUQrtfY9wgXnnWNzWl9PtErY5ewYj+XzI4r040uwpRRBq1ji5iE7qVew:UndCe2tgegXna8Q6Ujr4IFpvBqJi5Tq
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2002
InternalName: GetFileAttr
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: GetFileAttr x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: GetFileAttr Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: GetFileAttr.EXE
Translation: 0x0804 0x04b0

Win32/Kryptik.HCXA also known as:

BkavW32.AIDetectVM.malware1
MicroWorld-eScanTrojan.GenericKD.43399400
FireEyeGeneric.mg.558713166c5fea25
CAT-QuickHealBackdoor.FarfliRI.S14805203
McAfeeGenericRXKL-SB!558713166C5F
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Farfli.m!c
K7AntiVirusTrojan ( 005657321 )
BitDefenderTrojan.GenericKD.43399400
K7GWTrojan ( 005657321 )
Cybereasonmalicious.37b1cd
TrendMicroBKDR_ZEGOST.SM34
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
GDataTrojan.GenericKD.43399400
KasperskyBackdoor.Win32.Farfli.bsgm
AlibabaBackdoor:Win32/Farfli.fc716561
TencentMalware.Win32.Gencirc.10cdd802
Ad-AwareTrojan.GenericKD.43399400
SophosTroj/AutoG-IH
ComodoMalware@#4tbkgykxt4ws
F-SecureHeuristic.HEUR/AGEN.1134990
DrWebTrojan.DownLoader33.57389
ZillyaTrojan.Generic.Win32.1066072
Invinceaheuristic
EmsisoftTrojan.GenericKD.43399400 (B)
IkarusTrojan.Win32.Crypt
JiangminBackdoor.Farfli.dti
AviraHEUR/AGEN.1134990
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan[Backdoor]/Win32.Farfli
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D29638E8
ZoneAlarmBackdoor.Win32.Farfli.bsgm
MicrosoftBackdoor:Win32/Zegost.gen!B
CynetMalicious (score: 100)
Acronissuspicious
ALYacTrojan.GenericKD.43399400
MAXmalware (ai score=80)
VBA32BScope.Backdoor.Farfli
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Kryptik.HCXA
TrendMicro-HouseCallBKDR_ZEGOST.SM34
RisingTrojan.Kryptik!1.C71D (CLOUD)
YandexTrojan.Kryptik!mhwc0pKFw4U
SentinelOneDFI – Malicious PE
FortinetW32/Kryptik.HCXA!tr
BitDefenderThetaGen:NN.ZexaF.34138.xq0@aywQQllb
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Win32/Backdoor.74f

How to remove Win32/Kryptik.HCXA?

Win32/Kryptik.HCXA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment