MSIL/GenKryptik.FWLM malicious file

The MSIL/GenKryptik.FWLM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/GenKryptik.FWLM virus can do?

Presents an Authenticode digital signature
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine MSIL/GenKryptik.FWLM?


File Info:
name: 6FC2264616BDAAA97115.mlw
path: /opt/CAPEv2/storage/binaries/8fb75ebea42491eb03da94230afa9855bd3207d1d2d3d2cff843f497a5dc4b7b
crc32: 8762C379
md5: 6fc2264616bdaaa97115ebe30a54fbb8
sha1: 8f3cf8fa1b72b4b2822303a4f611aae766833385
sha256: 8fb75ebea42491eb03da94230afa9855bd3207d1d2d3d2cff843f497a5dc4b7b
sha512: 11b6545ad778dfdcac83312c4d9700a03a8bf460a590f4447d0f7081db6b7ca77926c0aa83525135064be2399f43fd0bc02c25d20077aaedd2f4025ab0477fe8
ssdeep: 6144:6kYtGLsyiUwz4ABDJfvRJXAek8GbhU+1aIQTdie:pYgqBFhM8OU+1aIQTdie
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FDC60A3C2CB9523BA169E6AD8FE58427F450E167F221D9349DD387854737C822ACB07E
sha3_384: e7f929fd647e0da79dce6c8000ff535fdd5c40a90d0826194aa78ae00d0bcc583ad99b3c49690886962c4dcc1dbf2f0d
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-06-23 11:49:10

Version Info:
Translation: 0x0000 0x04b0
FileDescription: tokyo_ghoul
FileVersion: 0.0.0.0
InternalName: houseboat.exe
LegalCopyright: Abdhshba | All Copyradsdvxzc
OriginalFilename: houseboat.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/GenKryptik.FWLM also known as:

Lionic	Trojan.MSIL.Stealer.l!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.50556467
FireEye	Generic.mg.6fc2264616bdaaa9
ALYac	Trojan.GenericKD.50556467
Cylance	Unsafe
VIPRE	Trojan.GenericKD.50556467
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:MSIL/Stealer.d57598fe
K7GW	Trojan ( 00594b241 )
K7AntiVirus	Trojan ( 00594b241 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/GenKryptik.FWLM
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Trojan.GenericKD.50556467
Avast	Win32:PWSX-gen [Trj]
Tencent	Msil.Trojan.Genkryptik.Wtxq
Ad-Aware	Trojan.GenericKD.50556467
Emsisoft	Trojan.GenericKD.50556467 (B)
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Siggen18.17043
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.Agent
GData	Win32.Trojan-Stealer.Cordimik.0A3IJ3
Avira	TR/Dropper.Gen
Arcabit	Trojan.Generic.D3036E33
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Infostealer/Win.RedLine.C5179125
Acronis	suspicious
McAfee	Artemis!6FC2264616BD
MAX	malware (ai score=89)
TrendMicro-HouseCall	TROJ_GEN.R002H0AG122
Rising	Stealer.Agent!8.C2 (CLOUD)
SentinelOne	Static AI – Malicious PE
Fortinet	PossibleThreat
BitDefenderTheta	Gen:NN.ZemsilF.34742.@p3@aW9RDRp
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.a1b72b

How to remove MSIL/GenKryptik.FWLM?

MSIL/GenKryptik.FWLM removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X