What is “Win32/Kryptik.HDJM”?

Malware Removal

The Win32/Kryptik.HDJM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.HDJM virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Behavior consistent with a dropper attempting to download the next stage.
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Collects information to fingerprint the system

Related domains:

www.ip-adress.com

How to determine Win32/Kryptik.HDJM?


File Info:

crc32: E3C0AE84
md5: 93e50c1a46aa49af5af0a9281ee4b385
name: 444444.png
sha1: eef0879216dbfcb3f410ad43e5b3426fc3261ebd
sha256: f75f1a371b383175d17f7787580ca76f4971b1dd08da0cd36148ab1aa38f18a1
sha512: 49011fd6fae47d6fa4392627275973e4d9cedff5b68554284c4212a49006364bd044e0afda524c5785d864c0a6efb231bafef3a7b13148816d5d7bd7568f6066
ssdeep: 6144:PmZ6ygLi1o2jYsDoEFR4o/kbgUwV3wjwLe0mvefkQzh7InobFr:PmZ+iK2MuhR0gzV3da0mGDzh7InobV
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright(c) 2007 Corel Corporation
InternalName: CorelDrw
FileVersion: 14.0.0.701
CompanyName: Corel Corporation
Built on: Fri 11/21/2008 21:36:24.30
LegalTrademarks: Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the U.S. and/or other countries.
ProductName: Corel Graphics Applications
Language Build ID: 0
ProductVersion: 14.0.0.701
FileDescription: CorelDRAW(R)
OriginalFilename: CorelDrw.exe
Translation: 0x0409 0x04e4

Win32/Kryptik.HDJM also known as:

MicroWorld-eScanTrojan.GenericKDZ.67171
FireEyeGeneric.mg.93e50c1a46aa49af
Qihoo-360HEUR/QVM20.1.5EBD.Malware.Gen
ALYacTrojan.GenericKDZ.67171
CylanceUnsafe
VIPRETrojan.Win32.Generic.pak!cobra
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKDZ.67171
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.216dbf
Invinceaheuristic
BitDefenderThetaGen:NN.ZexaF.34110.Jm0@aSzCWyhi
APEXMalicious
AvastWin32:BankerX-gen [Trj]
GDataTrojan.GenericKDZ.67171
KasperskyHEUR:Trojan.Win32.Zenpak.pef
Ad-AwareTrojan.GenericKDZ.67171
SophosTroj/Qbot-FS
ComodoTrojWare.Win32.Spy.Agent.DA@8rxbw1
F-SecureTrojan.TR/AD.Qbot.bfscz
TrendMicroBackdoor.Win32.QAKBOT.SMP1
McAfee-GW-EditionBehavesLike.Win32.Rimecud.hm
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.GenericKDZ.67171 (B)
WebrootTrojan.Proxy.Bunitu
AviraTR/AD.Qbot.bfscz
Antiy-AVLTrojan/Win32.Wacatac
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D10663
ZoneAlarmHEUR:Trojan.Win32.Zenpak.pef
MicrosoftTrojan:Win32/Qbot.BX!MTB
AhnLab-V3Backdoor/Win32.Qakbot.R336864
Acronissuspicious
McAfeeW32/PinkSbot-GS!93E50C1A46AA
MAXmalware (ai score=82)
VBA32BScope.Trojan.Inject
MalwarebytesBackdoor.Qbot
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HDJM
TrendMicro-HouseCallBackdoor.Win32.QAKBOT.SMP1
RisingTrojan.Kryptik!8.8 (C64:YzY0OggPScA7dWlU)
SentinelOneDFI – Malicious PE
FortinetW32/Kryptik.HDJM!tr
AVGWin32:BankerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.73872809.susgen

How to remove Win32/Kryptik.HDJM?

Win32/Kryptik.HDJM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment