Win32/Kryptik.HHYV removal

Malware Removal

The Win32/Kryptik.HHYV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.HHYV virus can do?

  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:32767, 127.0.0.1:32768
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Queries information on disks, possibly for anti-virtualization
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
api.ipify.org
time-a.nist.gov
time-a-g.nist.gov
time.nist.gov
a.tomx.xyz

How to determine Win32/Kryptik.HHYV?


File Info:

crc32: 25D0F3DE
md5: e08abfaa3f43ee68221fe4c21b9a0ea6
name: E08ABFAA3F43EE68221FE4C21B9A0EA6.mlw
sha1: 5092275c94bb50bfe326ffbe22a56aab5746b739
sha256: 4f0784440bee1fc6002827cdc1b6663add2f111e3294cededd202443abb9f07d
sha512: dc7181f47541ad3e323baba9f763a5a0e315450b59b04d894835a25f5c074e2ab8fdd4170c83ae7c5c025861a206e553bcc77169bb76eb32fd098685954f57c9
ssdeep: 12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWG:pjOMtd1a/yl3KOjj
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 1997-2017 Simon Tatham.
InternalName: PSFTP
FileVersion: Release 0.68
CompanyName: Simon Tatham
ProductName: PuTTY suite
ProductVersion: Release 0.68
FileDescription: Command-line interactive SFTP client
OriginalFilename: PSFTP
Translation: 0x0809 0x04b0

Win32/Kryptik.HHYV also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005746321 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Banker1.36839
CynetMalicious (score: 100)
CAT-QuickHealBackdoor.Konus
ALYacTrojan.Mint.Zamg.O
CylanceUnsafe
ZillyaTrojan.Qshell.Win32.5
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 005746321 )
Cybereasonmalicious.a3f43e
CyrenW32/Trojan.SNHH-0017
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HHYV
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyVHO:Backdoor.Win32.Androm.gen
BitDefenderTrojan.Mint.Zamg.O
NANO-AntivirusTrojan.Win32.Qshell.idhocd
MicroWorld-eScanTrojan.Mint.Zamg.O
TencentMalware.Win32.Gencirc.10ceac0b
Ad-AwareTrojan.Mint.Zamg.O
SophosML/PE-A + Mal/EncPk-APV
BitDefenderThetaGen:NN.ZexaF.34126.Jy1@aeoJo!hi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.hh
FireEyeGeneric.mg.e08abfaa3f43ee68
EmsisoftTrojan.Mint.Zamg.O (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Qshell.id
AviraTR/Crypt.Agent.mfbto
Antiy-AVLTrojan/Generic.ASMalwS.3107576
MicrosoftTrojan:Win32/Dridex.NA!MTB
GDataTrojan.Mint.Zamg.O
TACHYONBackdoor/W32.Androm.579594
AhnLab-V3Trojan/Win.Dridex.R432381
Acronissuspicious
McAfeeGenericRXPM-KH!E08ABFAA3F43
MAXmalware (ai score=81)
VBA32BScope.Trojan.Jorik
MalwarebytesTrojan.MalPack.VAK
PandaTrj/GdSda.A
RisingTrojan.Generic@ML.87 (RDML:L0WEhjKO5u1x5cRjbyJAow)
YandexTrojan.Qshell!f4LpkobODOY
FortinetW32/Kryptik.HIJR!tr
AVGWin32:PWSX-gen [Trj]

How to remove Win32/Kryptik.HHYV?

Win32/Kryptik.HHYV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment