Malware

What is “Win32/Kryptik.HIMX”?

Malware Removal

The Win32/Kryptik.HIMX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.HIMX virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Unconventionial language used in binary resources: Norwegian (Nynorsk)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Kryptik.HIMX?


File Info:

crc32: C67EF5AF
md5: a3cc99ffe20d6456ef6b719b1bff9677
name: A3CC99FFE20D6456EF6B719B1BFF9677.mlw
sha1: 30b001d6136e6030b8e7fb39e268cc11c4d200ba
sha256: 4c7664a68fcdd8cb22c77a67e87bab0f379069e0fadcbd25e508b487844b9a9b
sha512: 5996ce48b3b6910b51f9d05e38c0e47fa064d95bab6ddaf8e8bd76c5a47f8e2dce7c40e1b7af1fd002d6a4918279e3a8561213c0f541cf96aa473334b77409f5
ssdeep: 3072:OXOPA4lenmBjUcDqui7bCsuxVKjG4BbxhtOjSra5L4EotqbWx/SXbnAmT:kOPAAenmlUoK7bZjGgzUjLkbqfXjAmT
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

InternalName: triwilbifor.acs
FileVersion: 6.26.361
Copyright: Copyrighz (C) 2020, vodkafulk
ProductVersion: 1.0.15
TranslationUsa: 0x0273 0x053a

Win32/Kryptik.HIMX also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35976867
McAfeeRDN/GenericM
CylanceUnsafe
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.35976867
K7GWRiskware ( 0040eff71 )
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Mokes.alru
AlibabaBackdoor:Win32/Mokes.0c29793f
ViRobotTrojan.Win32.Z.Malpack.212480
AegisLabTrojan.Multi.Generic.4!c
TencentWin32.Backdoor.Mokes.Lnei
Ad-AwareTrojan.GenericKD.35976867
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1140248
TrendMicroTROJ_GEN.R011C0DA521
McAfee-GW-EditionBehavesLike.Win32.Trojan.dc
EmsisoftTrojan.GenericKD.35976867 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1140248
MAXmalware (ai score=84)
MicrosoftTrojan:Win32/Azorult.FW!MTB
GridinsoftTrojan.Win32.Packed.oa
ZoneAlarmBackdoor.Win32.Mokes.alru
GDataTrojan.GenericKD.35976867
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Chapak.C4288603
VBA32BScope.Exploit.Shellcode
ALYacTrojan.GenericKD.35976867
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HIMX
TrendMicro-HouseCallTROJ_GEN.R011C0DA521
RisingTrojan.Kryptik!1.CFEE (CLASSIC)
IkarusTrojan.Win32.Crypt
FortinetW32/Kryptik.HIFA!tr
BitDefenderThetaGen:NN.ZexaF.34742.mmKfaCnlNDmG
AVGWin32:DropperX-gen [Drp]
AvastWin32:DropperX-gen [Drp]
Qihoo-360Generic/HEUR/QVM11.1.5757.Malware.Gen

How to remove Win32/Kryptik.HIMX?

Win32/Kryptik.HIMX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment