Malware

Win32:Kryptik-AKT [Trj] removal

Malware Removal

The Win32:Kryptik-AKT [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Kryptik-AKT [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Checks for the presence of known windows from debuggers and forensic tools
  • Likely virus infection of existing system binary
  • Attempts to identify installed analysis tools by a known file location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Win32:Kryptik-AKT [Trj]?



File Info:

name: 8E4646293CA700EE512B.mlw
path: /opt/CAPEv2/storage/binaries/b74cd6f752cefee7830838f1eac40b7d71efcc8c7fef2b375938a6974784ec17
crc32: A8561FAC
md5: 8e4646293ca700ee512b53a7f2fe265e
sha1: 0df2bdd7e6c74056a53692aef270d78229516c5f
sha256: b74cd6f752cefee7830838f1eac40b7d71efcc8c7fef2b375938a6974784ec17
sha512: 1dc4a941eee2e572e72bc7cdb79048bebbee513ac24912b48027351e6a6a173bc915ec119ccfafe98dc7ec228bb3ec202a5d64b514cb2c08cc61b6bc2c167735
ssdeep: 6144:VEPQEcsSYBLM/kzjh/Xjp8vi7s9+3DSm4:2PQmSWBXyviE+z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F71412583ABFE20BFB1F437679BA3AC205F5746BB8264141E302A44EA4647057D7373A
sha3_384: 8c0836a0e7b2389fb74a249bd56f307a5d4cbbcc1b3977329f69f40e73a842a5999ac68c1ee6a3dee0a16abeee1e5144
ep_bytes: 60be007044008dbe00a0fbff57eb0b90
timestamp: 2005-09-24 01:13:43


Version Info:

CompanyName: Ccpnckvgfl Uimunxqtd
FileDescription: Ccpnckvgfl Twwdu Wwjcxswahp
FileVersion: 87,124,13,98
InternalName: Ccpnckvgfl
LegalCopyright: Copyright © Ccpnckvgfl Uimunxqtd 2004-2010
OriginalFilename: Ccpnckvgfl.exe
ProductName: Ccpnckvgfl Twwdu Wwjcxswahp
ProductVersion: 114,31,83,98
Translation: 0x0409 0x04e4

Win32:Kryptik-AKT [Trj] also known as:

BkavW32.MosquitoQKK.Fam.Trojan
LionicTrojan.Win32.Injector.lsKC
Elasticmalicious (high confidence)
DrWebWin32.HLLW.IRCBot.10
CynetMalicious (score: 100)
FireEyeGeneric.mg.8e4646293ca700ee
CAT-QuickHealWorm.SlenfBot.Gen
ALYacGen:Heur.VIZ.2
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1791186
SangforExploit.Win32.ShellCode.gen
K7AntiVirusTrojan ( f1000f011 )
AlibabaExploit:Win32/ShellCode.b2624c35
K7GWTrojan ( f1000f011 )
Cybereasonmalicious.93ca70
BitDefenderThetaAI:Packer.32857D8121
VirITTrojan.Win32.Generic.AAGL
CyrenW32/Zbot.CN.gen!Eldorado
SymantecW32.Qakbot!gen5
ESET-NOD32a variant of Win32/Kryptik.LDY
TrendMicro-HouseCallBKDR_QAKBOT.SMG
Paloaltogeneric.ml
ClamAVWin.Trojan.Kryptik-362
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.VIZ.2
NANO-AntivirusTrojan.Win32.Menti.dgfpq
SUPERAntiSpywareTrojan.Agent/Gen-Cryptic
MicroWorld-eScanGen:Heur.VIZ.2
AvastWin32:Kryptik-AKT [Trj]
TencentWin32.Trojan.Generic.Eckk
Ad-AwareGen:Heur.VIZ.2
EmsisoftGen:Heur.VIZ.2 (B)
ComodoTrojWare.Win32.Trojan.XPACK.Gen@2ho5ur
F-SecureTrojan.TR/Dropper.Gen
VIPRETrojan.Win32.Kryptik.lbu (v)
TrendMicroBKDR_QAKBOT.SMG
McAfee-GW-EditionW32/Pinkslipbot.gen.af
SophosMal/Generic-R + Mal/FakeAV-BW
IkarusTrojan.Win32.Menti
GDataGen:Heur.VIZ.2
JiangminTrojan/Generic.dgww
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Unknown
ArcabitTrojan.VIZ.2
ViRobotTrojan.Win32.A.Menti.203776[UPX]
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftWorm:Win32/Slenfbot.ALJ
AhnLab-V3Trojan/Win32.Zbot.R3226
McAfeeW32/Pinkslipbot.gen.af
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
MalwarebytesMalware.Heuristic.1003
APEXMalicious
RisingExploit.ShellCode!8.2A (CLOUD)
YandexTrojan.GenAsa!PsEgaakFxfg
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.NAS!tr
AVGWin32:Kryptik-AKT [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32:Kryptik-AKT [Trj]?

Win32:Kryptik-AKT [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment