Malware

MSIL/Kryptik.IYI malicious file

Malware Removal

The MSIL/Kryptik.IYI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.IYI virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself

How to determine MSIL/Kryptik.IYI?



File Info:

crc32: 3E6DD29E
md5: 5f471ef1704b9a6d2699b332239845e1
name: 5F471EF1704B9A6D2699B332239845E1.mlw
sha1: ea84bebadee60b942e149599fc115ef22574a110
sha256: 42b2b151ca62e11aa4c5b0615d1ae7902ffcbe68dea16e43c6753a93056b419c
sha512: 5a1f177c8d8e83ad9cf679ec11d83d91c4e67117cff3f71c34ad42a6af8efc4294620852cba9400cb14a306e6923b9a2338f447fcf841f5f270afca18a157aeb
ssdeep: 24576:aTIdxW62KaSkdJes6XiruDiz38Ju9KDA6gMHDw3DyzdyD4Lc2Nrf6u0o6v1EMxc:MHdJes6YPzsJuqDw+Qk6v1EMc
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2007
InternalName: Steam Application launcher
FileVersion: 1, 0, 0, 1
CompanyName: Valve Corporation
Comments: Steam Application launcher
ProductName: Steam Application launcher
ProductVersion: 1, 0, 0, 1
FileDescription: Steam Application launcher
OriginalFilename: appid_0000.exe
Translation: 0x0409 0x04b0

MSIL/Kryptik.IYI also known as:

K7AntiVirusTrojan ( 700000121 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen7.19547
CynetMalicious (score: 100)
ALYacGen:Variant.Razy.757658
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.37878
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojan:MSIL/Kryptik.9c032759
K7GWTrojan ( 700000121 )
Cybereasonmalicious.1704b9
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.IYI
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.757658
NANO-AntivirusTrojan.Win32.Blocker.epklwq
MicroWorld-eScanGen:Variant.Razy.757658
TencentMalware.Win32.Gencirc.10bb50d8
Ad-AwareGen:Variant.Razy.757658
SophosMal/Generic-S
ComodoMalware@#1zdsguhzgvjz1
BitDefenderThetaGen:NN.ZemsilF.34670.Dn0@aicktVf
VIPRETrojan.Win32.Generic!BT
TrendMicroRANSOM_CRYPBLOCKER_GD28001A.UVPM
McAfee-GW-EditionGenericRXBJ-RN!5F471EF1704B
FireEyeGeneric.mg.5f471ef1704b9a6d
EmsisoftGen:Variant.Razy.757658 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Blocker.gvn
AviraHEUR/AGEN.1120515
eGambitUnsafe.AI_Score_96%
MicrosoftTrojan:Win32/Vagger!rfn
ArcabitTrojan.Razy.DB8F9A
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.Razy.757658
AhnLab-V3Trojan/Win32.Blocker.C2014255
McAfeeGenericRXBJ-RN!5F471EF1704B
MAXmalware (ai score=100)
VBA32Trojan-Ransom.Blocker
MalwarebytesMalware.AI.1846047567
PandaTrj/GdSda.A
TrendMicro-HouseCallRANSOM_CRYPBLOCKER_GD28001A.UVPM
RisingRansom.Blocker!8.12A (CLOUD)
YandexTrojan.Blocker!VlOz9tgdTuY
IkarusTrojan.MSIL.Krypt
MaxSecureWin.MxResIcn.Heur.Gen
FortinetMSIL/Generic.AP.C3FA0!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HwMAEpsA

How to remove MSIL/Kryptik.IYI?

MSIL/Kryptik.IYI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment