Malware

MSIL/Kryptik.IC removal instruction

Malware Removal

The MSIL/Kryptik.IC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.IC virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Created a process from a suspicious location
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine MSIL/Kryptik.IC?



File Info:

name: AC709D97E45584657BEB.mlw
path: /opt/CAPEv2/storage/binaries/7858d400aac7b481e07b24d5b228aadb340850583291c03f7e0774eb143795d0
crc32: 282D47EF
md5: ac709d97e45584657beb88943b93f164
sha1: 01698cbeaf7943d7425d1d9b6c2d9af7f3f020a1
sha256: 7858d400aac7b481e07b24d5b228aadb340850583291c03f7e0774eb143795d0
sha512: b9dce84e30f9ff76ef9fa63aae105195324edd368b2de81eaf237053945554e00c2b5445134769cc2e28e7f393c752547b2fcf0da352f4e45bbb49725bf14671
ssdeep: 24576:aGifZ7WLax5qRNXYMkPGhJ9j+UFaQcmp:aGih7WLUQPXtkPGhJ9j+UFD9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16235074BFA545B26C12B6D73C8966C3C42D9CA9F5F07DB0BB6A8172863123FC935214E
sha3_384: 55e0ea36696eaa75d776009bd25a4971fb326d1f638bf8ad7404c7480fe29ef070add5788835908999f0a31f65db871c
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-12-30 00:29:31


Version Info:

Translation: 0x0000 0x04b0
Comments: RPX 1.3.4399.43191
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Server.exe
LegalCopyright:  
OriginalFilename: Server.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Kryptik.IC also known as:

LionicTrojan.MSIL.Zapchast.mffw
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Bladabindi.1
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00528cb81 )
K7GWTrojan ( 00528cb81 )
Cybereasonmalicious.7e4558
VirITTrojan.Win32.MSIL6.YHM
CyrenW32/MSIL_Troj.FT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.IC
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Phny.gen
BitDefenderGen:Heur.MSIL.Bladabindi.1
NANO-AntivirusTrojan.Win32.Agent.cwxren
AvastMSIL:GenMalicious-AAS [Trj]
TencentMsil.Trojan.Phny.Lorg
EmsisoftGen:Heur.MSIL.Bladabindi.1 (B)
DrWebBackDoor.Bladabindi.1056
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.tm
FireEyeGeneric.mg.ac709d97e4558465
SophosML/PE-A + Mal/MSIL-PU
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.cdcn
AviraHEUR/AGEN.1235988
Antiy-AVLTrojan/Generic.ASMalwS.DB229C
MicrosoftBackdoor:Win32/Bladabindi!ml
ZoneAlarmHEUR:Trojan.MSIL.Phny.gen
GDataGen:Heur.MSIL.Bladabindi.1
CynetMalicious (score: 100)
McAfeeArtemis!AC709D97E455
MAXmalware (ai score=80)
MalwarebytesBackdoor.NJBot
RisingTrojan.Generic/MSIL@AI.90 (RDM.MSIL:iabKNa7IU2IWx6fdT9F5mA)
YandexTrojan.Zapchast!hlfOX1aOO3o
IkarusTrojan.MSIL.Zapchast
eGambitUnsafe.AI_Score_100%
FortinetW32/Zapchast.UUAA!tr
BitDefenderThetaGen:NN.ZemsilF.34182.gn0@aGCXKWc
AVGMSIL:GenMalicious-AAS [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove MSIL/Kryptik.IC?

MSIL/Kryptik.IC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment