Malware

What is “Win32/Kryptik.HHKL”?

Malware Removal

The Win32/Kryptik.HHKL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.HHKL virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Unconventionial language used in binary resources: Hebrew
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine Win32/Kryptik.HHKL?


File Info:

crc32: 494F8B81
md5: 82aab9d98bf588f937e5e134fbad1cbd
name: 82AAB9D98BF588F937E5E134FBAD1CBD.mlw
sha1: 18d82df71ec94229a0afd55840de3468cc779646
sha256: 87393715dc33c9a912cc0a7bac0cd19dd17ded8456e1604660c1d59098623ff0
sha512: f82c55192bdca2ee74a79fd889944d2f84c7a89faa4e5059ceeddf8879039c0ce9bcb910acfafc7ff59df376b31c1939a8436c514cde347cb64112be3d03e4d1
ssdeep: 6144:+Is86UY9Pnx5aQULfR4HipJGQs0ltFZEHOW9Pnz1UVQo7E/MWFeZi/m6hf:+ZjL9PnaQUjKKFBlDZEHOGhwQo7E/mZ0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Kryptik.HHKL also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.71436
FireEyeGeneric.mg.82aab9d98bf588f9
McAfeeGenericRXMQ-KD!82AAB9D98BF5
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 005732fe1 )
BitDefenderTrojan.GenericKDZ.71436
K7GWTrojan ( 005732fe1 )
Cybereasonmalicious.71ec94
CyrenW32/Qakbot.AD.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:DangerousSig [Trj]
ClamAVWin.Malware.Wacatac-9791842-0
KasperskyHEUR:Trojan-Banker.Win32.Qbot.vho
NANO-AntivirusVirus.Win32.Gen.ccmw
RisingTrojan.Kryptik!8.8 (TFE:5:H7NPRwayHYU)
Ad-AwareTrojan.GenericKDZ.71436
SophosMal/EncPk-APW
DrWebTrojan.QakBot.43
InvinceaMal/EncPk-APW
McAfee-GW-EditionBehavesLike.Win32.Downloader.fh
EmsisoftMalCert.A (A)
IkarusBackdoor.QBot
MAXmalware (ai score=89)
MicrosoftTrojan:Win32/Qakbot.CS!cert
ArcabitTrojan.Generic.D1170C
SUPERAntiSpywareTrojan.Agent/Gen-Small[N]
ZoneAlarmHEUR:Trojan-Banker.Win32.Qbot.vho
GDataWin32.Trojan.PSE.1U5WYQ6
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Wacatac.C4224042
BitDefenderThetaGen:NN.ZexaF.34634.vuX@aWru@FfG
VBA32Malware-Cryptor.General.3
MalwarebytesTrojan.MalPack
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.HHKL
SentinelOneStatic AI – Malicious PE
eGambitPE.Heur.InvalidSig
FortinetW32/GenCBL.JN!tr
AVGWin32:DangerousSig [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM19.1.5984.Malware.Gen

How to remove Win32/Kryptik.HHKL?

Win32/Kryptik.HHKL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment