Malware

Win32:Kryptik-PLE [Trj] removal

Malware Removal

The Win32:Kryptik-PLE [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Kryptik-PLE [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects information to fingerprint the system

How to determine Win32:Kryptik-PLE [Trj]?



File Info:

name: 279D12E1B7F50B837AC5.mlw
path: /opt/CAPEv2/storage/binaries/ef0254daad1bffe94fd31417b331e66bedd38f44e76b6a617f4e776a2f3682bc
crc32: 37004FC3
md5: 279d12e1b7f50b837ac5a15d830308a6
sha1: 0a2b6f37260f748ff8bb00801647aec7e877c533
sha256: ef0254daad1bffe94fd31417b331e66bedd38f44e76b6a617f4e776a2f3682bc
sha512: a3534c7f27d654c3cbc2686ebce2e384885f754e0d91c89b16ca5cf10828d0189ebe24814594029ef0d329cd978b31ad83f0ac187bab8b8957becab5eb014499
ssdeep: 6144:xutWhBTQ+pUU1GiASLdqCtU4eq2M77SbGqJO:sWhBsrdhSBlDe5M77S+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DE64ACC42903868AC8A0F976A161BFF8071F5F1249B73722B34C7B76A5BA2D31793745
sha3_384: 4d0997b61a13b3b6c620e9b8fe52ef032f262067b1d129ae4dee556991ca3e1dbbdb392202e58208a653f9f0ac4266ad
ep_bytes: 558bec83ec2856e804feffff05151605
timestamp: 2013-07-19 04:11:02


Version Info:

CompanyName: Hilgraeve, Inc.
FileDescription: HyperTerminal Applet
FileVersion: 5.1.2600.0
Translation: 0x0409 0x0000

Win32:Kryptik-PLE [Trj] also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lJXE
Elasticmalicious (high confidence)
DrWebTrojan.Mods.2
MicroWorld-eScanGen:Heur.Japik.6
FireEyeGeneric.mg.279d12e1b7f50b83
CAT-QuickHealTrojanPWS.Zbot.Y
McAfeePacked-AM!279D12E1B7F5
CylanceUnsafe
VIPREGen:Heur.Japik.6
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005110401 )
K7GWTrojan ( 005110401 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34592.tK1@aeyOtAIi
VirITTrojan.Win32.Crypt2.XPT
CyrenW32/S-64cfdcec!Eldorado
SymantecPacked.Generic.459
tehtrisGeneric.Malware
ESET-NOD32Win32/TrojanDropper.Gepys.AA
APEXMalicious
ClamAVWin.Trojan.Agent-1377902
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Japik.6
NANO-AntivirusTrojan.Win32.Mods.cqkhah
SUPERAntiSpywareTrojan.Agent/Gen-ShipUp
AvastWin32:Kryptik-PLE [Trj]
TencentMalware.Win32.Gencirc.10b572ae
Ad-AwareGen:Heur.Japik.6
EmsisoftGen:Heur.Japik.6 (B)
ComodoTrojWare.Win32.Kryptik.BFIV@5013ii
BaiduWin32.Trojan.Kryptik.as
ZillyaDropper.Gepys.Win32.125
TrendMicroTROJ_SPNR.15HD13
McAfee-GW-EditionBehavesLike.Win32.ZeroAccess.fh
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Zbot-MX
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE1.6Q6GH9
JiangminTrojan/Generic.bdpba
WebrootW32.Heuristic.Dkvt
GoogleDetected
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.217
ArcabitTrojan.Japik.6
MicrosoftTrojan:Win32/Emotet.KDS!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Shipup.R73526
VBA32Trojan.MSA.22707
ALYacGen:Heur.Japik.6
MalwarebytesTrojan.FakeMS.INC
TrendMicro-HouseCallTROJ_SPNR.15HD13
RisingTrojan.Kryptik!1.AB59 (CLASSIC)
YandexTrojan.GenAsa!KKkP/vc3Mb8
IkarusTrojan.Win32.Reveton
MaxSecureTrojan.ShipUp.gen
FortinetW32/Lockscreen.LOA!tr
AVGWin32:Kryptik-PLE [Trj]
Cybereasonmalicious.1b7f50
PandaTrj/Genetic.gen

How to remove Win32:Kryptik-PLE [Trj]?

Win32:Kryptik-PLE [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment