Malware

MSIL/GenKryptik.FDXT (file analysis)

Malware Removal

The MSIL/GenKryptik.FDXT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MSIL/GenKryptik.FDXT virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Attempts to create or modify system certificates
  • Unusual version info supplied for binary

Related domains:

z.whorecord.xyz
a.tomx.xyz
dz1337.blogspot.com

How to determine MSIL/GenKryptik.FDXT?


File Info:

crc32: 6FEE208E
md5: 4cbc3bd9259a7a125255d510ebec4849
name: 4CBC3BD9259A7A125255D510EBEC4849.mlw
sha1: ddcafef7cc9c05312f2ba6c6c75b7de21939979d
sha256: 294bc2ff7d0951ba272f859f8e62cdcd7679c52ea2fbd5d5d6531a4d17576c46
sha512: 4536e6d47394f485a129b527977c5707cdace6b63e823836a451b609813d69dbddc84a4a00bf385348f85e0278612e037fd632fb93bfeb11edb28fe6d2a81cbc
ssdeep: 1536:dt0lFv8geNHUa/Mfz4kwSWwf+w2214ExN6VgGvgR:deFhS0a/MfcOWwa21zxIgGvgR
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft DnoUNUCEPa
Assembly Version: 0.0.0.0
InternalName: Audio HDA_Encrypted.exe
FileVersion: 1.7.0.4
CompanyName: yGQccHat
ProductName: JovYydzTH
ProductVersion: 1.7.0.4
FileDescription:
OriginalFilename: Audio HDA_Encrypted.exe

MSIL/GenKryptik.FDXT also known as:

K7AntiVirusTrojan ( 00577bdc1 )
LionicTrojan.MSIL.Bladabindi.m!c
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
ALYacGen:Trojan.Mardom.PN.9
CylanceUnsafe
SangforBackdoor.MSIL.Bladabindi.gen
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaBackdoor:MSIL/Bladabindi.7e4fe82e
K7GWTrojan ( 00577bdc1 )
Cybereasonmalicious.9259a7
CyrenW32/Trojan.FYSO-0547
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/GenKryptik.FDXT
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderGen:Trojan.Mardom.PN.9
NANO-AntivirusTrojan.Win32.Bladabindi.imcmpa
MicroWorld-eScanGen:Trojan.Mardom.PN.9
Ad-AwareGen:Trojan.Mardom.PN.9
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZemsilF.34294.fm0@aKG9x5n
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R007C0PGP21
McAfee-GW-EditionBehavesLike.Win32.Generic.mz
FireEyeGeneric.mg.4cbc3bd9259a7a12
EmsisoftGen:Trojan.Mardom.PN.9 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/AD.Bladabindi.HX
eGambitUnsafe.AI_Score_97%
Antiy-AVLTrojan/Generic.ASMalwS.317AE74
MicrosoftBackdoor:MSIL/Bladabindi
GDataGen:Trojan.Mardom.PN.9
AhnLab-V3Trojan/Win32.Kryptik.C2820292
McAfeeArtemis!4CBC3BD9259A
MAXmalware (ai score=85)
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Downloader.MSIL.Generic
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R007C0PGP21
YandexTrojan.GenKryptik!m+biyfg8HiA
IkarusTrojan.MSIL.Krypt
MaxSecureTrojan.Malware.73686729.susgen
FortinetMSIL/Kryptik.GZF!tr
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml

How to remove MSIL/GenKryptik.FDXT?

MSIL/GenKryptik.FDXT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment