Malware

About “MSIL/Kryptik.AACH” infection

Malware Removal

The MSIL/Kryptik.AACH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.AACH virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

How to determine MSIL/Kryptik.AACH?



File Info:

crc32: F087A22A
md5: 97aa9a2cc76d429a294fc78aa53be558
name: 97AA9A2CC76D429A294FC78AA53BE558.mlw
sha1: d8366313f055b56f03f394785fb997defb9ab5cb
sha256: aa75348f2d473120ade2b3b4793d197fd3644e8b0d7e24b2fcc6a6a1593ad829
sha512: 159be92f99535a5f4805361b46126306f6ce8ebac0ba979fd9321832085688c24c59ab51814865f2813a26dcf82f6a4e4ac8b4a0dd70429db3a585e5be987089
ssdeep: 12288:GWVR0kuhuz0GOeDirMXb02uh1AE0YNWTmncF+xRF9:DTbAVO0L/AvqimnJ
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: 2005 2017 xa9  Screaming Bee Inc. All rights reserved.
Assembly Version: 2.9.0.0
InternalName: Hash.exe
FileVersion: 2.9.0.0
CompanyName: Screaming Bee
LegalTrademarks: 
Comments: Voice Morphing Application
ProductName: MorphVOXJr
ProductVersion: 2.9.0.0
FileDescription: MorphVOXJr
OriginalFilename: Hash.exe

MSIL/Kryptik.AACH also known as:

K7AntiVirusTrojan ( 005796741 )
Elasticmalicious (high confidence)
DrWebTrojan.PackedNET.580
CynetMalicious (score: 100)
ALYacBackdoor.Remcos.A
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:Win32/Kryptik.ali2000016
K7GWTrojan ( 005796741 )
Cybereasonmalicious.3f055b
CyrenW32/MSIL_Kryptik.DQF.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.AACH
APEXMalicious
AvastWin32:RATX-gen [Trj]
KasperskyHEUR:Backdoor.MSIL.Remcos.gen
BitDefenderTrojan.GenericKD.36536345
MicroWorld-eScanTrojan.GenericKD.36536345
TencentMsil.Backdoor.Remcos.Huzi
Ad-AwareTrojan.GenericKD.36536345
SophosMal/Generic-S
ComodoMalware@#2e0ju6bzro42e
BitDefenderThetaGen:NN.ZemsilF.34628.Lm0@amypgDo
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_FRS.VSNTCJ21
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
FireEyeGeneric.mg.97aa9a2cc76d429a
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
AviraTR/AD.Remcos.amdhe
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:MSIL/AgentTesla!MTB
ArcabitTrojan.Generic.D22D8019
GDataTrojan.GenericKD.36536345
AhnLab-V3Malware/Win32.Generic.C4384859
McAfeeRDN/Generic.hbg
MAXmalware (ai score=86)
MalwarebytesSpyware.TelegramBot
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_FRS.VSNTCJ21
RisingBackdoor.Remcos!8.B89E (CLOUD)
YandexTrojan.AvsArher.bUaQs6
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.AACH!tr
AVGWin32:RATX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.Remcos.HwMAAz8A

How to remove MSIL/Kryptik.AACH?

MSIL/Kryptik.AACH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment