Malware

Win32/Kryptik.HNOV removal instruction

Malware Removal

The Win32/Kryptik.HNOV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HNOV virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Macedonian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.HNOV?



File Info:

name: B5E87D00002601EF5F4F.mlw
path: /opt/CAPEv2/storage/binaries/930771e26a4f5fbac9bfd7a77949896f0ca88ddba55ec10c5565f17d522ffdb8
crc32: 993839E5
md5: b5e87d00002601ef5f4f7617af642244
sha1: 3a6f5a1083bcf46f009d0a845042db8c8c00b5b0
sha256: 930771e26a4f5fbac9bfd7a77949896f0ca88ddba55ec10c5565f17d522ffdb8
sha512: 3373229646a852ab94aa093f315d50c1385c4e79d48150926c09b05192c1cc7b7a2a5a7b4730fb8cd7a3fafce0c9c80192a3747df889bfd0a1a9fc94e5ac77e4
ssdeep: 6144:v47JjNQS0wh7uS2mic+yiWzc8WyNGw4d3BolshrFMf:vQJf0wh7MmickWzc8xNAolsRFE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15174C00137C0C072D05629B68A25C7B14EBE74756A66AA8BBFCC1BB85F346D1DB3530E
sha3_384: 622689d0d24c9b583df836fe1c0291be4475a94714630dad731be6e6c5915ceeaa3adfc64a9316e46da1e1889f963218
ep_bytes: e81d650000e978feffffcccccccccccc
timestamp: 2021-03-11 12:45:19


Version Info:

FileVers: 65.51.36.16
ProductVersa: 7.50.25.71
InternalName: peatemas
LegalCopyrighd: sharnir
Translations: 0x0169 0x0300

Win32/Kryptik.HNOV also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Stop.j!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader44.11819
MicroWorld-eScanTrojan.GenericKD.47583576
FireEyeGeneric.mg.b5e87d00002601ef
ALYacTrojan.GenericKD.47583576
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058b7cf1 )
K7GWTrojan ( 0058b7cf1 )
Cybereasonmalicious.083bcf
BitDefenderThetaGen:NN.ZexaF.34084.vq0@aK8YK@gG
CyrenW32/Kryptik.FXB.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.HNOV
TrendMicro-HouseCallTROJ_GEN.R002C0DLA21
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.SelfDel.gen
BitDefenderTrojan.GenericKD.47583576
AvastWin32:PWSX-gen [Trj]
Ad-AwareTrojan.GenericKD.47583576
EmsisoftTrojan.GenericKD.47583576 (B)
TrendMicroTROJ_GEN.R002C0DLA21
McAfee-GW-EditionBehavesLike.Win32.Emotet.fh
SophosMal/Generic-S + Troj/Krypt-BO
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan-Stealer.CoinStealer.AKLFUA
eGambitUnsafe.AI_Score_95%
AviraTR/Crypt.Agent.igyky
Antiy-AVLTrojan/Generic.ASMalwS.34E8541
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Azorult.RM!MTB
CynetMalicious (score: 100)
AhnLab-V3CoinMiner/Win.Glupteba.R456691
Acronissuspicious
McAfeeRDN/Sabsik
MAXmalware (ai score=85)
VBA32Trojan.Convagent
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingTrojan.Kryptik!1.DAF8 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HNOL!tr
WebrootW32.Trojan.Gen
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HNOV?

Win32/Kryptik.HNOV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment