Malware

Win32/Kryptik.HSXU (file analysis)

Malware Removal

The Win32/Kryptik.HSXU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.HSXU virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Kryptik.HSXU?



File Info:

name: 6053E850ED0AD036A4B1.mlw
path: /opt/CAPEv2/storage/binaries/cad2128ad37d097fc8eddb017c13391eee60926673fccfe5fa5eb4d44f5c30b2
crc32: CBF85F3B
md5: 6053e850ed0ad036a4b101aa9750051e
sha1: f06a1c0887773e1dd1e1651ba1e26351727e7129
sha256: cad2128ad37d097fc8eddb017c13391eee60926673fccfe5fa5eb4d44f5c30b2
sha512: 276646b74172f51d351f4cf7ea11dc7778d7f01837e4faff9ca4cac8cf2f06cf14351be92bf7450eb23369aea0eac4489bb92565a8d3bec2c31a9ba39aa83ab5
ssdeep: 3072:BmEuMYO2kJcjBlZyyyJvBHddCIHIom76/qZAfoilnBFEatQuSK7kPexq:BmrLuhqIHI17iWiPaatQtKo3
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F384635273975488F8CB8EF1149F95A91C2C09FE3E1F68CBE946B408DB51F685AF8309
sha3_384: b8baecddf7ecbec1a61498a7f3b0ddf94c901703ebbbbcb278960004d6a13bd86cbba1deded7a2aa0b91a181b6d48c4b
ep_bytes: e80a3c0000e9a4feffff3b0d00834500
timestamp: 2023-03-03 08:58:06


Version Info:

Comments: Communications piggish clerks pangas
CompanyName: Dependencies orientate perpetuates
FileDescription: Speciation merges developed maidservants
FileVersion: 7.52.179.4
InternalName: Instrumentally ammeter
LegalCopyright: Copyright © Moulds bluebell asynchronous engineered coxcomb
LegalTrademarks: Itchiest blighting
OriginalFilename: Unripe registrars
ProductName: Prohibiting agonising
ProductVersion: 7.52.179.4
Translation: 0x081a 0x081a

Win32/Kryptik.HSXU also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.97765
FireEyeTrojan.GenericKDZ.97765
MalwarebytesTrojan.Crypt
CrowdStrikewin/malicious_confidence_90% (D)
ArcabitTrojan.Generic.D17DE5
BitDefenderThetaGen:NN.ZexaF.36308.xq2@ammMnwni
ESET-NOD32a variant of Win32/Kryptik.HSXU
APEXMalicious
KasperskyVHO:Backdoor.Win32.Convagent.gen
BitDefenderTrojan.GenericKDZ.97765
AvastWin32:TrojanX-gen [Trj]
EmsisoftTrojan.GenericKDZ.97765 (B)
Trapminemalicious.high.ml.score
IkarusTrojan.Win32.Crypt
GoogleDetected
Antiy-AVLTrojan/Win32.Kryptik
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmVHO:Backdoor.Win32.Convagent.gen
GDataWin32.Trojan.PSE.X53J5T
MAXmalware (ai score=87)
Cylanceunsafe
RisingBackdoor.Convagent!8.123DC (TFE:5:DhjyLCrCMdK)
FortinetW32/Kryptik.HSEV!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen

How to remove Win32/Kryptik.HSXU?

Win32/Kryptik.HSXU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment