Malware

MSIL/Kryptik.ACYP removal guide

Malware Removal

The MSIL/Kryptik.ACYP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MSIL/Kryptik.ACYP virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Attempts to connect to a dead IP:Port (5 unique times)
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Uses Windows utilities for basic functionality
  • Steals private information from local Internet browsers
  • Writes a potential ransom message to disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

www.listincode.com
ocsp.digicert.com
statuse.digitalcertvalidation.com
iplogger.org
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com
www.iyiqian.com
www.cjnovone.top

How to determine MSIL/Kryptik.ACYP?


File Info:

crc32: D2347E2B
md5: 7af5ad513fa14c6a077cf36cb21a46f7
name: 7AF5AD513FA14C6A077CF36CB21A46F7.mlw
sha1: e3cb4bbfa04122dbe92a6210d9e8ca1c69916037
sha256: 43e97c2a74384bc77f21a7ee537ae09639431529ce21782ccd8a7581543f3383
sha512: 23d2a07366dae11d803009829e6b756e8df82d9f3ed09a3c880fa72e5bbf1357b4ec25599bd6129bc4318c5e62a78304ce34ddc7110ececb27f41dfef44e0762
ssdeep: 24576:ZRp2fYlh5hJYrsWSlTeTmvL26IZX8W6jO2okW1negMdwpVX:rp1v1ji5jtF1nQept
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2019
FileVersion: 1.0.0.1
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

MSIL/Kryptik.ACYP also known as:

Elasticmalicious (high confidence)
ALYacGen:Variant.Strictor.256637
CylanceUnsafe
BitDefenderGen:Variant.Strictor.256637
Cybereasonmalicious.67b5de
CyrenW32/MSIL_Kryptik.FRV.gen!Eldorado
SymantecScr.Malcode!gdn30
ESET-NOD32a variant of MSIL/Kryptik.ACYP
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Backdoor.MSIL.Androm.gen
MicroWorld-eScanGen:Variant.Strictor.256637
Ad-AwareGen:Variant.Strictor.256637
BitDefenderThetaGen:NN.ZemsilF.34170.gn0@a0fmkOo
FireEyeGeneric.mg.f8fe57167b5de800
EmsisoftGen:Variant.Strictor.256637 (B)
SentinelOneStatic AI – Malicious PE
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GridinsoftTrojan.Win32.Injector.ad!i
GDataGen:Variant.Strictor.256637
AhnLab-V3Trojan/Win32.Generic.R110881
MAXmalware (ai score=85)
IkarusTrojan.Inject
FortinetMSIL/Kryptik.ACYI!tr

How to remove MSIL/Kryptik.ACYP?

MSIL/Kryptik.ACYP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment