What is “MSIL/Kryptik.NYS”?

The MSIL/Kryptik.NYS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.NYS virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/Kryptik.NYS?


File Info:
name: A91C225B068556D8379A.mlw
path: /opt/CAPEv2/storage/binaries/063dc17b7df9d00e94f7f9a444b9327b51b960793010341f3b6aae6f4bd3964d
crc32: 848C36F1
md5: a91c225b068556d8379a5c1e8fd84708
sha1: 5b990efe0c083fe98c98f9fb46942cd30cd3528f
sha256: 063dc17b7df9d00e94f7f9a444b9327b51b960793010341f3b6aae6f4bd3964d
sha512: b64dfc18923b5b046b0c7ecf0ae61cd0d99f52ea9c31024d3ff02896d7bd8ecc98270522055db26e9ddbdf49dac07c3f74428400d0ad51c7804cd7eb840e6f24
ssdeep: 12288:9EiNqIcvr/xIy9iVvBFaMas9Oh2xt8fXkCPtEvAccZ2FBViGjhXzXZd:nyk5MhF2xtH67cS2L8Gjdzp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F605B4847F551F79D22E223AFA2E28057BFE88D98329EB3F6F3599D01C4225CDD51602
sha3_384: 8f2d3812f52c3f8d831e08b1d99053576bbbcea2c4865931672ad8a6e9c94d7b19e08631a6c2f756302f8c6b92673609
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-26 23:07:42

Version Info:
Translation: 0x0000 0x04b0
Comments: HHHHHHHHHHHHHHHHHHHHHHHHHSS
CompanyName: HHHHHHHHHHHHHHHHHHHHHHHHHSS
FileDescription: HHHHHHHHHHHHHHHHHHHHHHHHHSS
FileVersion: 1.0.0.0
InternalName: HHHHHHHHHHHHHHHHHHHHHHHHHSS.exe
LegalCopyright: HHHHHHHHHHHHHHHHHHHHHHHHHSS
LegalTrademarks: HHHHHHHHHHHHHHHHHHHHHHHHHSS
OriginalFilename: HHHHHHHHHHHHHHHHHHHHHHHHHSS.exe
ProductName: HHHHHHHHHHHHHHHHHHHHHHHHHSS
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.NYS also known as:

Lionic	Trojan.Win32.Generic.lLqd
DrWeb	Trojan.MulDrop19.9326
MicroWorld-eScan	Trojan.GenericKD.38131823
FireEye	Trojan.GenericKD.38131823
ALYac	Trojan.GenericKD.38131823
Malwarebytes	Malware.AI.3090647926
K7AntiVirus	Trojan ( 005302611 )
Alibaba	Backdoor:MSIL/Bladabindi.217ac97d
K7GW	Trojan ( 005302611 )
Cybereason	malicious.e0c083
BitDefenderTheta	Gen:NN.ZemsilF.34062.0m0@ay6WHQm
Symantec	Trojan Horse
ESET-NOD32	a variant of MSIL/Kryptik.NYS
TrendMicro-HouseCall	TROJ_GEN.R002H0DKR21
Paloalto	generic.ml
ClamAV	Win.Trojan.Bladbindi-1
Kaspersky	HEUR:Backdoor.MSIL.Bladabindi.gen
BitDefender	Trojan.GenericKD.38131823
SUPERAntiSpyware	Trojan.Agent/Gen-Faker
Ad-Aware	Trojan.GenericKD.38131823
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.38131823 (B)
Ikarus	Trojan.MSIL.Crypt
Avira	TR/Kryptik.lqqfl
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Backdoor:MSIL/Bladabindi.AN
ViRobot	Trojan.Win32.Z.Agent.858624.XF
GData	MSIL.Backdoor.Bladabindi.CW8W7T
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4790601
McAfee	Artemis!A91C225B0685
MAX	malware (ai score=83)
VBA32	TScope.Trojan.MSIL
Panda	Trj/GdSda.A
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/GenKryptik.BUQC!tr
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_100% (W)

How to remove MSIL/Kryptik.NYS?

MSIL/Kryptik.NYS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X