Malware

Win32/Kryptik.QLA (file analysis)

Malware Removal

The Win32/Kryptik.QLA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.QLA virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32/Kryptik.QLA?



File Info:

name: EB120E9A39F723E2358C.mlw
path: /opt/CAPEv2/storage/binaries/532b00822f6093c8d6a7a0ea51d63718163dd304305e1ab67f8a43d04e879386
crc32: 6AC720E1
md5: eb120e9a39f723e2358c1de77424ef0d
sha1: 6e7f0ef43603c5dc01a53b0fc7cdd91b89b5dafe
sha256: 532b00822f6093c8d6a7a0ea51d63718163dd304305e1ab67f8a43d04e879386
sha512: d4b735e6d93689c13370bec9c314566bf3c973748fa01f0f66630776adc52bc87895c7943e45e10ff55a1e401cc5938fe8b19cbdc7bdeeef56c7fa67c2af24d6
ssdeep: 6144:4Ri3oUY78z1bOy/xGELeBksi5f61FZroTcrQr:4Q3Y8zBgieBkl58FasQr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171342391F484BDF5CA1AD2F5D345E843E0C84660F46156CEBA8E91F91AF24253B8EF28
sha3_384: 1a14a994e33499e1cad59cd5de9e7a4b944eb3a8a20a892d1231db390ce424716f7d53c926b51e2449418dfa517ed93b
ep_bytes: 60be008043008dbe0090fcff57eb0b90
timestamp: 2004-03-08 13:47:48


Version Info:

CompanyName: Sheer Moan
FileDescription: Check Cogent Sub
FileVersion: 98.52.75.94
InternalName: Chute
LegalCopyright: Copyright © Servo Coils 2001-2010
OriginalFilename: Inlay.exe
ProductName: Dais
ProductVersion: 98.52.75.94
Translation: 0x0409 0x04b0

Win32/Kryptik.QLA also known as:

LionicTrojan.Win32.Jorik.ljaD
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.664
FireEyeGeneric.mg.eb120e9a39f723e2
ALYacGen:Variant.Barys.664
ZillyaTrojan.Fullscreen.Win32.77
K7AntiVirusTrojan ( 0055e3991 )
AlibabaRansom:Win32/Obfuscator.7b31f4bf
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.a39f72
BitDefenderThetaAI:Packer.6FEFA4BB1F
VirITTrojan.Win32.Winlock.EYF
CyrenW32/Zbot.DA.gen!Eldorado
SymantecTrojan.Gen
ESET-NOD32a variant of Win32/Kryptik.QLA
TrendMicro-HouseCallRansom_Weenloc.R002C0DB922
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.664
NANO-AntivirusTrojan.Win32.Fullscreen.gfjld
APEXMalicious
TencentWin32.Trojan.Fullscreen.Ajuw
Ad-AwareGen:Variant.Barys.664
SophosMal/Generic-R + Mal/EncPk-AAG
ComodoTrojWare.Win32.Trojan.XPACK.Gen@2ho5ur
DrWebTrojan.Winlock.3333
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_Weenloc.R002C0DB922
McAfee-GW-EditionBehavesLike.Win32.Trojan.dc
EmsisoftGen:Variant.Barys.664 (B)
IkarusTrojan-Ransom.Fullscreen
JiangminTrojan/Fullscreen.bt
WebrootW32.Malware.Gen
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.A66E84
GridinsoftRansom.Win32.Zbot.sa
MicrosoftRansom:Win32/Weenloc.A
GDataGen:Variant.Barys.664
CynetMalicious (score: 100)
McAfeeArtemis!EB120E9A39F7
VBA32Trojan.Zeus.EA.0999
RisingRansom.Weenloc!8.519 (CLOUD)
YandexTrojan.Fullscreen!YwzYs0nVEUY
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.HVQ!tr
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.QLA?

Win32/Kryptik.QLA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment