MSIL/GenKryptik.GXCC (file analysis)

The MSIL/GenKryptik.GXCC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/GenKryptik.GXCC virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/GenKryptik.GXCC?


File Info:
name: DF7044524C5012C33C17.mlw
path: /opt/CAPEv2/storage/binaries/0da1800be8c670332530e35f85cb045aea0b0c17e1d506b26780c7c1a3114d82
crc32: 92F9D4E6
md5: df7044524c5012c33c1739ac255bf37b
sha1: 88251c71cd906f8cef34b5e302d1f589328de74a
sha256: 0da1800be8c670332530e35f85cb045aea0b0c17e1d506b26780c7c1a3114d82
sha512: cd8fd70a158fc135d636a3c4959116e1da9e19877b9122e56b1275ac9bd3e225dc0940c3a55725a4166edfbf1912148ca8c76da9478ff96af37063079266a114
ssdeep: 12288:B9L+tRyZ71BkUncEzlKJTDBuwpV2IKbY:P+c78E8JTnpVz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E4A4D0B897D89939C3AF5B3FE0F12855CF32F46329D66349B4D291791C1BF802A5122B
sha3_384: 91f2e09f8236ef60477651c6489a8a34b2ea48296cb62e6206f764bf14ae5d8891509d487cb678eb77ac288fa270e3ff
ep_bytes: ff250020400000000000000000000000
timestamp: 2077-05-23 23:50:07

Version Info:
Translation: 0x0000 0x04b0
Comments: Microsoft Custom Dictionary Registration Tool
CompanyName: Microsoft Corporation
FileDescription: hwrreg
FileVersion: 6.1.0.0
InternalName: hwrreg.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: hwrreg.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.0.0
Assembly Version: 6.1.0.0

MSIL/GenKryptik.GXCC also known as:

Bkav	W32.AIDetectMalware.CS
tehtris	Generic.Malware
DrWeb	Trojan.Inject5.4721
MicroWorld-eScan	Trojan.GenericKD.72611669
Skyhigh	BehavesLike.Win32.Generic.gc
McAfee	Artemis!DF7044524C50
Cylance	unsafe
Sangfor	Trojan.Msil.Kryptik.Vww9
BitDefenderTheta	Gen:NN.ZemsilF.36804.Cm0@aqPcirb
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.GXCC
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Trojan.GenericKD.72611669
Avast	Win32:TrojanX-gen [Trj]
Tencent	Msil.Trojan-Spy.Stealer.Cdhl
Emsisoft	Trojan.GenericKD.72611669 (B)
VIPRE	Trojan.GenericKD.72611669
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.df7044524c5012c3
Sophos	Troj/Krypt-AFF
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=88)
Google	Detected
Varist	W32/MSIL_Kryptik.KXQ.gen!Eldorado
Kingsoft	malware.kb.c.902
Microsoft	Trojan:MSIL/FormBook.AFB!MTB
Arcabit	Trojan.Generic.D453F755
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	Trojan.GenericKD.72611669
AhnLab-V3	Trojan/Win.Generic.C5617074
ALYac	Trojan.GenericKD.72611669
Malwarebytes	Trojan.Crypt.MSIL
Panda	Trj/GdSda.A
Rising	Malware.Obfus/MSIL@AI.86 (RDM.MSIL2:deikLjlaO3IxaF57Z3zwjQ)
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ALLD!tr
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Trojan[spy]:MSIL/Stealer.gyf

How to remove MSIL/GenKryptik.GXCC?

MSIL/GenKryptik.GXCC removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X