Malware

What is “MSIL/Kryptik.IMR”?

Malware Removal

The MSIL/Kryptik.IMR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.IMR virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Accessed credential storage registry keys

How to determine MSIL/Kryptik.IMR?



File Info:

name: 4EEC30ECA6D41F075244.mlw
path: /opt/CAPEv2/storage/binaries/acacfc2432c290dfff8141322356b7e6930b81a1ca2722a13cde84f3d30334c1
crc32: DC35C9B5
md5: 4eec30eca6d41f0752443d1b8fa9ab78
sha1: dcfdf8ef2130936c8c05d7cfcf9461a3af9f5202
sha256: acacfc2432c290dfff8141322356b7e6930b81a1ca2722a13cde84f3d30334c1
sha512: 27c5aa8f05c6ba8623184e3ab213867e0bd66ce6bf4ac1c8772639973794ee22896c0b287d2d01a2f84007b3b9640471cfc4e900a30167409a8e7681739e2f33
ssdeep: 24576:EHFNlUKX+MOhXait3ks5DDDxuHFNlUKX+MOhXait3ks5DDDx:WlpuM6vks5DDDxUlpuM6vks5DDDx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F9855A417792C416C0A7EF768D91C2E89261BC03ED03E70778D13BAF29B63CE5589E66
sha3_384: d223a955d248f97b6e615a020a6997e27e95924bbfef477246dd226ea65e10df4dacf009bbd79f607e53977d3b466faf
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-03-01 18:41:42


Version Info:

CompanyName: VMware, Inc.
FileDescription: VMware Authorization Service
FileVersion: 12.5.2 build-4638234
InternalName: vmauthd
LegalCopyright: Copyright © 1998-2016 VMware, Inc.
OriginalFilename: vmware-authd.exe
ProductName: VMware Workstation
ProductVersion: 12.5.2 build-4638234
Translation: 0x0409 0x04b0

MSIL/Kryptik.IMR also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Inject2.50408
MicroWorld-eScanGen:Variant.MSILPerseus.80357
FireEyeGeneric.mg.4eec30eca6d41f07
CAT-QuickHealTrojan.GenerFC.S16691123
McAfeeGenericRXBB-VR!4EEC30ECA6D4
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1130213
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.ca6d41
BitDefenderThetaGen:NN.ZemsilF.34062.On3@a0qeAZj
CyrenW32/Kryptik.U.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.IMR
APEXMalicious
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderGen:Variant.MSILPerseus.80357
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.11d9faa2
Ad-AwareGen:Variant.MSILPerseus.80357
SophosML/PE-A + Troj/NanoCor-KX
TrendMicroTROJ_KRYPTIK_GC1600C4.UVPM
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
EmsisoftGen:Variant.MSILPerseus.80357 (B)
IkarusTrojan.MSIL.Crypt
JiangminTrojan.MSIL.ftge
AviraHEUR/AGEN.1109130
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.1ECA1BD
MicrosoftBackdoor:MSIL/Bladabindi.AJ
GDataGen:Variant.MSILPerseus.80357
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.MSILKrypt.R210547
VBA32Trojan.Inject
ALYacGen:Variant.MSILPerseus.80357
MalwarebytesMalware.AI.476412889
TrendMicro-HouseCallTROJ_KRYPTIK_GC1600C4.UVPM
YandexTrojan.Kryptik!xq8YK0aKqDo
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Kryptik.IMR!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_80% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/Kryptik.IMR?

MSIL/Kryptik.IMR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment