Win32/Kryptik.HRPK information

The Win32/Kryptik.HRPK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Kryptik.HRPK virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family

How to determine Win32/Kryptik.HRPK?


File Info:
name: 4805A8CC839B36B9D797.mlw
path: /opt/CAPEv2/storage/binaries/60eccada38964f086906a0f1374b05ec9deaaf011217a79e908934b428bc269b
crc32: 368E4659
md5: 4805a8cc839b36b9d797dc7d95c053ad
sha1: 396d4e5cf162bb06e1d057a57aa25862ce13527b
sha256: 60eccada38964f086906a0f1374b05ec9deaaf011217a79e908934b428bc269b
sha512: 465e8226766e2c8799dbe19d1927e1294347131df8c6f038754a0bbe45c428199a935c6562403b95fccc7a39fd843901710e2ba6d641d0f93305c89665779bd2
ssdeep: 3072:Ph9DX6/wiE1qySWY0tKeCAcB2mcOSmnVbLwvCIT7e18wpURkKLYYRSecil9LLWFe:Ph96oiErY04V30mtyv3Q38ksJO
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T14024BF13BBA05574C845D8BCA4B652E1DBFD1E1633D49088331D30676A3F9FAEA6923C
sha3_384: 743c9ab6e580e05b8fc7e07e7d5b1db457789a0196424e64580c2f02fba282fd12bf6e13fee157555f17897f6a67525c
ep_bytes: e8af210000e9a4feffff8bff558bec8b
timestamp: 2022-11-26 07:33:21

Version Info:
Comments: Switchboard mouthtomouth vote alibis dear solvers
CompanyName: Cardholders adding newspapers
FileDescription: Scarlet burped concords classificatory
FileVersion: 4.50.111.1
InternalName: Ordination horror
LegalCopyright: Copyright © Embellishing expurgated
LegalTrademarks: Slobbering bowlers
OriginalFilename: Druid subatomic
ProductName: Raring
ProductVersion: 4.50.111.1
Translation: 0x081a 0x081a

Win32/Kryptik.HRPK also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HRPK
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
Avast	Win32:CrypterX-gen [Trj]
Rising	Trojan.Generic@AI.100 (RDML:xGczkAzN9WuhIBtjf0W57g)
Sophos	ML/PE-A
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.4805a8cc839b36b9
SentinelOne	Static AI – Suspicious PE
Google	Detected
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Acronis	suspicious
VBA32	BScope.TrojanPSW.RedLine
Cylance	Unsafe
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.HRSA!tr
BitDefenderTheta	Gen:NN.ZexaE.34796.nq0@aiQ4KOji
AVG	Win32:CrypterX-gen [Trj]
Cybereason	malicious.cf162b

How to remove Win32/Kryptik.HRPK?

Win32/Kryptik.HRPK removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X