Malware

MSIL/GenKryptik.GTYA removal instruction

Malware Removal

The MSIL/GenKryptik.GTYA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/GenKryptik.GTYA virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine MSIL/GenKryptik.GTYA?



File Info:

name: 18570DE4E590AFB8B34C.mlw
path: /opt/CAPEv2/storage/binaries/9f11aad24dc8b40214cda13897eb934f0fe6ab985e056bea71b1310a120d00d2
crc32: D95946FA
md5: 18570de4e590afb8b34cec66d1a10cfe
sha1: 563bd0e88d9de39d87dd2dddb3ce0921f14a5a78
sha256: 9f11aad24dc8b40214cda13897eb934f0fe6ab985e056bea71b1310a120d00d2
sha512: 67fe8133c7d59727d0c6b3ddfb7022198991632fa39b1a092f8db2d1deb57cef48949321244ae44a2fa8c7a3906cb42092db63c5123437ffeb1bb50e74a553ba
ssdeep: 6144:3DKW1Fgbdl0TBBvjc/t+kOJnjeTtipQWUwtZj0mErDi0+gzhbm4:zh1Fk70TnvjcFGJstiswtZ3ErDi09K4
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T135B4012671C1C1B3C8B3153444E5CB399A7930615BBA96D7BB8C5BBA6F203D2A3352CD
sha3_384: c8c56d41f7753130f91c2d57e3621c2b5e7ad8d3089d0f52caa0ab4f3322547f0eea3a4709d81816c3d18c55e5563af4
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2012-07-13 22:47:16


Version Info:

Translation: 0x0000 0x04b0
Comments: Printed Lunchmeat
CompanyName: Britts Muscatel Unthrones
FileDescription: Production Untethered Demobilize Escapologist
FileVersion: 1.0.0.0
InternalName: Chemistry.exe
LegalCopyright: Copyright 2023
OriginalFilename: Chemistry.exe
ProductName: Republishes Mongrelly
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/GenKryptik.GTYA also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
SkyhighArtemis!Trojan
Cylanceunsafe
SangforTrojan.Win32.Agent.Vwqu
CrowdStrikewin/malicious_confidence_60% (D)
AlibabaTrojan:MSIL/GenKryptik.2535bb0d
K7GWTrojan ( 005b1a151 )
K7AntiVirusTrojan ( 005b1a151 )
BitDefenderThetaGen:NN.ZexaF.36744.Hq2@a0oEhg
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/GenKryptik.GTYA
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
AvastWin32:Malware-gen
TencentWin32.Trojan.FalseSign.Unkl
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GoogleDetected
Kingsoftmalware.kb.a.848
ZoneAlarmUDS:DangerousObject.Multi.Generic
McAfeeArtemis!18570DE4E590
VBA32Trojan.Dynara
MalwarebytesTrojan.Crypt
RisingTrojan.Generic@AI.100 (RDML:9hhwEQOZAlgQE50YCV8D/A)
IkarusTrojan.MSIL.RedLine
AVGWin32:Malware-gen

How to remove MSIL/GenKryptik.GTYA?

MSIL/GenKryptik.GTYA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment