Malware

About “Win32/Kryptik.HHTH” infection

Malware Removal

The Win32/Kryptik.HHTH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HHTH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Iraq)
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information about installed applications
  • CAPE detected the DridexLoader malware family
  • Attempts to modify proxy settings

How to determine Win32/Kryptik.HHTH?



File Info:

name: AF07F6B1CAE10C9CEBA5.mlw
path: /opt/CAPEv2/storage/binaries/c895918c93a37ed1ffd64ad2a330524d8ab9cda8b2e1df4c7d15aeddabf625ac
crc32: C8CBF6E5
md5: af07f6b1cae10c9ceba565edee771190
sha1: 7a249ea41c5c12674ec16e93ea9e27f5b19b2e49
sha256: c895918c93a37ed1ffd64ad2a330524d8ab9cda8b2e1df4c7d15aeddabf625ac
sha512: 305a987ac3c0d8df45e4999b17fe3992b934db3526559ff106efd6faf30bf13add87396bcd40e3506b8ddd0d4f1ac6ad970cb09ed494a1f3c76527f9c91aa941
ssdeep: 12288:ih8VWwkjZvPgkKxUtrJIYtrJIFiLFPMdV4Fgw:a86pQUtF/tFmiJkdV4Kw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T145D40232EE9E89B3D41A2CF144BF7335B278E131271581A3FB924216DD3A7948F27526
sha3_384: 5179f5e145b791728638edb55c21daca8c8047284d0bcdbf3b363b6bace8923c7d14752db9ba0dcf4a01b73c3b445ba5
ep_bytes: 558bec83ec10c745fc00000000c745f8
timestamp: 2021-12-19 07:12:18


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: aswChLic component
FileVersion: 17.3.3443.0
InternalName: aswChLic
LegalCopyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.
OriginalFilename: aswChLic.exe
ProductName: AVG Internet Security System 
ProductVersion: 17.3.3443.0
Translation: 0x0009 0x04b0

Win32/Kryptik.HHTH also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Qshell.4!c
Elasticmalicious (high confidence)
McAfeeGenericRXRH-YP!AF07F6B1CAE1
MalwarebytesTrojan.Downloader
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058ca201 )
AlibabaTrojan:Win32/Qshell.a258e97b
K7GWTrojan ( 0058ca201 )
Cybereasonmalicious.1cae10
VirITTrojan.Win32.Genus.KZZ
CyrenW32/ABRisk.UNJF-6725
ESET-NOD32a variant of Win32/Kryptik.HHTH
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Qshell.kwq
BitDefenderTrojan.Androm.Gen.1
MicroWorld-eScanTrojan.Androm.Gen.1
RisingTrojan.Kryptik!1.D606 (CLASSIC)
Ad-AwareTrojan.Androm.Gen.1
SophosML/PE-A + Mal/EncPk-APV
DrWebTrojan.Dridex.735
ZillyaTrojan.Kryptik.Win32.3659068
McAfee-GW-EditionBehavesLike.Win32.Emotet.jh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.af07f6b1cae10c9c
EmsisoftTrojan.Androm.Gen.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDownloader.Cridex.aoj
WebrootW32.Trojan.Dridex
AviraTR/Crypt.ZPACK.Gen
KingsoftWin32.Troj.Qshell.k.(kcloud)
MicrosoftTrojan:Win32/Obfuscator.RT!MTB
ArcabitTrojan.Androm.Gen.1
GDataTrojan.Androm.Gen.1
TACHYONTrojan-Downloader/W32.Cridex.620032
AhnLab-V3Trojan/Win.Generic.R459795
VBA32BScope.Trojan-Spy.Zbot
ALYacTrojan.Androm.Gen.1
MAXmalware (ai score=83)
CylanceUnsafe
PandaTrj/GdSda.A
TencentMalware.Win32.Gencirc.10cfd783
IkarusTrojan-Proxy.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.FMFO!tr
BitDefenderThetaGen:NN.ZexaF.34712.Lq0@aeK4TCoO
AVGWin32:BotX-gen [Trj]
AvastWin32:BotX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HHTH?

Win32/Kryptik.HHTH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment