Categories: Malware

Win32/Kryptik.HNPL (file analysis)

The Win32/Kryptik.HNPL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HNPL virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Oriya
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family

How to determine Win32/Kryptik.HNPL?


File Info:
name: FC015FA265C2646FDF8E.mlwpath: /opt/CAPEv2/storage/binaries/025ffdeff3146896b647b1c61e9c4adf919d0e0ce2fce0bd86c3764b1010176ecrc32: 407F8FE1md5: fc015fa265c2646fdf8e9ddd088f4e4csha1: 79190baf8b554d923c4a69dce4ba8711967ec742sha256: 025ffdeff3146896b647b1c61e9c4adf919d0e0ce2fce0bd86c3764b1010176esha512: a4f9ca8a0031f06fefc00561abe70818c2639825b3cc1a976b294697e0a4ff38553db83e1e723216085c65c639b8e4fcd544ab1500432f483fffd9d8fc5d93d1ssdeep: 6144:hLRXuKDBTIXe40VpB1PVfCkSSBYpR5jQuzbgwujigaLwVfw:hd5DhAed3FtJYX5jQunnbtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16C74E03176ECCA76E4634E70482496D0463BFC6259309107EB56A35E0DB3F9C8AF232Esha3_384: a6c04d0b3ea8b7bf1d01d26bfe32e6cbfb3441cfff33899759fb12402bffe642adf16606007ad8db367f79e9120d013cep_bytes: e85a370000e979feffffcccccccccccctimestamp: 2021-06-11 08:34:10
Version Info:
InternalName: bomgpiaruci.iwaCopyright: Copyrighz (C) 2021, fudkatProductVersion: 13.54.77.27Translation: 0x0127 0x046a

Win32/Kryptik.HNPL also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen3.8078
MicroWorld-eScan	Trojan.GenericKD.47601988
FireEye	Generic.mg.fc015fa265c2646f
McAfee	Lockbit-FSWW!FC015FA265C2
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:Win32/Raccrypt.4ecd2936
K7GW	Trojan ( 0058b91b1 )
K7AntiVirus	Trojan ( 0058b91b1 )
BitDefenderTheta	Gen:NN.ZexaF.34084.wy0@ayivuKHG
Cyren	W32/Kryptik.FWV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNPL
TrendMicro-HouseCall	TROJ_GEN.R002H06L821
Avast	Win32:DropperX-gen [Drp]
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Trojan.GenericKD.47601988
McAfee-GW-Edition	BehavesLike.Win32.Trojan.fc
Emsisoft	Trojan.GenericKD.47601988 (B)
Paloalto	generic.ml
GData	Win32.Trojan.PSE.1L145IR
MaxSecure	Trojan.Malware.300983.susgen
Avira	TR/AD.GenSHCode.znvpn
Gridinsoft	Malware.Win32.GenericMC.cc
Microsoft	Trojan:Win32/Raccoon.DE!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Dropper/Win.FSWW.C4826027
Acronis	suspicious
VBA32	BScope.TrojanDropper.Convagent
MAX	malware (ai score=82)
Malwarebytes	Trojan.MalPack.GS
APEX	Malicious
Rising	Trojan.Generic@ML.87 (RDML:NiLgqpCNYwLUxhWwOIJnpw)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_51%
Fortinet	W32/Lockbit.FSWW!tr
Webroot	W32.Malware.Gen
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.f8b554
Panda	Trj/GdSda.A