Malware

About “Win32:AceCrypter-T [Cryp]” infection

Malware Removal

The Win32:AceCrypter-T [Cryp] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:AceCrypter-T [Cryp] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Manipuri
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine Win32:AceCrypter-T [Cryp]?



File Info:

name: 992F8CB33A49973721AD.mlw
path: /opt/CAPEv2/storage/binaries/b25ec1636685319ed290424eca3726d53098da775ab34164ec92f27f2d638007
crc32: 09D0A8C4
md5: 992f8cb33a49973721ad40e63e8203b4
sha1: 175c7662806f86798d4cee1b186181f459968a25
sha256: b25ec1636685319ed290424eca3726d53098da775ab34164ec92f27f2d638007
sha512: 91abaab7ddb85ccbae897560d0652cb1f1cd1423a541a3ad4ae17307f8af05b7b10b2a100a115d79dbfab14f7db75c95d6fe9adb1d4293556419eca02b2833b3
ssdeep: 6144:xyiEIWZGuMBXlaLklL7SQugNp3c1jV0Q7ITsq7iga:xyilWZ8XlaLpvgNpDQ79
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12594E0C232929871D0552E31A825CBF11A7F7870E630A417F778AB2F2FB53D199B1B85
sha3_384: 3705c30676d2eac15f45633a1e992e11e5422f1c97fb0f7421bfd9fd1056d09e645fc734c7e56963f2637b486ee5a758
ep_bytes: e87d4a0000e989feffff8bff558bec68
timestamp: 2021-10-08 02:10:15


Version Info:

FileVersion: 39.42.11.19
Copyrighz: Copyright (C) 2022, pazkarte
ProjectVersion: 25.13.80.11

Win32:AceCrypter-T [Cryp] also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Strab.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.48818410
CAT-QuickHealRansom.Stop.P5
ALYacTrojan.GenericKD.48818410
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00591e391 )
AlibabaRansom:Win32/StopCrypt.a824ae03
K7GWTrojan ( 00590aac1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Filecoder.DG.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HPCT
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Strab.gen
BitDefenderTrojan.GenericKD.48818410
NANO-AntivirusTrojan.Win32.Kryptik.jnxafo
AvastWin32:AceCrypter-T [Cryp]
TencentTrojan-Spy.Win32.Stealer.16000356
Ad-AwareTrojan.GenericKD.48818410
SophosMal/Generic-S + Troj/Krypt-IR
ComodoMalware@#3fx9kpw5wy8yi
DrWebTrojan.Siggen17.35203
ZillyaTrojan.Kryptik.Win32.3737554
TrendMicroRansom_StopCrypt.R002C0DD922
McAfee-GW-EditionPacked-GDT!992F8CB33A49
FireEyeGeneric.mg.992f8cb33a499737
EmsisoftTrojan.GenericKD.48818410 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.14VDVPW
JiangminTrojan.Strab.aob
MAXmalware (ai score=84)
Antiy-AVLTrojan/Win32.Kryptik
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Generic.D2E8E8EA
ZoneAlarmHEUR:Trojan.Win32.Strab.gen
MicrosoftRansom:Win32/StopCrypt.PBF!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R482634
Acronissuspicious
McAfeePacked-GDT!992F8CB33A49
TACHYONTrojan/W32.Strab.420352.B
VBA32BScope.Malware-Cryptor.Hlux
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallRansom_StopCrypt.R002C0DD922
RisingTrojan.Kryptik!1.D977 (CLOUD)
IkarusTrojan-Ransom.StopCrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HPCT!tr
AVGWin32:AceCrypter-T [Cryp]
PandaTrj/GdSda.A

How to remove Win32:AceCrypter-T [Cryp]?

Win32:AceCrypter-T [Cryp] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment