Categories: Malware

Win32/Kryptik.VSU removal guide

The Win32/Kryptik.VSU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Kryptik.VSU virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial binary language: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
A scripting utility was executed

How to determine Win32/Kryptik.VSU?


File Info:
name: FDA9162B93B4D91D95CE.mlwpath: /opt/CAPEv2/storage/binaries/573c58ff3a979c664d2e4d54fe0701b8f7caf789e7804c4958c392c0421e0c9ecrc32: 704B5664md5: fda9162b93b4d91d95ce60255b0ffa4esha1: c188e8074b1e8bdd2c2f5c534521a17dad0694dbsha256: 573c58ff3a979c664d2e4d54fe0701b8f7caf789e7804c4958c392c0421e0c9esha512: bb82f883fdff32cf468672acfef71ffdd49e3eabe2057e58e83b1eab7bb331b28f782ea981ed03742078500fc0dcd02d4c5154f45cb77f5275364f9291f3e79bssdeep: 768:WhStwnonTjWlVw4kbDU2yErc9a77Qk/d6I:QonW9kbDB9Qk/YItype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T176C2D18DD35A0A47F64B0C77CAA94A07C268F8508F6D5F089F90198FEC1C3479FA575Asha3_384: 83bcb47606a1ae2fd35dd88e6a06ed004b8d9aee2d91d380dc8f877ade88fd15f6439a7abbb6bb8f78f93c57f88ea5f7ep_bytes: 60be001041008dbe0000ffff57eb0bfatimestamp: 2004-10-24 13:02:58
Version Info:
CompanyName: Корпорация МайкрософтFileDescription: Диспетчер синхронизацииFileVersion: 5.1.2600.5512 (xpsp.080413-2108)InternalName: mobsync.exeLegalCopyright: © Корпорация Майкрософт. Все права защищены.OriginalFilename: mobsync.exeProductName: Диспетчер синхронизацииProductVersion: 5.1.2600.5512Translation: 0x0419 0x04b0

Win32/Kryptik.VSU also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Qhost.4!c
tehtris	Generic.Malware
DrWeb	Trojan.Packed.22288
MicroWorld-eScan	Gen:Variant.Barys.135
FireEye	Generic.mg.fda9162b93b4d91d
McAfee	Generic BackDoor.wz
Cylance	Unsafe
VIPRE	Gen:Variant.Barys.135
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0055dd191 )
Alibaba	Trojan:Win32/Qhost.d4e1f45f
K7GW	Trojan ( 0055dd191 )
CrowdStrike	win/malicious_confidence_90% (W)
BitDefenderTheta	Gen:NN.ZexaF.34698.bmKfayAw8Fdi
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/Kryptik.VSU
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R002C0CJ322
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Barys.135
NANO-Antivirus	Trojan.Win32.Qhost.ipfij
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan.Crypt.Xwhl
Ad-Aware	Gen:Variant.Barys.135
Sophos	ML/PE-A + Mal/Zbot-EZ
Comodo	Malware@#2aerxkb95p252
Zillya	Trojan.Qhost.Win32.8983
TrendMicro	TROJ_GEN.R002C0CJ322
McAfee-GW-Edition	Generic BackDoor.wz
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Barys.135 (B)
SentinelOne	Static AI – Suspicious PE
Webroot	Trojan.Dropper.Gen
Google	Detected
Avira	TR/Crypt.ULPM.Gen
MAX	malware (ai score=100)
Kingsoft	Win32.Troj.Qhost.(kcloud)
Microsoft	Trojan:Win32/Qhost
GData	Gen:Variant.Barys.135
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Remex.R20095
VBA32	Trojan.Qhost
ALYac	Gen:Variant.Barys.135
Malwarebytes	Trojan.FakeMS.ED
Rising	Trojan.Qhost!8.1B0 (CLOUD)
Yandex	Trojan.Qhost!N6aU33dPU+I
Ikarus	Trojan-Downloader.Win32.Dofoil
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Yakes.B!tr
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.b93b4d
Panda	Trj/Genetic.gen