Malware

Win32/Kryptik_AGen.AMZ information

Malware Removal

The Win32/Kryptik_AGen.AMZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik_AGen.AMZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Tswana
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • CAPE detected the STOP malware family
  • Attempts to modify proxy settings
  • Creates a known STOP-Djvu ransomware decryption instruction / key file.
  • Creates a known STOP ransomware variant mutex
  • STOP ransomware command line behavior detected
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Kryptik_AGen.AMZ?



File Info:

name: 2A48D7BCFE5050C4A835.mlw
path: /opt/CAPEv2/storage/binaries/c80b191090165867fd40fc3980d513c3dbbe964a4772b5ee408f19be81827d33
crc32: 56878306
md5: 2a48d7bcfe5050c4a83525bc4b5c455f
sha1: e7cfdbca29274455e44465f270d209ae7fcb517c
sha256: c80b191090165867fd40fc3980d513c3dbbe964a4772b5ee408f19be81827d33
sha512: e9408dc114bb829778024798b5b22e5e543b008a30c3a6eda269ddba72a01d1a900aaea07019d47e2cf9b71cb9dbc0105a1f379df6733691602b18d80e2a162c
ssdeep: 12288:9i1LkK/LeezA9xPvTvLagNdhLbMEN+ttO1E5lY46kGyS5:g14K/ydjP7jbNdpI6mO1mK46XN5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A00522633BB2C0B6D45261B00234FB610ABEFA7174A1C4973764666B2F74EE0D93935B
sha3_384: 9a54e5a920e9682628e9f13e40a8253682c40ebfc00cb23426f668d0244f36d991991ade7c83ba1b371848c727a7e6df
ep_bytes: e8866c0000e978feffff8bff558bec8b
timestamp: 2022-01-10 09:35:47


Version Info:

FileVersions: 27.19.34.23
InternationalName: povgwaoci.iwe
Copyright: Copyright (C) 2022, somoklos
ProjectsVersion: 82.31.11.78

Win32/Kryptik_AGen.AMZ also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Kryptik.HUW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik_AGen.AMZ
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan.Win32.Convagent.gen
AvastWin32:PWSX-gen [Trj]
SophosML/PE-A + Troj/Krypt-RQ
McAfee-GW-EditionBehavesLike.Win32.Lockbit.bc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.2a48d7bcfe5050c4
SentinelOneStatic AI – Suspicious PE
ZoneAlarmVHO:Trojan.Win32.Convagent.gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GoogleDetected
Acronissuspicious
VBA32BScope.TrojanDownloader.Ajent
RisingTrojan.Generic@AI.100 (RDML:g611AJOA5z8PP6fXDPIpYw)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.ETEM!tr
AVGWin32:PWSX-gen [Trj]

How to remove Win32/Kryptik_AGen.AMZ?

Win32/Kryptik_AGen.AMZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment