Should I remove "Win32/Kryptik.HNKV"?

The Win32/Kryptik.HNKV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HNKV virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Spanish (Panama)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Steals private information from local Internet browsers
Attempts to modify proxy settings
Harvests cookies for information gathering

Related domains:

wpad.local-net

advanceddiplomaaviation.com

How to determine Win32/Kryptik.HNKV?


File Info:
name: A5360AE91346E90F25E3.mlw
path: /opt/CAPEv2/storage/binaries/d931fab4f34f6d028837e9846db16abd2ba7f9274bafcbcab696cd002c79e771
crc32: A9D6E65A
md5: a5360ae91346e90f25e3a67b507695ff
sha1: b36add4501ede312be9ee27b68d85826d0b9ec94
sha256: d931fab4f34f6d028837e9846db16abd2ba7f9274bafcbcab696cd002c79e771
sha512: 3cbe5bda37c834b34ec4f84f6ca7a32787533c45e3793d21005e0db2d7b633fefd8fe3ede48abbc683112ce425785adabb51c2527fec31081599539fd2eef4c7
ssdeep: 6144:2Z/v33oI+eSL2g730g3ebfH3MIup+Nlzcca:i/vHoxdP730g3eLHop+0ca
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T115648E10B7A0C435F2B717F858B5D3A9693FBDE16B24D0CB229126E99639AE0DD30347
sha3_384: df2a3745de84aa94e577e92ac37d23fa305cfa5562781930254da7d4cbec8de5aa905610952d7115e8235d34ab9b9472
ep_bytes: 8bff558bece806030000e8110000005d
timestamp: 2021-05-27 18:47:22

Version Info:
0: [No Data]

Win32/Kryptik.HNKV also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Jaik.49513
FireEye	Generic.mg.a5360ae91346e90f
CAT-QuickHeal	Trojan.Sabsik
McAfee	Artemis!A5360AE91346
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0058a5a11 )
Alibaba	Malware:Win32/km_24af8.None
K7GW	Trojan ( 0058a5a11 )
Cybereason	malicious.501ede
Baidu	Win32.Trojan.Kryptik.jm
Cyren	W32/Kryptik.FQI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNKV
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Jaik.49513
Avast	Win32:BotX-gen [Trj]
Ad-Aware	Gen:Variant.Jaik.49513
Emsisoft	Trojan.Crypt (A)
DrWeb	Trojan.Siggen15.51528
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Jaik.49513
Avira	TR/Kryptik.xnbnh
MAX	malware (ai score=99)
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Azorult.RMA!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Ransomware/Win.Stop.R452790
Acronis	suspicious
VBA32	BScope.Trojan.Krypter
ALYac	Gen:Variant.Jaik.49513
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	TROJ_GEN.R002H07KO21
Rising	Malware.Obscure/Heur!1.A89F (CLASSIC)
Ikarus	Trojan.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.FSC!tr
AVG	Win32:BotX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Win32/Kryptik.HNKV?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Win32/Kryptik.HNKV”?