What is “MSIL/Kryptik.HES”?

The MSIL/Kryptik.HES is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.HES virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Kryptik.HES?


File Info:
name: B1B39C53B4C286E23CEB.mlw
path: /opt/CAPEv2/storage/binaries/11ffabe9703a094b5184abe3b218648945785fab45d6fdfd5f0862b6f454dbaf
crc32: 13EECF6A
md5: b1b39c53b4c286e23ceb745802a1610c
sha1: 5f4b9ee0db3ff1f9d6b097f011ef96f0746d4e1a
sha256: 11ffabe9703a094b5184abe3b218648945785fab45d6fdfd5f0862b6f454dbaf
sha512: c1adda96a6536c563bdb9a32112bd0286516580771766c0a2ab37f133d1a82d8122cbb04dfc6cd299a7896b0b44e19962b3700d9bc956abdb1f7bcdf2c06b2b8
ssdeep: 96:UCoMUakG85sPc1LHuhQNRq436f9kD5zW+W1ulMk8wtaS0Bfkm4zNt:UCDCt5sPc1LCQrqBfSD1WT1A918fRa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D2159C11666A7D22B5DBC527B813D102062291C94732972DDB98738FFAAF24F324DBDC
sha3_384: 45eac7c89a3e9838b00ea34256e644ac259765c6867fd098a4047f12cc4626c57820f49e0aa6d811d12c4e8ff5820f83
ep_bytes: ff250020400000000000000000000000
timestamp: 2074-05-01 21:24:07

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Force OP
FileVersion: 1.0.0.0
InternalName: Force OP.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Force OP.exe
ProductName: Force OP
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.HES also known as:

Lionic	Trojan.MSIL.Crypt.4!c
Cynet	Malicious (score: 100)
FireEye	Generic.mg.b1b39c53b4c286e2
McAfee	Artemis!B1B39C53B4C2
Cylance	Unsafe
K7AntiVirus	Trojan ( 004f760f1 )
K7GW	Trojan ( 004f760f1 )
CrowdStrike	win/malicious_confidence_80% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.HES
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.MSIL.Crypt.gen
BitDefender	Trojan.GenericKD.47593854
MicroWorld-eScan	Trojan.GenericKD.47593854
Avast	Win32:CrypterX-gen [Trj]
Tencent	Msil.Trojan.Crypt.Pezb
Ad-Aware	Trojan.GenericKD.47593854
Emsisoft	Trojan.GenericKD.47593854 (B)
DrWeb	Trojan.MulDrop19.13023
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Crypt
GData	MSIL.Backdoor.DCRat.7OGNL5
Avira	HEUR/AGEN.1129968
Microsoft	Trojan:Win32/Wacatac.B!ml
BitDefenderTheta	Gen:NN.ZemsilF.34084.2m0@aGqePyc
ALYac	Trojan.GenericKD.47593854
MAX	malware (ai score=83)
Malwarebytes	Trojan.Downloader.Pastebin
TrendMicro-HouseCall	TROJ_GEN.R002H0DL721
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Kryptik.HES!tr
AVG	Win32:CrypterX-gen [Trj]
Cybereason	malicious.0db3ff
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.300983.susgen

How to remove MSIL/Kryptik.HES?

MSIL/Kryptik.HES removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X