Categories: Malware

Win32/Kryptik.HDDM removal

The Win32/Kryptik.HDDM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HDDM virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Mimics the system’s user agent string for its own requests
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
A named pipe was used for inter-process communication
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Drops a binary and executes it
Performs some HTTP requests
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a copy of itself
Attempts to create or modify system certificates
Collects information to fingerprint the system

Related domains:

www.ip-adress.com

ocsp.usertrust.com

ocsp.comodoca.com

crl.comodoca.com

crl.usertrust.com

How to determine Win32/Kryptik.HDDM?


File Info:
crc32: 6BC2E7D1md5: c3e6f79fe64079b9b0f03c3409badf83name: 2222.pngsha1: 5a23fca91a566484c8df41c2d519a40276de4c57sha256: 64933920cf8863a1572334959acdfeedc5f2ef18205611fac783e192cdedcb64sha512: 25d355f6390a4bc127d0854adef0af87acac53e3ba0ef2664fc0b007016f71b69a3a9954b785454cf1901d3f5a914a82f77ac5be4393864e6054ffb7e1bbc55cssdeep: 6144:A/SKxhvIBVg4JipxjbLtrEVWiK0GdaWjCHOy/gaPxGhjjAhWE75Ynnet/R4KnM6:A/ZfABVgVpxjbLzi7/umqjAhdUU54Kntype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: xa9 2000-2012 DT Soft Ltd.InternalName: DTProHelper.exeFileVersion: 4.45.4.0315CompanyName: DT Soft LtdProductName: DAEMON Tools LiteProductVersion: 4.45.4.0315FileDescription: DAEMON Tools Lite Helper applicationOriginalFilename: DTProHelper.exeTranslation: 0x0409 0x04e4

Win32/Kryptik.HDDM also known as:

Bkav	W32.AIDetectVM.malware
MicroWorld-eScan	Trojan.Agent.EQDY
FireEye	Generic.mg.c3e6f79fe64079b9
Qihoo-360	HEUR/QVM20.1.0A0C.Malware.Gen
McAfee	GenericRXAA-AA!C3E6F79FE640
Cylance	Unsafe
Sangfor	Malware
BitDefender	Trojan.Agent.EQDY
Cybereason	malicious.91a566
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34108.@n0@a0cSMGfi
ESET-NOD32	a variant of Win32/Kryptik.HDDM
GData	Trojan.Agent.EQDY
Kaspersky	Trojan-Banker.Win32.Qbot.suu
Ad-Aware	Trojan.Agent.EQDY
F-Secure	Trojan.TR/AD.Qbot.mcfkq
DrWeb	Trojan.Inject3.39575
McAfee-GW-Edition	BehavesLike.Win32.Rimecud.tz
SentinelOne	DFI – Malicious PE
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.Agent.EQDY (B)
APEX	Malicious
Avira	TR/AD.Qbot.mcfkq
Antiy-AVL	Trojan[Banker]/Win32.Qbot
Endgame	malicious (high confidence)
Arcabit	Trojan.Agent.EQDY
ZoneAlarm	Trojan-Banker.Win32.Qbot.suu
Microsoft	Trojan:Win32/Qbot.ZA!MTB
Acronis	suspicious
ALYac	Trojan.Agent.EQDY
MAX	malware (ai score=82)
Panda	Trj/GdSda.A
Rising	Trojan.Kryptik!1.C427 (C64:YzY0OonqpI9bbolB)
Fortinet	W32/Ursnif.CZ!tr
CrowdStrike	win/malicious_confidence_80% (D)