What is “MSIL/Kryptik.AFKG”?

The MSIL/Kryptik.AFKG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.AFKG virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Kryptik.AFKG?


File Info:
name: CF779DA7F718E72F18F9.mlw
path: /opt/CAPEv2/storage/binaries/b8f1bdfb75dd015e5991635bf2e6fc67d118785ce5ba2252866d773b771f24f5
crc32: 535B07B1
md5: cf779da7f718e72f18f9c22ae4148ae0
sha1: 5d799239162150686f2ed36735313423c469cdeb
sha256: b8f1bdfb75dd015e5991635bf2e6fc67d118785ce5ba2252866d773b771f24f5
sha512: 0e09f7843589711882807be2491b7c69a170e0c6bcd8e0d3cd63cc3b69f1bef9b683b1a6f6ebdf9d93b75b0ae66aaae520e49d034bfe315fdb7468696d7db75d
ssdeep: 24576:AhgtpnnzQ6kZExnyrKtY7q58zrknl+CymgTer6KH2OQS6zleZThMCFuYFqhpmLGR:xzniowiYAnl5yXzDOhxahHk66SP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188B5EF243EFE502EB273EF6A9BE8759B9A6FB7732B06505A106003874613E41CDD253D
sha3_384: 10e00e9721c0cf76d1372d15d9af0698d6d263205b450fceb3cf8c036fba4ef3a055bdf244d7949797f176fa11b7aca5
ep_bytes: ff250020400000000000000000000000
timestamp: 2098-03-17 11:45:07

Version Info:
Translation: 0x0000 0x04b0
CompanyName: WinFormApp
FileDescription: WinFormApp
FileVersion: 1.0.0.0
InternalName: WinFormApp.exe
LegalCopyright:  
OriginalFilename: WinFormApp.exe
ProductName: WinFormApp
ProductVersion: 1.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.AFKG also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILHeracles.42679
McAfee	GenericRXUD-WL!CF779DA7F718
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Trojan ( 00596f0f1 )
K7AntiVirus	Trojan ( 00596f0f1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AFKG
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
BitDefender	Gen:Variant.MSILHeracles.42679
Avast	Win32:CrypterX-gen [Trj]
Ad-Aware	Gen:Variant.MSILHeracles.42679
Sophos	Mal/Kryptik-BA
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Siggen9.56514
VIPRE	Gen:Variant.MSILHeracles.42679
McAfee-GW-Edition	BehavesLike.Win32.Generic.vm
FireEye	Generic.mg.cf779da7f718e72f
Emsisoft	Gen:Variant.MSILHeracles.42679 (B)
GData	Gen:Variant.MSILHeracles.42679
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.3E3F
Arcabit	Trojan.MSILHeracles.DA6B7
ZoneAlarm	HEUR:Backdoor.MSIL.Crysan.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5234598
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.34682.wo3@aueL5Cg
ALYac	Gen:Variant.MSILHeracles.42679
MAX	malware (ai score=87)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Trojan.Crypt.MSIL.Generic
Rising	Trojan.Generic/MSIL@AI.94 (RDM.MSIL:TiJ+2Zd2D4jS8HOXdKxkww)
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Injector.SHW!tr
AVG	Win32:CrypterX-gen [Trj]
Cybereason	malicious.7f718e

How to remove MSIL/Kryptik.AFKG?

MSIL/Kryptik.AFKG removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X