Malware

What is “MSIL/Kryptik.AGFW”?

Malware Removal

The MSIL/Kryptik.AGFW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.AGFW virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid

How to determine MSIL/Kryptik.AGFW?



File Info:

name: 69E4D5C0AAF46A2F68C6.mlw
path: /opt/CAPEv2/storage/binaries/9e67ad6c3093dc48926be2f660b02adae73607f69cfe151e14ff43fe92dde243
crc32: 1CA86EFD
md5: 69e4d5c0aaf46a2f68c6c97967f0ff59
sha1: d544ffe584c4358f5ee2e6c2fb4fba08100adc82
sha256: 9e67ad6c3093dc48926be2f660b02adae73607f69cfe151e14ff43fe92dde243
sha512: b98d18686ea7fa8fcbb3a61c43cf746ed1d1fab96532f1939710119781a4455078a09a61efe7577d00ab2ee84181d98732c0c58fb7f749a4e0004409af26e01c
ssdeep: 192:zgB//SkqnWB3ObCfY1TTgJMRqIcuuuYN:EBHfB3OogTEKRy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AA3272907394DE66E46B0EB2D8A5DAF1023DFE50EC72A64F38C03F0F34B13556521A92
sha3_384: 52e383b17ec8877d46fd2e5c9bb17c5075a88838d364dd9d6e36d6f758fe67076847d71aefa36073bfcb915f3dff553b
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-26 13:37:44


Version Info:

Translation: 0x0000 0x04b0
Comments: Adobe Acrobat DC 
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Acrobat DC 
FileVersion: 19.10.20069.49826
InternalName: Request list.exe
LegalCopyright: Copyright 1984-2018 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks: 
OriginalFilename: Request list.exe
ProductName: Adobe Acrobat DC
ProductVersion: 19.10.20069.49826
Assembly Version: 19.10.20069.49826

MSIL/Kryptik.AGFW also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanGen:Trojan.Heur.IEC.908d4036d15
FireEyeGeneric.mg.69e4d5c0aaf46a2f
ALYacGen:Trojan.Heur.IEC.908d4036d15
VIPREGen:Trojan.Heur.IEC.908d4036d15
Cybereasonmalicious.0aaf46
SymantecMSIL.Downloader!gen8
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik.AGFW
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.MSIL.NanoBot.gen
BitDefenderGen:Trojan.Heur.IEC.908d4036d15
AvastWin32:PWSX-gen [Trj]
Ad-AwareGen:Trojan.Heur.IEC.908d4036d15
EmsisoftGen:Trojan.Heur.IEC.908d4036d15 (B)
McAfee-GW-EditionRDN/Generic Downloader.x
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.IEC.908d4036d15
MAXmalware (ai score=89)
ArcabitTrojan.Heur.IEC.908d4036d15
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Generic.C5228991
McAfeeArtemis!69E4D5C0AAF4
MalwarebytesTrojan.Injector
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:VSDzF/FB+has5UfVqqD4Sg)
BitDefenderThetaAI:Packer.AADB81EC1F
AVGWin32:PWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/Kryptik.AGFW?

MSIL/Kryptik.AGFW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment