Malware

MSIL/Kryptik.AW removal instruction

Malware Removal

The MSIL/Kryptik.AW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.AW virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine MSIL/Kryptik.AW?



File Info:

name: E0A952F709C7DAF3B7E1.mlw
path: /opt/CAPEv2/storage/binaries/c2bd5c48752239d4b5e5908a64a613c0ab7e714c81a0bd2321dce5f2e5099b09
crc32: 3876C666
md5: e0a952f709c7daf3b7e1a2759b79e657
sha1: 08a09c9f870e7ac281ee5b66e1e353e17c722bc7
sha256: c2bd5c48752239d4b5e5908a64a613c0ab7e714c81a0bd2321dce5f2e5099b09
sha512: 473f8a035eacb155a8463b1b617a293de34f3028ba336f061669bdf253e0600f73e720a98caefdacf27d3bb95afd85c2a09647e685825588a9e3a336cc9afd93
ssdeep: 1536:2dHqvZkIpFEylRzO9D3ZRiZMvxq49KMdHgCBuZGKB31Imn3ogY+lKTwBoGs4dx/Q:mIS/089tRlr9VgC6Y+3og1E1r4znzLpS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DDC38B7831B18218C0926F3A9907D2B072657CF0922757F75FF45F018EE526A5E3EAD2
sha3_384: 54642e0c400fff202d3e003cfc5b6412785c816df669ee886e1e639fa0ca2c24f35c596cf1fcbdf4eea20ab05ed73013
ep_bytes: ff250020400000000000000000000000
timestamp: 2012-09-20 08:39:34


Version Info:

Translation: 0x0000 0x04b0
Comments: Microsoft
CompanyName: Microsoft
FileDescription: AppCos
FileVersion: 4.5.1.5
InternalName: AppCos.exe
LegalCopyright: Copyright © Microsoft 2012
OriginalFilename: AppCos.exe
ProductName: AppCos
ProductVersion: 4.5.1.5
Assembly Version: 2.3.4.1

MSIL/Kryptik.AW also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.MSIL.Injector.W
FireEyeGeneric.mg.e0a952f709c7daf3
CAT-QuickHealPUA.GenericFC.S6060348
ALYacTrojan.MSIL.Injector.W
MalwarebytesMalware.AI.2514576917
K7AntiVirusTrojan ( 004e7c0a1 )
AlibabaTrojanSpy:Win32/Kryptik.6683000a
K7GWTrojan ( 004e7c0a1 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.Generic.BUET
CyrenW32/MSIL_Troj.BXH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.AW
APEXMalicious
ClamAVWin.Trojan.Agent-399145
KasperskyHEUR:Trojan-Spy.Win32.Generic
BitDefenderTrojan.MSIL.Injector.W
NANO-AntivirusTrojan.Win32.Win32.dbypjs
TencentMalware.Win32.Gencirc.10b9ab57
Ad-AwareTrojan.MSIL.Injector.W
EmsisoftTrojan.MSIL.Injector.W (B)
ComodoMalware@#3gq5f0j56aii5
DrWebTrojan.PWS.Stealer.715
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_AGENT_050851.TOMB
McAfee-GW-EditionGenericRXGV-FJ!E0A952F709C7
SophosMal/Generic-S
IkarusBackdoor.Win32.Xtrat
GDataTrojan.MSIL.Injector.W
JiangminBackdoor/Azbreg.qv
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Backdoor]/Win32.Poison
KingsoftWin32.Hack.Poison.av.(kcloud)
ZoneAlarmHEUR:Trojan-Spy.Win32.Generic
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Xorist.R37229
BitDefenderThetaGen:NN.ZemsilF.34212.hq3@aeEN35k
MAXmalware (ai score=100)
VBA32Hoax.Xorist
PandaGeneric Malware
TrendMicro-HouseCallTROJ_AGENT_050851.TOMB
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:ak8DLvKYk4IH2tDYnXXXUg)
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Kryptik.VS!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.709c7d
AvastWin32:TrojanX-gen [Trj]

How to remove MSIL/Kryptik.AW?

MSIL/Kryptik.AW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment