Malware

Win32/Kryptik.HQOR removal

Malware Removal

The Win32/Kryptik.HQOR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HQOR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Georgian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Tofsee malware family
  • Deletes executed files from disk
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik.HQOR?



File Info:

name: DA592761B055B8FF0D9C.mlw
path: /opt/CAPEv2/storage/binaries/e4aaf470d53988a41868ab0b8cb2a2f0c4a60110fd15be547b339d7c3d703e94
crc32: 0DA35605
md5: da592761b055b8ff0d9c8b4802726a01
sha1: 8569e1370c60ae1d16400bf5b2c85b041f33d7b4
sha256: e4aaf470d53988a41868ab0b8cb2a2f0c4a60110fd15be547b339d7c3d703e94
sha512: d40948a728adf844b147ea9470c3627c2866df59ed8309a59fb388247f1c223cb92c47bddf2d6bccf7db1d5fd1e511d5f7781ae6d15ccb9a6651daa80520190a
ssdeep: 12288:Vo4RU/8kJ7+ibbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbr:VoeUk2S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T122D62A51A7FE92DBF7F35A3099B1AB903A7BBD13B934428E3510260B2D356808D4176F
sha3_384: f7c8099af0d5cf62a340c1c4ec14b1b51c38ed3ed3bc10813275e91a5b6b2016182a38aedbb6854f6dcb0c3cc69674f6
ep_bytes: e8b8160000e989feffff8bff558bec8b
timestamp: 2022-03-01 05:50:35


Version Info:

FileVersions: 98.55.22.41
Copyright: Copyright (C) 2022, soboklos
ProjectVersion: 74.85.66.75

Win32/Kryptik.HQOR also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKDZ.91340
FireEyeGeneric.mg.da592761b055b8ff
CylanceUnsafe
VIPRETrojan.GenericKDZ.91340
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 00584baa1 )
K7GWRiskware ( 00584baa1 )
Cybereasonmalicious.70c60a
CyrenW32/Kryptik.HGS.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HQOR
APEXMalicious
ClamAVWin.Malware.Dropperx-9965436-0
KasperskyHEUR:Backdoor.Win32.Tofsee.gen
BitDefenderTrojan.GenericKDZ.91340
AvastWin32:TrojanX-gen [Trj]
RisingTrojan.Generic@AI.100 (RDML:+ukOcmHXxjli+xHRhiRn1g)
Ad-AwareTrojan.GenericKDZ.91340
EmsisoftTrojan.GenericKDZ.91340 (B)
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.Generic.rh
Trapminemalicious.moderate.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1HW9YBI
GoogleDetected
AviraTR/Crypt.EPACK.Gen2
MAXmalware (ai score=82)
MicrosoftRansom:Win32/StopCrypt.SLF!MTB
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GDT.R512747
Acronissuspicious
VBA32Malware-Cryptor.2LA.gen
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallMal_Tofsee
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32/Kryptik.HQOR?

Win32/Kryptik.HQOR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment