Malware

Win32/Kryptik.HMNL removal guide

Malware Removal

The Win32/Kryptik.HMNL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.HMNL virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Tswana
  • The binary likely contains encrypted or compressed data.
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

telete.in
apps.identrust.com

How to determine Win32/Kryptik.HMNL?


File Info:

crc32: 5969AB86
md5: 4b4c6166d1280c6b5c3c7c7092d82b09
name: 4B4C6166D1280C6B5C3C7C7092D82B09.mlw
sha1: 9abbe3b7f7e6645d62f3daffb83971e2a1df2009
sha256: 0e221e274852f6d0ed97027e993db9143aca3c94c4a9ea9df4aff3110fb61a95
sha512: 7930c42375d4ebe1b1c55cd7fd964fe527e83610536fed5eda403d07aeda35601723c738f8e180fed7bb7cba1bfc7346ba98b2c4a88a5899588c2056f829b9fb
ssdeep: 12288:tZAGHQBH243Thx4NW92OdCvNH6ViroZA:thHQQihx4MwV60Z
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: sojbmoeminu.ihe
ProductVersion: 8.19.590.38
Copyright: Copyrighz (C) 2021, fudkagata
Translation: 0x0129 0x0171

Win32/Kryptik.HMNL also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
ALYacTrojan.GenericKD.46988797
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005827a11 )
K7AntiVirusTrojan ( 005827a11 )
CyrenW32/Kryptik.EWJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HMNL
APEXMalicious
AvastWin32:MalwareX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Zenpak.gen
BitDefenderTrojan.GenericKD.46988797
MicroWorld-eScanTrojan.GenericKD.46988797
Ad-AwareTrojan.GenericKD.46988797
SophosML/PE-A
Comodo.UnclassifiedMalware@0
BitDefenderThetaGen:NN.ZexaF.34142.Dq0@a8JO95fO
TrendMicroTROJ_FRS.0NA103IJ21
McAfee-GW-EditionBehavesLike.Win32.Lockbit.gc
FireEyeGeneric.mg.4b4c6166d1280c6b
EmsisoftTrojan.GenericKD.46988797 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/AD.StellarStealer.iynlx
eGambitUnsafe.AI_Score_93%
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Azorult.FW!MTB
ArcabitTrojan.Generic.D2CCFDFD
GDataTrojan.GenericKD.46988797
Acronissuspicious
McAfeePacked-GDV!4B4C6166D128
MAXmalware (ai score=80)
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_FRS.0NA103IJ21
RisingTrojan.Kryptik!1.D977 (CLASSIC)
IkarusGen.Variant.Refroso
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.EWJ!tr
AVGWin32:MalwareX-gen [Trj]

How to remove Win32/Kryptik.HMNL?

Win32/Kryptik.HMNL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment