Malware

About “Win32/Kryptik.HGXX” infection

Malware Removal

The Win32/Kryptik.HGXX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.HGXX virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • A named pipe was used for inter-process communication
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

www.ip-adress.com

How to determine Win32/Kryptik.HGXX?


File Info:

crc32: 8A32E58C
md5: 5be36a39c830d72c184a39e19bf50011
name: upload_file
sha1: 1947e007296dd0cf4182faa278b65f44be54ede7
sha256: e187fbf6543d1993f0945c04ee520600b6493236bae169a020f9a10c547e249d
sha512: b563adca52a80c2b3be2d489a5105f421c79d495d5b6c43b780b08ec65603c5c8df911efd90807791db7868c678fb452adf42cce68ac2c6d912865be5cd820ed
ssdeep: 6144:LXfc7Dv1eK98Dlbg6oiKd4LUvIKs4Vq9V+dxlnQ5qGDO:Lk7DNeK9ypu4YvC4GM25q4O
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Kryptik.HGXX also known as:

Elasticmalicious (high confidence)
CAT-QuickHealTrojan.Wacatac
McAfeeW32/PinkSbot-HH!5BE36A39C830
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderGen:Heur.Mint.SP.Azorult.1
K7GWTrojan ( 005718d21 )
K7AntiVirusTrojan ( 005718d21 )
ArcabitTrojan.Mint.SP.Azorult.1
InvinceaMal/Generic-S + Mal/EncPk-APV
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
AlibabaTrojan:Win32/GenCBL.9348eb4e
MicroWorld-eScanGen:Heur.Mint.SP.Azorult.1
RisingTrojan.Crypto!8.364 (TFE:2:lGpISJAuUHN)
Ad-AwareGen:Heur.Mint.SP.Azorult.1
EmsisoftMalCert.A (A)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.QakBot.11
TrendMicroTROJ_FRS.0NA103JL20
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
FireEyeGeneric.mg.5be36a39c830d72c
SophosMal/EncPk-APV
SentinelOneDFI – Malicious PE
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=87)
Antiy-AVLGrayWare/Win32.Kryptik.ehls
MicrosoftTrojan:Win32/QakBot.GM!MTB
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataGen:Heur.Mint.SP.Azorult.1
AhnLab-V3Trojan/Win32.Wacatac.R353527
ALYacTrojan.Agent.QakBot
VBA32Malware-Cryptor.Bambarbiya
MalwarebytesBackdoor.Qbot
PandaTrj/Agent.AJS
ESET-NOD32a variant of Win32/Kryptik.HGXX
TrendMicro-HouseCallTROJ_FRS.0NA103JL20
YandexTrojan.GenKryptik!
IkarusTrojan.Win32.Gencbl
FortinetW32/Kryptik.HGXH!tr
AVGFileRepMetagen [Malware]
Cybereasonmalicious.7296dd
Qihoo-360Generic/HEUR/QVM20.1.B96F.Malware.Gen

How to remove Win32/Kryptik.HGXX?

Win32/Kryptik.HGXX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment