Malware

Win32/Kryptik.HPHN information

Malware Removal

The Win32/Kryptik.HPHN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HPHN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Win32/Kryptik.HPHN?



File Info:

name: 1EC74ED75B9027208B16.mlw
path: /opt/CAPEv2/storage/binaries/00c8eb22a5b0428820b34b37d999112a8c9647fbf83b5dea93015e52a3cd2d3b
crc32: 8F8E2177
md5: 1ec74ed75b9027208b16a8ff2ca714a5
sha1: 841e3726d4d308efba9f071668d29b7a8aa4eab8
sha256: 00c8eb22a5b0428820b34b37d999112a8c9647fbf83b5dea93015e52a3cd2d3b
sha512: 449244d9f1fc15d6c2b53075eb0dced848fee43e53c5d08330993018fda581f66d4dd53c9914d6fa9cb5bcd29dfb262f1c6894f1b7389f96c5645912219b8b5d
ssdeep: 1536:eBBksyjFYJJdJqtap7jEeYknqnP/iKxH69IBZT71JjbYf2nr9JoRfPp0LAXLnf:ebksyjFaR9fO7xH68Zv1Jj5xufRkAXb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B324AE2132A0C072D067563058B4D2A22A7F7C626B74548B37A8177E2FF33E15AB5F67
sha3_384: e586690cf2a7abc4be0a8671501099beabe8690c369d5cb0e4a8c0af434f6b86434b3e703943755eca4f01204c8d5adf
ep_bytes: e86b360000e989feffff8bff558bec83
timestamp: 2021-09-23 02:22:49


Version Info:

FileVersion: 8.71.86.8
Copyrighz: Copyright (C) 2022, pazkarte
ProjectVersion: 98.81.74.73

Win32/Kryptik.HPHN also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Strab.4!c
MicroWorld-eScanGen:Variant.Mikey.136662
FireEyeGeneric.mg.1ec74ed75b902720
McAfeePacked-GDT!1EC74ED75B90
CylanceUnsafe
VIPREGen:Variant.Mikey.136662
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00591d6e1 )
BitDefenderGen:Variant.Mikey.136662
K7GWTrojan ( 00591d6e1 )
Cybereasonmalicious.6d4d30
CyrenW32/Kryptik.GKN.gen!Eldorado
SymantecPacked.Generic.525
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HPHN
APEXMalicious
ClamAVWin.Packed.Botx-9946088-0
KasperskyHEUR:Trojan.Win32.Strab.gen
AlibabaRansom:Win32/StopCrypt.4af4b7cf
AvastWin32:AceCrypter-U [Cryp]
RisingTrojan.Generic@AI.100 (RDML:Yp8DM3kY88HICUfErLC+og)
Ad-AwareGen:Variant.Mikey.136662
EmsisoftTrojan.Crypt (A)
DrWebTrojan.Siggen17.45687
ZillyaTrojan.Kryptik.Win32.3745871
TrendMicroRansom_StopCrypt.R002C0DDQ22
McAfee-GW-EditionBehavesLike.Win32.Generic.dt
SophosML/PE-A + Troj/Krypt-IR
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.PSE.CVUSZ0
JiangminBackdoor.Androm.bdfm
AviraHEUR/AGEN.1249897
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.50E8
ArcabitTrojan.Mikey.D215D6
ZoneAlarmHEUR:Trojan.Win32.Strab.gen
MicrosoftRansom:Win32/StopCrypt.PBJ!MTB
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.SmokeLoader.R486959
Acronissuspicious
ALYacGen:Variant.Mikey.136662
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallRansom_StopCrypt.R002C0DDQ22
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Packed.GDV!tr
AVGWin32:AceCrypter-U [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HPHN?

Win32/Kryptik.HPHN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment