Malware

Win32/Kryptik.HGHU removal

Malware Removal

The Win32/Kryptik.HGHU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.HGHU virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Win32/Kryptik.HGHU?


File Info:

name: 08CD7EBCAD6B60852971.mlw
path: /opt/CAPEv2/storage/binaries/148e5e01def3d0ffcad7615b15224e7e005e5bdaf67c7e11f7ffd38d850d60e0
crc32: FE689781
md5: 08cd7ebcad6b608529710dec8a2fa52f
sha1: 0a209537a9cefc9991d4be2769a175967c0e40e9
sha256: 148e5e01def3d0ffcad7615b15224e7e005e5bdaf67c7e11f7ffd38d850d60e0
sha512: 7cdbb2938db088bd5114dedba6f08c73ce39719f53d70e245f29346cc9c857b844772a1d8a33a4068e5f7dc54bdc65ff41cb7c14696bf687f44efabf09dccae9
ssdeep: 98304:+Gl1e1xF1pq0fbXKHALoHKe4oSFcrCiSsJ0+z:+GOWiXKgsHpqCCiSE02
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19906332499C1D5BAC85225B0F07AD7D702F67C32A1F0D10B7662FA5ADCF42C93E25B1A
sha3_384: c11def237babd7a7ef65c9a9d403a0afd2ffc7a5adfbb25d2307599385422a82c0a6c814a6422b60e307b0129477fd8e
ep_bytes: e8333f0000e978feffffa16018b10056
timestamp: 2020-03-26 03:31:02

Version Info:

FileV: 44.0.0.55
Translations: 0x0119 0x0795

Win32/Kryptik.HGHU also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.AntiAV.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Autoruns.GenericKDS.43878209
McAfeeLockbit-FSUC!08CD7EBCAD6B
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056eb191 )
AlibabaTrojan:Win32/Cryptinject.62890475
K7GWTrojan ( 0056eb191 )
Cybereasonmalicious.cad6b6
CyrenW32/Kryptik.CWS.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HGHU
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Generickdz-9769553-0
KasperskyHEUR:Trojan.Win32.AntiAV.gen
BitDefenderTrojan.Autoruns.GenericKDS.43878209
NANO-AntivirusTrojan.Win32.AntiAV.hvwpjp
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan.Kryptik.Hpl
Ad-AwareTrojan.Autoruns.GenericKDS.43878209
EmsisoftTrojan.Autoruns.GenericKDS.43878209 (B)
ComodoMalware@#8hxm7wiljd7l
F-SecureHeuristic.HEUR/AGEN.1224023
DrWebTrojan.Siggen10.28443
ZillyaTrojan.Kryptik.Win32.2564545
TrendMicroTROJ_GEN.R002C0DDC22
McAfee-GW-EditionBehavesLike.Win32.Emotet.wc
FireEyeGeneric.mg.08cd7ebcad6b6085
SophosMal/Generic-S
IkarusTrojan.Win32.Azorult
GDataTrojan.Autoruns.GenericKDS.43878209
JiangminTrojan.AntiAV.dhx
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1224023
Antiy-AVLTrojan/Win32.AntiAV
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Bandit
ZoneAlarmHEUR:Trojan.Win32.AntiAV.gen
MicrosoftTrojan:Win32/Cryptinject!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4198970
Acronissuspicious
ALYacTrojan.Autoruns.GenericKDS.43878209
MAXmalware (ai score=80)
VBA32BScope.Trojan.Wacatac
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_GEN.R002C0DDC22
RisingTrojan.Kryptik!1.CBE0 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.ESPK!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Agent.APP
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HGHU?

Win32/Kryptik.HGHU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment