What is "Win32/Kryptik.HDMO"?

The Win32/Kryptik.HDMO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HDMO virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Attempts to stop active services
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Creates a hidden or system file
Clears Windows events or logs
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Kryptik.HDMO?


File Info:
crc32: 128E7BB5
md5: 4673b7ac225fbe4e03a55cf7afa2c05a
name: rundll32.exe
sha1: a89acaed1ab67c51d6128cc786f03569c032978e
sha256: 309c0618d48191791561a13625ab8843bc32c92e25c2f20454c2c4c8121827c0
sha512: a745810844adeee23f426d6398d5afc970bb3c38299810e8828573901ed8ee5e7bb69b992a2c15400f38a7c63ab9de4367cc4bb343f87e8a9b8022fc247464de
ssdeep: 3072:FtkZLrfCbBZyILWOUtThruseejRtx2nJN2RLFhtpEw:qLrfCFZhartTEseyx26RLFhA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (C) 2020, jlfvjs
InternalName: dvezejzaz.em
FileVersion: 1.4.23.4
Translation: 0x0811 0x0528

Win32/Kryptik.HDMO also known as:

Bkav	HW32.Packed.
MicroWorld-eScan	Trojan.GenericKD.43195471
McAfee	Packed-GBE!4673B7AC225F
Cylance	Unsafe
AegisLab	Trojan.Win32.Blocker.j!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005662121 )
BitDefender	Trojan.GenericKD.43195471
K7GW	Trojan ( 005662121 )
Cybereason	malicious.d1ab67
Arcabit	Trojan.Generic.D2931C4F
Invincea	heuristic
Cyren	W32/Ulise.BI.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Kryptik.HDMO
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Ransom.Win32.Blocker.moaw
Alibaba	Trojan:Win32/Blocker.057bf3d0
Avast	Win32:TrojanX-gen [Trj]
Rising	Trojan.Kryptik!1.C46C (CLOUD)
Ad-Aware	Trojan.GenericKD.43195471
Emsisoft	Trojan.GenericKD.43195471 (B)
F-Secure	Trojan.TR/AD.PhobosRansom.bczip
DrWeb	Trojan.MulDrop12.25853
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Fortinet	W32/GandCrab.G!tr
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.4673b7ac225fbe4e
Sophos	Mal/Generic-S
SentinelOne	DFI – Suspicious PE
F-Prot	W32/Ulise.BI.gen!Eldorado
Avira	TR/AD.PhobosRansom.bczip
MAX	malware (ai score=99)
Antiy-AVL	Trojan[Ransom]/Win32.Blocker
Endgame	malicious (high confidence)
Microsoft	Trojan:Win32/MultiPlug.PVE!MTB
ZoneAlarm	Trojan-Ransom.Win32.Blocker.moaw
AhnLab-V3	Trojan/Win32.MalPe.R337071
Acronis	suspicious
ALYac	Trojan.GenericKD.43195471
VBA32	BScope.Trojan.AET.281105
Malwarebytes	Trojan.MalPack.GS
Tencent	Win32.Trojan.Blocker.Pcsp
Ikarus	Trojan-Dropper.Agent
GData	Trojan.GenericKD.43195471
Webroot	W32.Trojan.Gen
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Generic/HEUR/QVM10.2.5C1C.Malware.Gen

How to remove Win32/Kryptik.HDMO?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Win32/Kryptik.HDMO”?