HackTool.Win32.Crypt.sa

HackTool.Win32.Crypt.sa Description

HackTool.Win32.Crypt.sa is a malignant computer infection that was made to allow the attacker gain remote access to the affected computer to largely capture precious system resources and trace your Internet habits to record or steal your personal information. HackTool.Win32.Crypt.sa penetrates and installs the compromised computer without a victim's knowledge or permission when he/she opens unidentified email attachment or image, uses instant messaging, etc. HackTool.Win32.Crypt.sa is an identified security threat and has to be removed immediately upon detection.

Technical Information

File System Details

HackTool.Win32.Crypt.sa creates the following file(s):
# File Name Detection Count
1 %Temp%\IXP002.TMP\Server.exe N/A
2 %Temp%\IXP002.TMP\BRMCrypt.exe N/A
3 %Temp%\IXP001.TMP\BRMCrypt.exe N/A
4 %System%\Bifrost\server.exe N/A
5 %Temp%\IXP000.TMP\BRMCRY~1.EXE N/A
6 %System%\Bifrost\logg.dat N/A

Registry Details

HackTool.Win32.Crypt.sa creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_CURRENT_USER\Software\Bifrost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
stubpath = "%System%\Bifrost\server.exe s"