Win32/Kryptik.HEHA removal guide

The Win32/Kryptik.HEHA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HEHA virus can do?

Executable code extraction
Creates RWX memory
Attempts to connect to a dead IP:Port (27 unique times)
Performs some HTTP requests
Unconventionial language used in binary resources: Arabic (Egypt)
Uses Windows utilities for basic functionality
A process attempted to delay the analysis task by a long amount of time.
Creates a hidden or system file
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

www.bing.com

msn.com

www.msn.com

static-global-s-msn-com.akamaized.net

o.aolcdn.com

ajax.aspnetcdn.com

web.vortex.data.msn.com

line.lifeartphotographers.com

www.redtube.com

crl4.digicert.com

ocsp.digicert.com

crl3.digicert.com

ei.rdtcdn.com

ads.trafficjunky.net

ht.redtube.com

cdn1d-static-shared.phncdn.com

static.trafficjunky.com

www.google-analytics.com

a.adtng.com

flash.doubleclick-analytics.com

certificates.starfieldtech.com

vz-cdn2.adtng.com

ocsp.pki.goog

stats.g.doubleclick.net

www.google.de

ocsp.msocsp.com

How to determine Win32/Kryptik.HEHA?


File Info:
crc32: 6925BB40
md5: 607dea236ee8d5aab9e686c515fa6fe8
name: tmpemmk7ozj
sha1: 99a4c2185c31bd0c78e5e980794ce4aa362b204f
sha256: 3f2e27a472984cb2afe27330d528b95804e752e9a9f644f0ff7fc578b92eeba7
sha512: c221e70c00eb4b0dc6136302aa3b732f8875a689995020fa742f076eee1039e373b2dee664faee61110504103c3b7f733e6d7f4d7c8ecc35dff3120057df3b20
ssdeep: 3072:5K23OePLrwuS2jRr+5z+30PMESdhStxOkeoaIW/fEoZvPP2IbRIEXKE0caN5:g2tVSGr+z+C6dkt0PBBZvPzbSn3XN5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
InternalSurname: edsgkphvesv.ixe
FileVersion: 1.2.0.1
Copyrighd: Copyrighd (C) 2020, odfgbjv
ProductVersion: 1.0.4.4
Translation: 0x0842 0x04c4

Win32/Kryptik.HEHA also known as:

Bkav	W32.AIDetectVM.malwareA
MicroWorld-eScan	Trojan.GenericKD.34058023
FireEye	Generic.mg.607dea236ee8d5aa
ALYac	Trojan.GenericKD.34058023
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0053d5971 )
BitDefender	Trojan.GenericKD.34058023
K7GW	Trojan ( 0053d5971 )
CrowdStrike	win/malicious_confidence_80% (D)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
GData	Trojan.GenericKD.34058023
Kaspersky	Backdoor.Win32.Androm.ucds
Rising	Malware.Heuristic!ET#92% (RDMK:cmRtazqP2l/H0Ss/n/Wxc4rX6FtL)
Ad-Aware	Trojan.GenericKD.34058023
Emsisoft	Trojan.GenericKD.34058023 (B)
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Trojan.dh
Ikarus	Trojan-Ransom.GandCrab
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D207AF27
ZoneAlarm	Backdoor.Win32.Androm.ucds
Microsoft	Trojan:Win32/Obfuscator.SL!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.MalPe.R341359
Acronis	suspicious
McAfee	Artemis!607DEA236EE8
MAX	malware (ai score=84)
Malwarebytes	Trojan.MalPack.GS
ESET-NOD32	a variant of Win32/Kryptik.HEHA
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Kryptik.HEHJ!tr
BitDefenderTheta	Gen:NN.ZexaF.34128.oq0@a47BveiG
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.85c31b
Avast	Win32:DropperX-gen [Drp]
Qihoo-360	HEUR/QVM10.1.1AA8.Malware.Gen

How to remove Win32/Kryptik.HEHA?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Kryptik.HEHA removal guide