Malware

Win32/Kryptik.HNXX removal tips

Malware Removal

The Win32/Kryptik.HNXX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HNXX virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/Kryptik.HNXX?



File Info:

name: D2BCF7AF9FCB9F396078.mlw
path: /opt/CAPEv2/storage/binaries/52271cee2def6494e6113d60e977e9f8cc5633f9633256db22c7ff7fae76ecd1
crc32: A9DE9360
md5: d2bcf7af9fcb9f3960783811112e9e16
sha1: f2ee72dd738235d4b696d3a8d794c187a4686e16
sha256: 52271cee2def6494e6113d60e977e9f8cc5633f9633256db22c7ff7fae76ecd1
sha512: b972d5a0216c5d8b08e14bbb6afb50310e37eed12222e0f998668a5d03a3160290f4dfac51ed6a0926db8964f79d2c58c8ec358d9322d8f207215946e744f417
ssdeep: 3072:Re4LkrLyzsEzddV6/gHtMqE9oqAsJ5VL7RJdyNkmZy6Ncjaysdhs:Q4LkrLILzdP6YaqkoCJ5NEym9cja2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF64CE1279F08832D9E75E750837EA94AE7BF8111660817B3F5417EF6F726808A22F47
sha3_384: 5a8e94987aee16455d8b50297bc758af8c075b07ede8c4fe4d7f3bcd5e7df11fad1fa7845e7c895392c8fb6e9fbbeb74
ep_bytes: e8f1300000e979feffffe83700000086
timestamp: 2021-04-13 06:10:18


Version Info:

InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkort
ProjectVersion: 3.14.70.27
Translation: 0x0129 0x0794

Win32/Kryptik.HNXX also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.28547
MicroWorld-eScanTrojan.GenericKD.47845317
FireEyeGeneric.mg.d2bcf7af9fcb9f39
ALYacTrojan.GenericKD.47845317
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058cc3f1 )
AlibabaTrojan:Win32/Kryptik.d88806ae
K7GWTrojan ( 0058cc3f1 )
BitDefenderThetaGen:NN.ZexaF.34114.tuW@aO41yKcK
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HNXX
TrendMicro-HouseCallTROJ_GEN.R002C0PA822
ClamAVWin.Dropper.Tofsee-9919472-0
KasperskyTrojan.Win32.Agent.xaminx
BitDefenderTrojan.GenericKD.47845317
AvastWin32:CrypterX-gen [Trj]
Ad-AwareTrojan.GenericKD.47845317
EmsisoftTrojan.GenericKD.47845317 (B)
TrendMicroTROJ_GEN.R002C0PA822
McAfee-GW-EditionBehavesLike.Win32.Packed.ft
SophosML/PE-A + Mal/Agent-AWV
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.47845317
MAXmalware (ai score=83)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.Raccoon.R463105
Acronissuspicious
McAfeeArtemis!D2BCF7AF9FCB
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingMalware.Heuristic!ET#90% (RDMK:cmRtazqtpwif6B3yEwphz6ueyYoB)
IkarusTrojan.Win32.Krypt
FortinetW32/GenKryptik.ERHN!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HNXX?

Win32/Kryptik.HNXX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment