Malware

Win32/Kryptik.HOCF removal

Malware Removal

The Win32/Kryptik.HOCF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HOCF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Greek
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.HOCF?



File Info:

name: EBC9DE44DF2573CF4B31.mlw
path: /opt/CAPEv2/storage/binaries/697011b0b9e7278753a290f4156428e7457f6a3f99a3aa1db1bfd8d95e627217
crc32: 6F70801B
md5: ebc9de44df2573cf4b315359d7f302a1
sha1: c8b8d76b9475b47b29498860ce9d46897f8e9032
sha256: 697011b0b9e7278753a290f4156428e7457f6a3f99a3aa1db1bfd8d95e627217
sha512: 1fbad4dc67be3394e038c0a5d89b17d0881db787153fe2e03ce4ced46822aaae4bf076533bbb6f2d78e1bfc41422df79af17a7920e1d10cdb3b37b79918d2419
ssdeep: 49152:gGZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZn:
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T174E69EB4B6508A97D55527B0892BFFC51AACBC346C49D35720B8268FFE7730428462EF
sha3_384: 1456ebfafacae37cb517bd942d3ac8ceea878b89289036fe004da0db0e5fb032a72097c17d317b324fc259857f932113
ep_bytes: e8883b0000e979feffff832584a84300
timestamp: 2021-03-29 20:39:00


Version Info:

FileVersion: 21.29.11.69
InternationalName: bomgveoci.iwa
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.74.57
Translations: 0x0121 0x03ca

Win32/Kryptik.HOCF also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.31749
MicroWorld-eScanTrojan.GenericKDZ.83021
FireEyeGeneric.mg.ebc9de44df2573cf
ALYacTrojan.GenericKDZ.83021
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.b9475b
BitDefenderThetaGen:NN.ZexaF.34182.@t0@aCo0cKcG
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOCF
APEXMalicious
ClamAVWin.Malware.Mikey-9917879-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.GenericKDZ.83021
AvastWin32:CrypterX-gen [Trj]
Ad-AwareTrojan.GenericKDZ.83021
SophosML/PE-A + Mal/Agent-AWV
TrendMicroMal_Tofsee
McAfee-GW-EditionPacked-GEE!EBC9DE44DF25
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.BSE.JQPBOX
Antiy-AVLTrojan/Win32.SGeneric
ArcabitTrojan.Generic.D1444D
ZoneAlarmHEUR:Trojan-Ransom.Win32.Stop.gen
MicrosoftRansom:Win32/StopCrypt.PAR!MTB
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.SmokeLoader.R467655
McAfeePacked-GEE!EBC9DE44DF25
MAXmalware (ai score=88)
VBA32Backdoor.Tofsee
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallMal_Tofsee
RisingMalware.Heuristic!ET#88% (RDMK:cmRtazq61r5EEqKaHEFD7lPp3wq5)
YandexTrojan.Kryptik!Zy+jEwBwEow
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HOCG!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32/Kryptik.HOCF?

Win32/Kryptik.HOCF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment