Malware

About “Win32:Kryptik-AZJ [Trj]” infection

Malware Removal

The Win32:Kryptik-AZJ [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Kryptik-AZJ [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • The sample wrote data to the system hosts file.
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Win32:Kryptik-AZJ [Trj]?



File Info:

name: E99BE4C0CDF17B335C4E.mlw
path: /opt/CAPEv2/storage/binaries/b11ca8576bbce98608924c84e4d3892d2450babc069b96f14de775033e3bc009
crc32: C350CDB0
md5: e99be4c0cdf17b335c4e43ad8c92eada
sha1: bd344009692111a90018a97e95585e6346932cb1
sha256: b11ca8576bbce98608924c84e4d3892d2450babc069b96f14de775033e3bc009
sha512: e2b33c601d63b21e5137eaf06ba3e974396c1e7c71f7b6116d39c5467764b1ec6a1d3abfe879251dec2f52daf51dcc3573998fe005546682b7aa0d3dc9765292
ssdeep: 6144:X7ZSRCVrwYJ7PEduK+fvrZZxoKGpPBEbbe1fHFFYmd6ra3tOF9OnChwvtb:X7wi0E7PFK+Ltxs56IFimdlETwvtb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FD74F0907FA1C472C2576974CE49C26BA9207FB568F0985773D20F9B3936852CA3363B
sha3_384: 1d3657a639e29d21a9602a0d5145ae1963672c6c9584b20bf05b77d14b7f823b972514e3620a3e5a355c302632c6747e
ep_bytes: 558bec6aff68e810450068acd9440064
timestamp: 2001-08-01 22:54:42


Version Info:

CompanyName: Ilxdhlunh Yycvbcxpyhm
FileDescription: Jqbblwvdb ODBC Desktop Driver Pack 3.5
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: odbcji32.dll
LegalCopyright: © Ddpjkricr Rmczqqqdhzs. All rights reserved.
OriginalFilename: odbcji32.dll
ProductName: Microsoft® Rntordq® Tnwrptaup Gquqmn
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Win32:Kryptik-AZJ [Trj] also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Monder.lic2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zbot.34
ClamAVWin.Trojan.Pirminay-664
ALYacGen:Variant.Zbot.34
CylanceUnsafe
ZillyaTrojan.Pirminay.Win32.651
SangforSuspicious.Win32.Save.ins
AlibabaTrojan:Win32/Starter.ali2000005
Cybereasonmalicious.0cdf17
VirITTrojan.Win32.Generic.BFFY
ESET-NOD32a variant of Win32/Ponmocup.GA
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zbot.34
NANO-AntivirusTrojan.Win32.Crypted.kfpqp
AvastWin32:Kryptik-AZJ [Trj]
TencentWin32.Trojan.Generic.Zolw
Ad-AwareGen:Variant.Zbot.34
TACHYONTrojan/W32.Pirminay.345629
EmsisoftGen:Variant.Zbot.34 (B)
ComodoMalware@#202gc2hjyn69m
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.DownLoader5.52436
VIPREGen:Variant.Zbot.34
McAfee-GW-EditionGeneric Malware.ms
FireEyeGeneric.mg.e99be4c0cdf17b33
SophosML/PE-A + Mal/Ponmocup-A
IkarusTrojan.Win32.Pirminay
GDataGen:Variant.Zbot.34
JiangminTrojan/Pirminay.ou
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Pirminay
KingsoftWin32.Troj.Pirminay.av.(kcloud)
ArcabitTrojan.Zbot.34
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDownloader:Win32/Ponmocup.A
GoogleDetected
McAfeeGeneric Malware.ms
VBA32BScope.TrojanDownloader.Ponmocup
RisingMalware.Undefined!8.C (TFE:5:nTKfClGh9NS)
YandexTrojan.Kryptik!L2AlFtsnFBU
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.1912437.susgen
FortinetW32/Kryptik.ANL!tr
BitDefenderThetaGen:NN.ZexaF.34698.vq1@aSrt2Pfi
AVGWin32:Kryptik-AZJ [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:Kryptik-AZJ [Trj]?

Win32:Kryptik-AZJ [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment