Malware

Should I remove “Win32:Crypt-OSU [Trj]”?

Malware Removal

The Win32:Crypt-OSU [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32:Crypt-OSU [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Removes Security and Maintenance icon from Start menu, Taskbar and notifications
  • Authenticode signature is invalid
  • Attempts to stop active services
  • Installs itself for autorun at Windows startup
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Attempts to modify user notification settings

How to determine Win32:Crypt-OSU [Trj]?


File Info:

name: 4DE3411F6DDA5FF9E039.mlw
path: /opt/CAPEv2/storage/binaries/fa7e27063e52f3f00b8d8cde3537804ac7e1d3d7c1c3a8d5cb387970ed8f659b
crc32: ED3D1F5F
md5: 4de3411f6dda5ff9e03913f58fc05324
sha1: 096d5667e4ef446bd3085ce6f1a7ef882a2ef7e2
sha256: fa7e27063e52f3f00b8d8cde3537804ac7e1d3d7c1c3a8d5cb387970ed8f659b
sha512: 71470e196e83fccb0e75b8df2f7ffe212b154501ebed449f61e22bf786ca102c9c11537e485234417cbe174d787b47f8beb898877422fe3246ee1cfb3e74db6e
ssdeep: 12288:X4Lwdk//psFei2YAb2gtCHGNE2Qy1/yjzdqBbHCE7:AXpsFj2YmomNv4qbiE7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E2A42333AF19923CE1F814B572FA933E1794D368BB9F194FC120EA9964D14D2BE01A47
sha3_384: cf8ce17c5b001151d8f36d7601a4e6f954081a6c0a95e71a050fd0c62d6d1cd3a6ea464d6175da4a8471792291a72bed
ep_bytes: 68004040005f8d35942f40006a1d59f3
timestamp: 2012-08-31 23:11:12

Version Info:

0: [No Data]

Win32:Crypt-OSU [Trj] also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lmka
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.VIZ.Gen.1
FireEyeGeneric.mg.4de3411f6dda5ff9
CAT-QuickHealTrojan.Lethic.B
McAfeeFakeAV-SecurityTool.ft
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f2c01 )
AlibabaVirTool:Win32/Obfuscator.2a3a263f
K7GWTrojan ( 0040f2c01 )
Cybereasonmalicious.f6dda5
BitDefenderThetaGen:NN.ZexaF.34582.CqW@auO15jmm
VirITFruadTool.Win32.Generic.AE
CyrenW32/FakeAlert.WP.gen!Eldorado
SymantecPacked.Generic.402
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.ARUZ
BaiduWin32.Trojan.Kryptik.ur
TrendMicro-HouseCallTSPY_FAREIT.SMKZ
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.VIZ.Gen.1
NANO-AntivirusTrojan.Win32.Agent.dmfgzo
SUPERAntiSpywareTrojan.Agent/Gen-RogueRel
AvastWin32:Crypt-OSU [Trj]
RisingTrojan.Generic@AI.100 (RDML:kg3uwus/WAzCDVbCMb2EKw)
Ad-AwareTrojan.VIZ.Gen.1
SophosML/PE-A + Mal/Zbot-KR
ComodoTrojWare.Win32.Kryptik.ARQC@4t65ce
DrWebTrojan.Packed.23721
VIPRETrojan.VIZ.Gen.1
TrendMicroTSPY_FAREIT.SMKZ
McAfee-GW-EditionFakeAV-SecurityTool.ft
Trapminemalicious.high.ml.score
EmsisoftTrojan.VIZ.Gen.1 (B)
APEXMalicious
GDataTrojan.VIZ.Gen.1
JiangminTrojan/Tepfer.Gen
WebrootW32.Rogue.Gen
AviraTR/FakeAV.uras.1
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.55
KingsoftWin32.Heur.KVM007.a.(kcloud)
MicrosoftRogue:Win32/Winwebsec
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Tepfer.R48343
VBA32Trojan.FakeAV.01657
ALYacTrojan.VIZ.Gen.1
TACHYONTrojan/W32.FakeAV.461824.U
MalwarebytesTrojan.LameShield
IkarusTrojan-PSW.Win32.Tepfer
TencentWin32.Trojan.Fakeav.bdmx
YandexTrojan.GenAsa!Yi1v9o0RoFE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.X!tr
AVGWin32:Crypt-OSU [Trj]
PandaTrj/Tepfer.B
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:Crypt-OSU [Trj]?

Win32:Crypt-OSU [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment