Malware

Win32/Kryptik.HPGQ information

Malware Removal

The Win32/Kryptik.HPGQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HPGQ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Win32/Kryptik.HPGQ?



File Info:

name: E282AAAAC735400FF1B3.mlw
path: /opt/CAPEv2/storage/binaries/9ae63fa88c481352fb4a3afa9e5705e5c17da0e1a1c33c260569927c70cd7262
crc32: B39060F9
md5: e282aaaac735400ff1b34eca3d31e0e2
sha1: 23773dad9843a3b1e86946c7f193e443dd377989
sha256: 9ae63fa88c481352fb4a3afa9e5705e5c17da0e1a1c33c260569927c70cd7262
sha512: 0e0f8bd79bc9f3042852641ea539e3e8cd4b11a5b21a212580291ca57b2441e7fa8d90be4d93ba024eb9d11604310fe52fd0de98551a6d08eaa3776d3fb042ea
ssdeep: 3072:EgzhtxiAvjFT6k6U0Xp8F7M0XH2nfWLWgeGdk4BBXpHDDME1S:rfxiALl6k6U0Xp8tfQ4WgeG1BnHD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11524AE2133A0C072E0A7553078B086B15A7EB8736675858B7BA4DBFE5F303C15AB9357
sha3_384: 047db4fa1ef60f8d75f32c8c8fe762831582113c40d468e05b4c9163694debf40b106e63267287e3405d84d7d6e7b740
ep_bytes: e8c7450000e989feffff8bff51c7013c
timestamp: 2021-07-22 14:15:12


Version Info:

FileVersion: 5.71.86.8
Copyrighz: Copyright (C) 2022, pazkarte
ProjectVersion: 98.81.74.73

Win32/Kryptik.HPGQ also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanTrojan.GenericKDZ.86706
ALYacTrojan.GenericKDZ.86706
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00591b691 )
K7GWTrojan ( 00591b691 )
Cybereasonmalicious.d9843a
CyrenW32/Kryptik.GKN.gen!Eldorado
SymantecPacked.Generic.525
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HPGQ
APEXMalicious
ClamAVWin.Packed.Tofsee-9946338-0
KasperskyHEUR:Trojan.Win32.Strab.gen
BitDefenderTrojan.GenericKDZ.86706
NANO-AntivirusTrojan.Win32.Kryptik.joecjo
AvastWin32:AceCrypter-T [Cryp]
TencentTrojan-Spy.Win32.Stealer.16000356
Ad-AwareTrojan.GenericKDZ.86706
SophosML/PE-A + Troj/Krypt-IR
DrWebTrojan.DownLoader44.54624
McAfee-GW-EditionPacked-GDT!E282AAAAC735
FireEyeGeneric.mg.e282aaaac735400f
EmsisoftTrojan.Crypt (A)
JiangminTrojan.Strab.aue
AviraTR/Crypt.Agent.xmird
MicrosoftTrojan:Win32/Raccrypt.GY!MTB
GDataWin32.Trojan.PSE.1874AFP
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.SmokeLoader.R486516
Acronissuspicious
McAfeePacked-GDT!E282AAAAC735
MAXmalware (ai score=84)
MalwarebytesTrojan.MalPack.GS
RisingRansom.Stop!8.10810 (RDMK:cmRtazoTgeMEYeGKlasNajgZ2WK3)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HPGE!tr
AVGWin32:AceCrypter-T [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HPGQ?

Win32/Kryptik.HPGQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment