Categories: Malware

What is “Win32/Kryptik.HIMX”?

The Win32/Kryptik.HIMX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HIMX virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process created a hidden window
Unconventionial language used in binary resources: Norwegian (Nynorsk)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Executed a process and injected code into it, probably while unpacking
Detects Sandboxie through the presence of a library
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Win32/Kryptik.HIMX?


File Info:
crc32: C67EF5AFmd5: a3cc99ffe20d6456ef6b719b1bff9677name: A3CC99FFE20D6456EF6B719B1BFF9677.mlwsha1: 30b001d6136e6030b8e7fb39e268cc11c4d200basha256: 4c7664a68fcdd8cb22c77a67e87bab0f379069e0fadcbd25e508b487844b9a9bsha512: 5996ce48b3b6910b51f9d05e38c0e47fa064d95bab6ddaf8e8bd76c5a47f8e2dce7c40e1b7af1fd002d6a4918279e3a8561213c0f541cf96aa473334b77409f5ssdeep: 3072:OXOPA4lenmBjUcDqui7bCsuxVKjG4BbxhtOjSra5L4EotqbWx/SXbnAmT:kOPAAenmlUoK7bZjGgzUjLkbqfXjAmTtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalName: triwilbifor.acsFileVersion: 6.26.361Copyright: Copyrighz (C) 2020, vodkafulkProductVersion: 1.0.15TranslationUsa: 0x0273 0x053a

Win32/Kryptik.HIMX also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.35976867
McAfee	RDN/GenericM
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.35976867
K7GW	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Mokes.alru
Alibaba	Backdoor:Win32/Mokes.0c29793f
ViRobot	Trojan.Win32.Z.Malpack.212480
AegisLab	Trojan.Multi.Generic.4!c
Tencent	Win32.Backdoor.Mokes.Lnei
Ad-Aware	Trojan.GenericKD.35976867
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1140248
TrendMicro	TROJ_GEN.R011C0DA521
McAfee-GW-Edition	BehavesLike.Win32.Trojan.dc
Emsisoft	Trojan.GenericKD.35976867 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1140248
MAX	malware (ai score=84)
Microsoft	Trojan:Win32/Azorult.FW!MTB
Gridinsoft	Trojan.Win32.Packed.oa
ZoneAlarm	Backdoor.Win32.Mokes.alru
GData	Trojan.GenericKD.35976867
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Chapak.C4288603
VBA32	BScope.Exploit.Shellcode
ALYac	Trojan.GenericKD.35976867
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HIMX
TrendMicro-HouseCall	TROJ_GEN.R011C0DA521
Rising	Trojan.Kryptik!1.CFEE (CLASSIC)
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.HIFA!tr
BitDefenderTheta	Gen:NN.ZexaF.34742.mmKfaCnlNDmG
AVG	Win32:DropperX-gen [Drp]
Avast	Win32:DropperX-gen [Drp]
Qihoo-360	Generic/HEUR/QVM11.1.5757.Malware.Gen