MSIL/Kryptik.AGHA removal guide

The MSIL/Kryptik.AGHA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.AGHA virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/Kryptik.AGHA?


File Info:
name: AA3CF7DE7843162C96BB.mlw
path: /opt/CAPEv2/storage/binaries/251c6f0553911b75239d27a9b34b57921a29999073fdb583507ec78705f25bde
crc32: BB9127F6
md5: aa3cf7de7843162c96bba45d391e5f18
sha1: c242b93901a6cd875a03da135fbfa97eba3387ac
sha256: 251c6f0553911b75239d27a9b34b57921a29999073fdb583507ec78705f25bde
sha512: ebd8e95453ef3833dbd814ba516f61da6280f772aa75dccfabb3d49fb12f1436022ad52cabce6f0cdb382cd8b2dbd50ab0c653a2a666e39458ba1fb29805ba6e
ssdeep: 24576:e3Z58ckSgC0san2NvACSYJW1wW+0NewFLzqsipIdUz8XT:eJ585i0sHhmb+XMLldQI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15B25121C82A64B19F9BD0B7452F0920243727B096833D31F4DD1F9F56EEA766861BF0A
sha3_384: 5c451037012941548f9f35b2cebae05d31432afde2bf2dcb20d9c4cb52fdfd5d68f13f1e62386fdaef1c6d0737eb1839
ep_bytes: ff250020400000000000010000000200
timestamp: 2022-08-31 03:51:14

Version Info:
Translation: 0x0000 0x04b0
Comments: Trending Machine
CompanyName: Susie's Casuals
FileDescription: CAN-SAT
FileVersion: 5.0.0.0
InternalName: oLCB.exe
LegalCopyright: Copyright © Susie's Casuals 2014
LegalTrademarks: Susie's
OriginalFilename: oLCB.exe
ProductName: CAN-SAT
ProductVersion: 5.0.0.0
Assembly Version: 5.0.0.0

MSIL/Kryptik.AGHA also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Maria.3
MicroWorld-eScan	Trojan.GenericKD.61632406
FireEye	Trojan.GenericKD.61632479
McAfee	Artemis!AA3CF7DE7843
Cylance	Unsafe
Sangfor	Infostealer.Win32.Agent.Vwdi
K7AntiVirus	Trojan ( 0059794c1 )
Alibaba	Trojan:Win32/Kryptik.ali2000016
K7GW	Trojan ( 0059794c1 )
CrowdStrike	win/malicious_confidence_90% (W)
Cyren	W32/MSIL_Kryptik.HYO.gen!Eldorado
Symantec	Scr.Malcode!gdn34
ESET-NOD32	a variant of MSIL/Kryptik.AGHA
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.MSIL.Noon.gen
BitDefender	Trojan.GenericKD.61632479
Avast	Win32:PWSX-gen [Trj]
Tencent	Msil.Trojan-Spy.Noon.Htgl
Ad-Aware	Trojan.GenericKD.61632479
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Google	Detected
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Backdoor.Remcos.JSANDZ
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Injection.C5230348
VBA32	OScope.Trojan.MSIL.Remcos.gen
MAX	malware (ai score=87)
Malwarebytes	MachineLearning/Anomalous.97%
TrendMicro-HouseCall	TROJ_GEN.R002H0CHV22
Rising	Spyware.Noon!8.E7C9 (CLOUD)
Ikarus	Trojan-Spy.BluStealer
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:PWSX-gen [Trj]

How to remove MSIL/Kryptik.AGHA?

MSIL/Kryptik.AGHA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X