Malware

Win32/Kryptik.HQAD removal guide

Malware Removal

The Win32/Kryptik.HQAD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HQAD virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Tatar
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Win32/Kryptik.HQAD?



File Info:

name: 5C5CA038FC8517F77426.mlw
path: /opt/CAPEv2/storage/binaries/6d933666d938d725428ff377f460bb7948a4730abfdb44bd2da296e726628f7d
crc32: 51DA0CEE
md5: 5c5ca038fc8517f77426208f2dd37f38
sha1: 8f509b5b3eee258f8d8c66de7b907ea5fa1d3247
sha256: 6d933666d938d725428ff377f460bb7948a4730abfdb44bd2da296e726628f7d
sha512: 2c8d7e04b59af2a782971933bd5db75614b558068f66b04f31ce95fb551654dc7891874e0607d538521c1bc947e9d5d52f6051e14ce664c5f5a0235301e2bd78
ssdeep: 6144:rfLRvqFosiwLtOGAzqflZp4MptmKbpZD8FfVLqk:jlvqF8wRIK9ZD2VL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E964DF1136D0D032D8DA25768534C7B58E7FB8652536AA8F6FE926BD5F302E1DB3030A
sha3_384: 147230d7939ad2f604bef67ccd1ffd723b3928b322cc5258c656d4cff4b92899f28ea16d5d353b2a15da6a9c623ca3d7
ep_bytes: e89b380000e979feffff8bff558bec81
timestamp: 2021-05-07 11:30:09


Version Info:

FileVers: 65.51.36.16
ProductVersa: 7.51.25.81
InternalName: peatemas
LegalCopyrighd: sharpir
Translation: 0x016a 0x02ff

Win32/Kryptik.HQAD also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Injuke.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.50554284
FireEyeGeneric.mg.5c5ca038fc8517f7
CAT-QuickHealRansom.Stop.P5
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 00584baa1 )
AlibabaTrojan:Win32/RedLineStealer.18fe7066
K7GWRiskware ( 00584baa1 )
Cybereasonmalicious.b3eee2
CyrenW32/Kryptik.GDH.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HQAD
APEXMalicious
ClamAVWin.Packed.Pwsx-9954187-0
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderTrojan.GenericKD.50554284
AvastWin32:CrypterX-gen [Trj]
Ad-AwareGen:Variant.Mikey.138936
EmsisoftGen:Variant.Mikey.138936 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Krypt-BO
IkarusWin32.Outbreak
GDataWin32.Trojan.GleaMal.H0ISOR
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/RedLineStealer.PP!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.RedLineStealer.C5187820
McAfeeGenericRXTM-SM!5C5CA038FC85
VBA32Malware-Cryptor.Azorult.gen
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_GEN.R002H0CG122
RisingTrojan.Generic@AI.100 (RDML:68zkGjChVR+8Mka+rejPsw)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.HPZV!tr
BitDefenderThetaGen:NN.ZexaF.34742.ty0@a05l@9dG
AVGWin32:CrypterX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HQAD?

Win32/Kryptik.HQAD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment