Malware

MSIL/Kryptik.BCB removal guide

Malware Removal

The MSIL/Kryptik.BCB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.BCB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine MSIL/Kryptik.BCB?



File Info:

name: 5E69F2464E333D5CA20F.mlw
path: /opt/CAPEv2/storage/binaries/63f1715dc0f1f317ae5d0f6df1b3cfeb81b0f917ac0439c1f876bd13a348a25f
crc32: CF42C1CB
md5: 5e69f2464e333d5ca20fe8fcdacbe21e
sha1: b69b494f0f7c34166e9f6e75dce62c01d5d8b6ba
sha256: 63f1715dc0f1f317ae5d0f6df1b3cfeb81b0f917ac0439c1f876bd13a348a25f
sha512: 8fbedaab03a47e863a603265a8d7a1256d782a3069e86c1888b758c4a7b10d95b0ef79a5a799f95c0e29ac3f10c7f0cf13d2574abcce03842d236c60cba2c103
ssdeep: 768:6HqsCs1T8oO70eNNpe0Bewh6uujNS3bUhrs3K7Bec9/l8IDc9+qfg+v3O:sqQ8R0AN96zjkbUhrseY2c9/fgoO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10E23CF4DBF91A681F86D5B3BC7A3E44D02F5AC58E566F73F26D02E801E5341CE28AD24
sha3_384: 8bc263d79ecba1a8caaad1138944bdc86257390cb930ebe3dfd1481ebfec5e7fbdc267309bacabf914017cf5820bc54f
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-27 09:21:59


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Server.exe
LegalCopyright:  
OriginalFilename: Server.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Kryptik.BCB also known as:

Elasticmalicious (high confidence)
McAfeeGenericRXJJ-NV!5E69F2464E33
MalwarebytesTrojan.Agent
Cybereasonmalicious.f0f7c3
CyrenW32/MSIL_Troj.FT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.BCB
APEXMalicious
CynetMalicious (score: 100)
SophosML/PE-A
McAfee-GW-EditionBehavesLike.Win32.Generic.ph
FireEyeGeneric.mg.5e69f2464e333d5c
AviraTR/Dropper.MSIL.Gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
Acronissuspicious
CylanceUnsafe
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.3B77C!tr
BitDefenderThetaGen:NN.ZemsilF.34294.dm0@a8NLYZj
CrowdStrikewin/malicious_confidence_100% (D)

How to remove MSIL/Kryptik.BCB?

MSIL/Kryptik.BCB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment