Malware

Should I remove “Win32/Kryptik.HKUF”?

Malware Removal

The Win32/Kryptik.HKUF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HKUF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Czech
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Win32/Kryptik.HKUF?



File Info:

name: A7B20385895E976BD536.mlw
path: /opt/CAPEv2/storage/binaries/e186f65cc9527021c2ebe25a1202285b4bc66e9c40c87fc1dae4b102e7475f77
crc32: C876FEC7
md5: a7b20385895e976bd5368116adcaab7d
sha1: 624030de52898a66085a430a10dbba0a25a7e450
sha256: e186f65cc9527021c2ebe25a1202285b4bc66e9c40c87fc1dae4b102e7475f77
sha512: 639a3cde1daa43b69a68f5da77a81e90e0e1feb22a28487b1dca8780b3e84c19e903df33b88902c6528645a5ded377666e5550b2e0ca46ff2033db8c5ed4d435
ssdeep: 6144:Ox4tQ6wlqKKTWQQDdw9E7QVJjq3MGMXmSUew:D0kC1dw9EEVJLmU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D574AF217580C172CC661D7944A4CBB85EABB8325B214ECBAACD2B79DF347D27B2134D
sha3_384: a363c0ad063a5677a0584a8c7b25e8232f263655293510384e37d8faffb4ebb27bd1232c644c358f0df8e9b56ca940a5
ep_bytes: e8df370000e978feffffcccccccccccc
timestamp: 2020-10-11 02:33:46


Version Info:

FileVers: 7.0.4.54
ProductVers: 7.0.21.21
InternalNames: galimatimat
LegalCopyrighd: Jdfgl sfd
Translations: 0x0169 0x20bb

Win32/Kryptik.HKUF also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.75058
FireEyeGeneric.mg.a7b20385895e976b
McAfeePacked-GBF!A7B20385895E
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056f9be1 )
K7GWTrojan ( 0056f9be1 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/Kryptik.EAT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HKUF
APEXMalicious
ClamAVWin.Malware.Generic-9860028-0
KasperskyHEUR:Trojan.Win32.Agent.pef
BitDefenderTrojan.GenericKDZ.75058
NANO-AntivirusTrojan.Win32.Smokeloader.ivfrit
AvastWin32:MalwareX-gen [Trj]
Ad-AwareTrojan.GenericKDZ.75058
SophosMal/Generic-R + Troj/PWS-CLT
F-SecureHeuristic.HEUR/AGEN.1143214
DrWebTrojan.Siggen13.23313
TrendMicroRansom.Win32.STOP.SMYXBGS
McAfee-GW-EditionBehavesLike.Win32.Emotet.fh
EmsisoftTrojan.GenericKDZ.75058 (B)
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan-Downloader.SmokeLoader.IR0SYR
JiangminTrojan.Generic.gwtml
eGambitUnsafe.AI_Score_94%
AviraHEUR/AGEN.1143214
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Arkeistealer.RMB!MTB
CynetMalicious (score: 100)
AhnLab-V3CoinMiner/Win.Glupteba.R419932
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34114.wyW@amkmfppO
ALYacTrojan.GenericKDZ.75058
VBA32BScope.Trojan.AET.281105
MalwarebytesTrojan.MalPack
RisingMalware.Heuristic!ET#97% (RDMK:cmRtazpG2z3gCBanusUgwd5uXbC6)
YandexTrojan.Agent!CvpfFYMiS5Q
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.EAT!tr
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.e52898

How to remove Win32/Kryptik.HKUF?

Win32/Kryptik.HKUF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment