Malware

Win32/Kryptik.HOGN malicious file

Malware Removal

The Win32/Kryptik.HOGN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HOGN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Finnish
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location

How to determine Win32/Kryptik.HOGN?



File Info:

name: F9B5CE77ADCB4C73BB4D.mlw
path: /opt/CAPEv2/storage/binaries/123265fab330bf5024ead1f70f9a7caf072011272106f9fd0bf0bf3b284da019
crc32: 8E4B7035
md5: f9b5ce77adcb4c73bb4d0deae71161ac
sha1: 88d3e7c0d3d08730b1d93c78cdccf40d88ff7a48
sha256: 123265fab330bf5024ead1f70f9a7caf072011272106f9fd0bf0bf3b284da019
sha512: b1e7282cb06ad0e833314cde5fa5d5e8f03e4cb3f42965e95c8c9af42b00aa05c24ad3b70c11043278cd3bc7ed4a5cae0c62c8597f94daf5d4f484fd0b6283b9
ssdeep: 3072:hz6J+AH26QQwL0ipFCLgf5764tsB5xosxkgaBChXVNIs4E472:hefHFwLXXnJsrigaCIB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19544BD013693D472CD955D349135DBA11A3FF8324965A64BF768BB2E2F303E2AB72306
sha3_384: ab512aa37ec212771f958d1a0a5acfc494edbfac39bbeef2c0c14e9bfbee9f099b58745d4d6b53752e698161e9120b88
ep_bytes: e8c25d0000e979feffff8bff51c70158
timestamp: 2021-02-09 04:51:28


Version Info:

FileVersion: 21.79.11.69
InternationalName: pomgveoci.iwe
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translations: 0x0127 0x010e

Win32/Kryptik.HOGN also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38889849
FireEyeGeneric.mg.f9b5ce77adcb4c73
ALYacTrojan.GenericKD.38889849
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053d5971 )
AlibabaRansom:Win32/GandCrab.2dbc97fa
K7GWTrojan ( 0058bc0d1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Generic.D2516979
CyrenW32/Injuke.M.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HOGN
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.LokiBot-9938483-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.GenericKD.38889849
AvastWin32:CrypterX-gen [Trj]
RisingTrojan.Azorult!8.107E7 (CLOUD)
Ad-AwareTrojan.GenericKD.38889849
SophosML/PE-A + Mal/Agent-AWV
DrWebTrojan.MulDrop19.27676
TrendMicroRansom_StopCrypt.R002C0DB722
McAfee-GW-EditionBehavesLike.Win32.Lockbit.dm
EmsisoftTrojan.GenericKD.38889849 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1242353
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASMalwS.3523490
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftMalware.Win32.GenericMC.cc
MicrosoftRansom:Win32/StopCrypt.MK!MTB
GDataTrojan.GenericKD.38889849
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.SmokeLoader.R470641
McAfeePacked-GDT!F9B5CE77ADCB
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallRansom_StopCrypt.R002C0DB722
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.ERHN!tr
BitDefenderThetaGen:NN.ZexaF.34212.qq0@aq2b!qmK
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A

How to remove Win32/Kryptik.HOGN?

Win32/Kryptik.HOGN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment