Malware

Win32/Kryptik.XFZ information

Malware Removal

The Win32/Kryptik.XFZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.XFZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Creates a copy of itself
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Kryptik.XFZ?



File Info:

name: D23F17CA5407C431FB7C.mlw
path: /opt/CAPEv2/storage/binaries/0cd785b8a530d4a37b61e9270917b222cf8118e09b0742ddbfa3284f1ec371e8
crc32: 2F22C854
md5: d23f17ca5407c431fb7ce4dacb7b71fe
sha1: 2527d77c3edf9a91483c4797b5e19d7443600613
sha256: 0cd785b8a530d4a37b61e9270917b222cf8118e09b0742ddbfa3284f1ec371e8
sha512: 6c950eb67f206759d83d1924ee9c99a17d95df4a16fc893114a57335d64d0b7a6531502335e05461c4db8042cfc9675183b248887cb19bfa5a81e25cf7995f7c
ssdeep: 3072:US4/09V+6Kn+uZe8z455elFksWRt7+dKGm:cwAdn+yePn/t7b
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T113E38D5177FA8E2AF4F76F351970A1454B7AFE22BA78935D184031070C722928E79B33
sha3_384: 0bf59fd4cb7d5ea2bfefb2d760874f79bac64ce9896761df0487451341cffd750d6f91305abbabf09b1bb6aeca1b185e
ep_bytes: 558bec6aff687c104100684402410064
timestamp: 2010-08-02 14:49:51


Version Info:

Comments: 
CompanyName: Trend Micro Inc.
FileDescription: Trend Micro AntiVirus Plus AntiSpyware
FileVersion: 17.50.0.1366
InternalName: 7zsfx.exe
LegalCopyright: Copyright (C) 1995-2012 Trend Micro Incorporated. All rights reserved.
LegalTrademarks: Copyright (C) Trend Micro Inc.
OriginalFilename: 7zsfx.exe
PrivateBuild: Build 1366 - 7/29/2009
ProductName: Trend Micro Internet Security
ProductVersion: 17.50
SpecialBuild: 1366
Translation: 0x0409 0x04e4

Win32/Kryptik.XFZ also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.lt9x
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Rimecud.12
FireEyeGeneric.mg.d23f17ca5407c431
CAT-QuickHealTrojan.Rimecud.U
SkyhighW32/Rimecud.gen.db
McAfeeW32/Rimecud.gen.db
MalwarebytesGeneric.Malware/Suspicious
ZillyaTrojan.Kryptik.Win32.192345
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0040f0501 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWTrojan ( 0040f0501 )
BitDefenderThetaGen:NN.ZexaF.36804.im0@aan19Idi
SymantecW32.Pilleuz!gen30
ESET-NOD32a variant of Win32/Kryptik.XFZ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Rimecud.12
NANO-AntivirusTrojan.Win32.Rimecud.jiclh
SUPERAntiSpywareTrojan.Agent/Gen-Rimecud
AvastWin32:FoldRun-C [Trj]
TencentTrojan.Win32.Rimecud.aa
EmsisoftGen:Variant.Rimecud.12 (B)
F-SecureWorm.WORM/Rimecud.ayna
DrWebTrojan.Packed.22177
VIPREGen:Variant.Rimecud.12
TrendMicroTROJ_RIMECUD.SMX
Trapminemalicious.high.ml.score
SophosTroj/HkMain-CT
IkarusVirus.Win32.Cryptor
ALYacGen:Variant.Rimecud.12
WebrootW32.Malware.Gen
VaristW32/Rimecud.X.gen!Eldorado
AviraWORM/Rimecud.ayna
Antiy-AVLTrojan/Win32.AGeneric
KingsoftWin32.HeurC.KVM007.a
MicrosoftTrojan:Win32/Rimecud.A
XcitiumTrojWare.Win32.Rimecud.aymf@4m0ay1
ArcabitTrojan.Rimecud.12
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Rimecud.12
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Inject.R43586
VBA32BScope.Trojan.Packed
GoogleDetected
Cylanceunsafe
PandaTrj/Rimecud.f
TrendMicro-HouseCallTROJ_RIMECUD.SMX
RisingWorm.Rimecud!1.9924 (CLASSIC)
YandexTrojan.Kryptik!/Q2ue7+A0JI
MAXmalware (ai score=100)
FortinetW32/Rimecud.M!tr
AVGWin32:FoldRun-C [Trj]
DeepInstinctMALICIOUS
alibabacloudRiskWare:Win/FakeAV.AZ

How to remove Win32/Kryptik.XFZ?

Win32/Kryptik.XFZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment