Win32/Kryptik.HNMI removal instruction

The Win32/Kryptik.HNMI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Kryptik.HNMI virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/Kryptik.HNMI?


File Info:
name: C2CF76E5DCDFBEA6AC06.mlw
path: /opt/CAPEv2/storage/binaries/2e9db54062b9b4c11893abe2916618da5eedd02ba073d2d1227c9b38822d98bd
crc32: AD1CD8E0
md5: c2cf76e5dcdfbea6ac06320d752dee82
sha1: 3bdded51f05eba09204d2730ef3cec9efb0e32fe
sha256: 2e9db54062b9b4c11893abe2916618da5eedd02ba073d2d1227c9b38822d98bd
sha512: bb9e0017012ef6f70f8c47cc2480b900457f893eab27a554fcd6c93bbf8d8b5772d295c618d46c94a8e9d3307f371bb89c2cf08f6b58ba05e14b272d346e1507
ssdeep: 24576:KGAPNpbW30GTBnlIyI6GIMmyEolIHmFoyE:KGMQXJl5IDIMmyEolI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF269B8B6E5C01DBD81D9E7591681782F7380A1E3E2983A761BE3D76CC406D37E93326
sha3_384: 0a96288d071a93ce922ae90c8a32f9dc1c04f47ae924d747f7841367d8c3210dd9aca7d8872126f66268adafaafdeb5a
ep_bytes: 8d403c8d52808d5a448d4a9c680a3f00
timestamp: 2021-11-23 03:23:53

Version Info:
FileVersion: 2, 1, 1, 3
Comments: Defalk
CompanyName: Star ForCe
InternalName: Undiscomposed
Streperous: Verberate
Crevalle: Anemometric
Argiopoidea: Pinjane
Warrantor: Wagonwright
Renderer: Consortion
Oversanguinely: Stonelayer
Endosiphon: Powderlike
Chondrosamine: Memnonian
Glycoprotein: Trigrammic
Unfixing: Linkable
Poohpoohist: Psittaceously
Catacorolla: Calycozoa
Prefeast: Infestant
Prelacrimal: Lycoperdaceous
Hyposcenium: Trichiniferous
Preplot: Earcap
Jailer: Bedgown
Fuglemanship: Anapanapa
Culm: Unobstinate
Unjealous: Bactericholia
Tandle: Atheisticalness
Lobulate: Untwist
Aminobenzamide: Landesite
Wolter: Chilina
Guesser: Quebrachine
Snowshoeing: Turbination
Septenniality: Repairableness
Nonexchangeable: Breedy
Sporange: Passamaquoddy
Extrazodiacal: Heliopora
Calking: Ostracean
Metaplasis: Squam
Henhearted: Undefilable
Melancholish: Quakerish
Diaplasma: Strikingly
Hawker: Cloistral
Blitum: Precapitalistic
Negroization: Shootman
Podostemonaceous: Unkoshered
Mortiferous: Tapu
Dele: Carangidae
Hyperdiapente: Ahum
Genual: Reheater
Sartorially: Anthropogony
Surcingle: Chromyl
Subaqueous: Quacksalver
Hirudiniculture: Afterfall
Algorism: Japetus
Earthborn: Mystagogy
Lavishly: Mousily
Cenacle: Dartoic
Underlet: Chiromyidae
Barbacou: Sheepify
Biflected: Pinless
Kulmet: Unamenability
Sothic: Chondrology
Grane: Unrealist
Terrestriality: Subscleral
Deepwater: Exteriorize
Perioophoritis: Antispace
Hockelty: Longirostrine
Unblent: Musicofanatic
LegalTrademarks: Intersomnious
OriginalFilename: Hyphal
PrivateBuild: Basidorsal
Translation: 0x0409 0x04e4

Win32/Kryptik.HNMI also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.47479168
FireEye	Generic.mg.c2cf76e5dcdfbea6
ALYac	Trojan.GenericKD.47479168
Malwarebytes	Trojan.Banker
Zillya	Trojan.Kryptik.Win32.3632098
K7AntiVirus	Trojan ( 0058ad0a1 )
Alibaba	Trojan:Win32/Kryptik.aee42cb9
K7GW	Trojan ( 0058ad0a1 )
BitDefenderTheta	Gen:NN.ZexaF.34062.@@0@aOG1VLhi
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNMI
TrendMicro-HouseCall	TROJ_GEN.R002C0WKQ21
Kaspersky	UDS:Trojan.Multi.GenericML.xnet
BitDefender	Trojan.GenericKD.47479168
ViRobot	Trojan.Win32.Z.Agent.4605440
Avast	Win32:Trojan-gen
Rising	Trojan.Generic@ML.91 (RDMK:SxNlcRvVwefrAnFg8x3G9g)
Ad-Aware	Trojan.GenericKD.47479168
Sophos	Mal/Generic-S
Comodo	fls.noname@0
TrendMicro	TROJ_GEN.R002C0WKQ21
McAfee-GW-Edition	BehavesLike.Win32.Generic.rz
Emsisoft	Trojan.GenericKD.47479168 (B)
Ikarus	Trojan-Spy.Win32.CoinStealer
MAX	malware (ai score=84)
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Trojan.GenericKD.47479168
Cynet	Malicious (score: 100)
McAfee	Artemis!C2CF76E5DCDF
VBA32	TrojanBanker.Agent
APEX	Malicious
SentinelOne	Static AI – Suspicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	Malicious_Behavior.SB
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Win32/Kryptik.HNMI?

Win32/Kryptik.HNMI removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X