Malware

Win32:Crypt-GKN [Drp] removal

Malware Removal

The Win32:Crypt-GKN [Drp] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Crypt-GKN [Drp] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Win32:Crypt-GKN [Drp]?



File Info:

name: 36FB57527BB078B72452.mlw
path: /opt/CAPEv2/storage/binaries/f04502d67a83b9bfc120fc97dab008b6850809daadae74235504137cddeba642
crc32: 79CD7266
md5: 36fb57527bb078b724524bf7cc32c061
sha1: a3d827391a7f6a115463fc68d88b355e43d46105
sha256: f04502d67a83b9bfc120fc97dab008b6850809daadae74235504137cddeba642
sha512: 45c9ef1c1affcb3aa256e3d3ad9e1011740fee5ee5d54774b9f13abf588f142e32d57c44609ceae9833d49884740426735b2c28ffc70087b175bd5ba438c7ee4
ssdeep: 3072:dsu5wMeOy53L+/+x1LfbLlHiLtl0BpSvIIIIIIITyPqPgEZ+ZcHmzTqQxn:dsT3L+/+nbvlHizmpSvIIIIIIITGjRZj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124F3122B5028C881D4099FF6465611BF72BBF38C336DDF75BBCB55EB688190589C22B8
sha3_384: 56ee9c3271c859576d08c4c73b75cbb61ed6e72864cfa90bdf4f4bb0f2798633498d2aba70523cc5e547d9009fda5a19
ep_bytes: 6a286870204000e87402000033ff57ff
timestamp: 2007-12-28 14:11:35


Version Info:

FileDescription: Protected Application
FileVersion: 1, 0, 0, 1
ProductVersion: 1, 0, 0, 1
Comments: Is protected with Teggo MoleBox 4.2321
Translation: 0x0000 0x04b0

Win32:Crypt-GKN [Drp] also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Refroso.2
FireEyeGeneric.mg.36fb57527bb078b7
CAT-QuickHealVirTool.DelfInject.AF
ALYacGen:Variant.Refroso.2
CylanceUnsafe
ZillyaTrojan.Refroso.Win32.24701
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 001788e91 )
AlibabaBackdoor:Win32/Bifrose.8bc3dbec
K7GWTrojan ( 001788e91 )
Cybereasonmalicious.27bb07
BitDefenderThetaAI:Packer.A9C2FC5A1E
CyrenW32/VBInject.V.gen!Eldorado
SymantecBackdoor.Bifrose!gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.MoleboxUltra suspicious
APEXMalicious
ClamAVWin.Trojan.Agent-36155
KasperskyBackdoor.Win32.Bifrose.fxv
BitDefenderGen:Variant.Refroso.2
NANO-AntivirusTrojan.Win32.Dybalom.dvxne
CynetMalicious (score: 100)
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
AvastWin32:Crypt-GKN [Drp]
TencentWin32.Backdoor.Bifrose.Icnw
Ad-AwareGen:Variant.Refroso.2
EmsisoftGen:Variant.Refroso.2 (B)
ComodoTrojWare.Win32.Refroso.ew@4l6ebo
DrWebBackDoor.Bifrost.20804
VIPREGen:Variant.Refroso.2
TrendMicroTROJ_BREDLAB.SMD
McAfee-GW-EditionBehavesLike.Win32.VirRansom.cc
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/BigMole-B
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.bjusv
WebrootW32.Bifrose.Gen
AviraTR/Crypt.CFI.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASBOL.C615
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Refroso.2
GoogleDetected
AhnLab-V3Trojan/Win32.Bifrose.R1707
McAfeeArtemis!36FB57527BB0
VBA32BScope.Trojan.Inject
MalwarebytesTrojan.MalPack.Generic
TrendMicro-HouseCallTROJ_BREDLAB.SMD
RisingTrojan.Generic@AI.100 (RDML:JlsEJLb6uGCNlq2Ve6WjjA)
YandexBackdoor.Trenk!0zw3ZOQiYLM
IkarusTrojan.Win32.Agent
MaxSecurePacked.Rebhip.a
FortinetW32/Refroso.BKBI!tr
AVGWin32:Crypt-GKN [Drp]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:Crypt-GKN [Drp]?

Win32:Crypt-GKN [Drp] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment