Categories: Malware

What is “Win32/Kryptik.POT”?

The Win32/Kryptik.POT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.POT virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the embedded win api malware family
Creates a copy of itself
Touches a file containing cookies, possibly for information gathering
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Kryptik.POT?


File Info:
name: 648E2262B0B9F47A5E00.mlwpath: /opt/CAPEv2/storage/binaries/f72fef099f4999a27b85dc98e38b445f3849de99e8bb6759eca6c569c6f7ca7dcrc32: 9DA5E58Dmd5: 648e2262b0b9f47a5e00c974644f93adsha1: e4c182a84a55ad36b0227f5d2ef8244f901f8d71sha256: f72fef099f4999a27b85dc98e38b445f3849de99e8bb6759eca6c569c6f7ca7dsha512: 4488f9bad1b8628decee234648ac26a50fa2110a45a183a57d1d01184782b216d45b30aa36462f28d3d00189e5421b4c9d087e5658d30c755f0ed7f502796593ssdeep: 3072:RC2y+e46HcnoNar0LUddhOJmon94ykoRgRjCLW5FfB7+gVSPl8IsXEc:IYelHVNhbKfCLwBy+Q6IHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1FA0401318C25851FE6F1C978680BB1B4726D90A687443DEABFC852FD33A1A6E14DB3D0sha3_384: ef58ecb035009a7218b1fff135b9dd98f115aaac770388089ebb965a45b4c8b65aa3023a583194f0014b8bc22196f51fep_bytes: 558bec81eca40100006a006a006a006atimestamp: 2005-09-11 04:39:06
Version Info:
FileVersion: 2.0.0.3PrivateBuild: 1747ProductVersion: 2.0.0.3Translation: 0x0809 0x04b0

Win32/Kryptik.POT also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
ClamAV	Win.Trojan.Gbot-1466
Skyhigh	BehavesLike.Win32.Generic.cc
Cylance	unsafe
VIPRE	Gen:Heur.Conjar.4
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Backdoor ( 003210941 )
BitDefender	Gen:Heur.Conjar.4
K7GW	Backdoor ( 003210941 )
Cybereason	malicious.84a55a
VirIT	Trojan.Win32.Cryptor.A
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.POT
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Bulta.37a095d8
NANO-Antivirus	Trojan.Win32.Jorik.dpnco
MicroWorld-eScan	Gen:Heur.Conjar.4
Rising	Trojan.Win32.Fednu.fna (CLASSIC)
Emsisoft	Gen:Heur.Conjar.4 (B)
F-Secure	Backdoor.BDS/Cycbot.BC
DrWeb	Trojan.DownLoader3.57545
Zillya	Backdoor.Gbot.Win32.1581
TrendMicro	BKDR_CYCBOT.SME3
FireEye	Generic.mg.648e2262b0b9f47a
Sophos	Mal/FakeAV-IS
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Repno.C@gen
Jiangmin	Backdoor/Gbot.efe
Webroot	W32.Cycbot.Gen
Google	Detected
Avira	BDS/Cycbot.BC
MAX	malware (ai score=100)
Kingsoft	Win32.Trojan.Generic.a
Xcitium	TrojWare.Win32.Kryptik.QFB@40roaa
Arcabit	Trojan.Conjar.4
SUPERAntiSpyware	Trojan.Agent/Gen-Frauder
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:Win32/Cycbot.B
Varist	W32/Goolbot.J.gen!Eldorado
AhnLab-V3	Backdoor/Win32.Gbot.R7839
McAfee	BackDoor-EXI.gen.k
TACHYON	Backdoor/W32.GBot.174080.U
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Bedep
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/Cycbot.gen
TrendMicro-HouseCall	BKDR_CYCBOT.SME3
Yandex	Trojan.Cycbot.Gen!Pac.4
Ikarus	Backdoor.Win32.Cycbot
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Kryptik.POT!tr
BitDefenderTheta	AI:Packer.3B02961514
AVG	Win32:Cybota [Trj]
Avast	Win32:Cybota [Trj]
CrowdStrike	win/malicious_confidence_100% (D)