Categories: Malware

Win32/Kryptik.HNSW information

The Win32/Kryptik.HNSW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.HNSW virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Spanish (Colombia)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Enumerates services, possibly for anti-virtualization
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
Creates a hidden or system file
CAPE detected the Tofsee malware family
Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.HNSW?


File Info:
name: 9A11001F0378E5520D35.mlwpath: /opt/CAPEv2/storage/binaries/2d7a57cbae33c32764342b7a4c1a4896508853582d1ddc25742911fd637c0a3dcrc32: E3FF4957md5: 9a11001f0378e5520d35dff6eabebd88sha1: 32fc2552e19db13a7c7144901df21a6924f0a495sha256: 2d7a57cbae33c32764342b7a4c1a4896508853582d1ddc25742911fd637c0a3dsha512: 5bfcd354722292e85078654c796c361bf06d77d51db364dbe6b6000c43482610692d8cc1110a3868ffa33a193cec7ce855ac6b5b5a11b6a12c97cbc95d04424fssdeep: 6144:13elxL+pOcSR+s0Dow62j8nRhm4xZacJSq1BqPsj+aEa8JcD:13eDL+IcSIsTw62j8nRhbxZa4SJna8Jtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T105549D10A7A0D435F1B752F859B993BDB93E79A16B31A0CF12C516FA5A74AE0DC3030Bsha3_384: ec8265aeb58093df4d2002f4b3b278a66f14c6a7c8be9bcbb1e922460bf873b56cbd727e3c527e71073d7550ac0b85bfep_bytes: 8bff558bece8b6360000e8110000005dtimestamp: 2020-06-26 18:39:56
Version Info:
0: [No Data]

Win32/Kryptik.HNSW also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Tofsee.m!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Vidar.15
MicroWorld-eScan	Trojan.GenericKD.38301327
FireEye	Generic.mg.9a11001f0378e552
ALYac	Trojan.GenericKD.38301327
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:Win32/Tofsee.366d8db0
K7GW	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D2486E8F
Cyren	W32/Kryptik.FYI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNSW
TrendMicro-HouseCall	TROJ_GEN.R002C0WLL21
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.Win32.Tofsee.gen
BitDefender	Trojan.GenericKD.38301327
NANO-Antivirus	Trojan.Win32.Tofsee.jjnsev
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Backdoor.Tofsee.Hsrx
Ad-Aware	Trojan.GenericKD.38301327
Sophos	ML/PE-A
Baidu	Win32.Trojan.Kryptik.jm
TrendMicro	TROJ_GEN.R002C0WLL21
McAfee-GW-Edition	BehavesLike.Win32.Generic.dm
Emsisoft	Trojan.GenericKD.38301327 (B)
Ikarus	Trojan.Win32
Jiangmin	Backdoor.Mokes.exm
Kingsoft	Win32.Hack.Undef.(kcloud)
Microsoft	Trojan:Win32/Azorult!ml
GData	Win32.Trojan.BSE.1R8QSDA
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R459566
Acronis	suspicious
McAfee	RDN/Emotet
MAX	malware (ai score=83)
VBA32	BScope.Malware-Cryptor.SmokeSoviet
Malwarebytes	Trojan.MalPack.GS
APEX	Malicious
Rising	Malware.Obscure/Heur!1.9E03 (CLASSIC)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_97%
Fortinet	PossibleThreat.ZDS
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_80% (W)