Malware

Should I remove “Win32:Crypto-V [Trj]”?

Malware Removal

The Win32:Crypto-V [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Crypto-V [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Catalan
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • CAPE detected the Ramnit malware family

How to determine Win32:Crypto-V [Trj]?



File Info:

name: 3CBE301F8B301DF906DB.mlw
path: /opt/CAPEv2/storage/binaries/1f7ea0c62aa6674f17b3b5ce79b431ea32ad6e45f1b1f0edb0ac6244e4eebd0b
crc32: E08EF70E
md5: 3cbe301f8b301df906db2e3cdf979485
sha1: 66125130302cb030bf67968565a047189d74371f
sha256: 1f7ea0c62aa6674f17b3b5ce79b431ea32ad6e45f1b1f0edb0ac6244e4eebd0b
sha512: 07640458b7fc8d88e036f52ba1b84cb1c2efda19aa6d8c90fc4ab3853caf5060417348f43582fa00274d2fd19e9853129b95c3c1d9bce2716792b7328226bf80
ssdeep: 768:806R0UugnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9IC3:CR0Cn3Pc0LCH9MtbvabUDzJYWu3Bg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T183C3CF46B574A5DEF2AE8A344455FB815F39BC260EF3C57A306C328FAE35C858A4072D
sha3_384: 66d484fd00b267aad1432e275f32d47f47b4070876bd7af81d7be1603d08026d35402217b76f53105ccda5dac1ded3df
ep_bytes: 558bec83ec2c8165ec000000008d5b56
timestamp: 2000-01-23 06:59:58


Version Info:

CompanyName: Macromedia, Inc.
FileDescription: Macromedia Flash Player 7.0  r19
FileVersion: 7,0,19,0
InternalName: Macromedia Flash Player 7.0
LegalCopyright: Copyright © 1996-2003 Macromedia, Inc.
LegalTrademarks: Macromedia Flash Player
OriginalFilename: SAFlashPlayer.exe
ProductName: Shockwave Flash
ProductVersion: 7,0,19,0
Translation: 0x0409 0x04b0

Win32:Crypto-V [Trj] also known as:

BkavW32.FamVT.DisbukCI.Trojan
LionicTrojan.Win32.Generic.lIHt
DrWebTrojan.Siggen2.9448
MicroWorld-eScanWin32.Virtob.Gen.12
FireEyeGeneric.mg.3cbe301f8b301df9
CAT-QuickHealW32.Virut.G
CylanceUnsafe
VIPREWin32.Virtob.Gen.12
SangforSuspicious.Win32.Save.a
K7AntiVirusVirus ( f10002001 )
K7GWVirus ( f10002001 )
Cybereasonmalicious.f8b301
BitDefenderThetaAI:FileInfector.C9457D4313
VirITWin32.Scribble.GenQ
CyrenW32/Ramnit.F.gen!Eldorado
SymantecPacked.Protexor!gen1
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Ramnit.AU.Gen
TrendMicro-HouseCallWORM_PALEVO.SMGD
ClamAVWin.Virus.Virut-6804273-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderWin32.Virtob.Gen.12
NANO-AntivirusTrojan.Win32.Ramnit.bbgdmp
SUPERAntiSpywareTrojan.Agent/Gen-Ramnit
AvastWin32:Crypto-V [Trj]
TencentTrojan.Win32.Koobface.udb
Ad-AwareWin32.Virtob.Gen.12
SophosML/PE-A + Mal/Ramnit-ZZ
ComodoTrojWare.Win32.Kryptik.ILZ@39m3x2
BaiduWin32.Trojan.Nimnul.a
ZillyaTrojan.Kryptik.Win32.89109
TrendMicroWORM_PALEVO.SMGD
McAfee-GW-EditionBehavesLike.Win32.Pate.ct
Trapminemalicious.high.ml.score
EmsisoftWin32.Virtob.Gen.12 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Virtob.Gen.12
JiangminPacked.Krap.dljx
WebrootW32.Trojan.Krap.Gen
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=80)
ArcabitWin32.Virtob.Gen.12
ViRobotWorm.Win32.A.Net-Koobface.126464
MicrosoftTrojan:Win32/Ramnit
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Krap.R20076
McAfeePWS-Zbot.gen.di
TACHYONTrojan/W32.Krap.129536.BK
VBA32Malware-Cryptor.Win32.General.4
MalwarebytesNimnul.Virus.FileInfector.DDS
APEXMalicious
RisingWin32.Ramnit.m (CLASSIC)
YandexTrojan.GenAsa!MLownxgq9A8
IkarusVirus.Win32.Ramnit
MaxSecurePacked.Krap.ar
FortinetW32/CoinMiner.F
AVGWin32:Crypto-V [Trj]
PandaTrj/Pck_Pretorx.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32:Crypto-V [Trj]?

Win32:Crypto-V [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment