Malware

MSIL/Kryptik.OKZ removal guide

Malware Removal

The MSIL/Kryptik.OKZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.OKZ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine MSIL/Kryptik.OKZ?



File Info:

name: 80BECCA736C04E319464.mlw
path: /opt/CAPEv2/storage/binaries/480c0f9cf4990bd02c948e9a1d88ec5b90b78e8f99962732e2bf4bdde634c6c7
crc32: 6AF8170E
md5: 80becca736c04e31946496a4eb1d479c
sha1: dcfab3b98178df89b87c453292d8f1439e46924c
sha256: 480c0f9cf4990bd02c948e9a1d88ec5b90b78e8f99962732e2bf4bdde634c6c7
sha512: 8ac26bf8f2215faeafbb46f7a18e7ca123c8ccf50c15721735cf44988fbcb832db1ab3093f7a29e0a10ce4f35621dfc49683d889d7304083b006d663b9a35857
ssdeep: 3072:NExOrSEtw1uR5xfjvX5Gu78NgET1yd6CA/F:NlrDljf18NgET1iA/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15F14D803359C41D7CE7C06B3B457B16D38D8AADA67678097BFCA33E14061B92CA6F918
sha3_384: 35ed61098106c794f6b4e405437780fb7cea82bc64a1b041930b4b66577c1beb5d286aff0f3cfd07712a8a61fea05e4e
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-01-30 21:52:40


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft
FileDescription: skype
FileVersion: 1.0.0.0
InternalName: skype.exe
LegalCopyright: Copyright © Microsoft 2018
LegalTrademarks: 
OriginalFilename: skype.exe
ProductName: skype
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.OKZ also known as:

LionicTrojan.MSIL.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
FireEyeGeneric.mg.80becca736c04e31
McAfeeArtemis!80BECCA736C0
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.MSIL.Generic.ky
K7AntiVirusTrojan ( 00525c001 )
AlibabaTrojan:MSIL/Kryptik.8280d569
K7GWTrojan ( 00525c001 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.OKZ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderGen:Variant.Ursu.836470
NANO-AntivirusTrojan.Win32.Bladabindi.exlfsf
MicroWorld-eScanGen:Variant.Ursu.836470
AvastWin32:Malware-gen
TencentMsil.Trojan.Generic.Dztu
Ad-AwareGen:Variant.Ursu.836470
ComodoMalware@#oohsd87z8sza
DrWebBackDoor.Bladabindi.13678
ZillyaBackdoor.PePatch.Win32.109319
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Ursu.836470 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.836470
AviraTR/AD.Bladabindi.hpqrl
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.244949A
MicrosoftBackdoor:MSIL/Bladabindi
BitDefenderThetaGen:NN.ZemsilF.34084.mm0@aubrsHf
ALYacGen:Variant.Ursu.836470
VBA32Backdoor.Bladabindi
IkarusTrojan.SuspectCRC
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.1575729!tr
AVGWin32:Malware-gen
Cybereasonmalicious.736c04
PandaTrj/GdSda.A

How to remove MSIL/Kryptik.OKZ?

MSIL/Kryptik.OKZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment