Malware

Win32/Kryptik.HJOD removal

Malware Removal

The Win32/Kryptik.HJOD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Kryptik.HJOD virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Slovak
  • The binary likely contains encrypted or compressed data.
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

Related domains:

iplogger.org
paperships.top
ip-api.com

How to determine Win32/Kryptik.HJOD?


File Info:

crc32: 159A1B65
md5: 261c407d9ac3278aa6b6b9ca25da8655
name: 261C407D9AC3278AA6B6B9CA25DA8655.mlw
sha1: b726592417603bba98ec0092f88883d163c4a1eb
sha256: eea78d5bbe6b4c72122ec6b0e41aaacf0fd8b4b6c50bc65404af8e362e49c6d6
sha512: 342a4382ba720bdb4ade7d8af3ef96fd3f3b609fc11fabbd23c029ee6faf5f42144e9bad8839092999344955d6ed9c035bc8d94f4e0c39c1f0cbbf0a595494dc
ssdeep: 12288:LwgQQ+T3ueJVOAiICRiel435nHQiAoPK/fKFN2:Lb+T+eJMbIC9KHNPK/s2
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Kryptik.HJOD also known as:

BkavW32.AIDetectGBM.malware.01
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.73097
FireEyeGeneric.mg.261c407d9ac3278a
Qihoo-360HEUR/QVM10.1.6A03.Malware.Gen
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056f9be1 )
BitDefenderTrojan.GenericKDZ.73097
K7GWTrojan ( 0056f9be1 )
Cybereasonmalicious.417603
CyrenW32/Kryptik.DHT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HJOD
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
Ad-AwareTrojan.GenericKDZ.73097
EmsisoftTrojan.Crypt (A)
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
SophosMal/Generic-S
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Azorult.FW!MTB
ArcabitTrojan.Generic.D11D89
AhnLab-V3Malware/Win32.Generic.C4341101
GDataTrojan.GenericKDZ.73097
CynetMalicious (score: 100)
Acronissuspicious
McAfeePacked-GDK!261C407D9AC3
MAXmalware (ai score=84)
RisingMalware.Heuristic!ET#90% (RDMK:cmRtazp47bcv3v4n91iJkZPwiaob)
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HJNV!tr
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Win32/Kryptik.HJOD?

Win32/Kryptik.HJOD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment