Malware

MSIL/Kryptik.OM removal instruction

Malware Removal

The MSIL/Kryptik.OM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.OM virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Interacts with known DarkComet registry keys
  • Yara detections observed in process dumps, payloads or dropped files

How to determine MSIL/Kryptik.OM?



File Info:

name: 75066EFC0025247E3E59.mlw
path: /opt/CAPEv2/storage/binaries/5000d6b4daf1a4157cbbf0f8da56fc99335737f204156038dc1a53946575a473
crc32: 66430E9C
md5: 75066efc0025247e3e591de02f96508c
sha1: 87fc39783e0cdc1733aa0abec1070305b4f4eaba
sha256: 5000d6b4daf1a4157cbbf0f8da56fc99335737f204156038dc1a53946575a473
sha512: 451111ec407bda22f01822087b97ecf23b46f453032068c30ce0b81f9e4de4d0ab5a024d346c8acdab385f5128ee6d0c976696798b37c5eeaf4c0ce9d7513c18
ssdeep: 12288:aK2mhAMJ/cPleiLy5S446zelzhOVMU7TAjxpXtcWSYTbVA00:r2O/GleiLyJ47hOqOTAjXM+ZA00
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C056C52F389ACE9E80325B59C7ED9212047BE7D49B9510D764F722A96F334320A7E0F
sha3_384: 16e509671489da23fbeb71f10122388867b3de7078f774adf1d9214fb1422b3dfcd9068c86d17e1f81554946780b77b8
ep_bytes: e8e3feffff33c050505050e89f300000
timestamp: 2012-06-09 13:19:49


Version Info:

0: [No Data]

MSIL/Kryptik.OM also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Xegumumune.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Krypt.11
FireEyeGeneric.mg.75066efc0025247e
SkyhighBehavesLike.Win32.AgentTesla.bc
McAfeeArtemis!75066EFC0025
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Kryptik.Win32.4713018
SangforSpyware.Msil.Xegumumune.Vxij
K7AntiVirusTrojan ( 004f8a7d1 )
AlibabaTrojanSpy:MSIL/Xegumumune.7b43fb42
K7GWTrojan ( 004f8a7d1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.OM
APEXMalicious
AvastWin32:BackdoorX-gen [Trj]
CynetMalicious (score: 99)
KasperskyUDS:Trojan-Spy.MSIL.Xegumumune.gen
BitDefenderGen:Heur.MSIL.Krypt.11
NANO-AntivirusTrojan.Win32.Androm.dhyalx
TencentMsil.Trojan-Spy.Xegumumune.Qwhl
EmsisoftGen:Heur.MSIL.Krypt.11 (B)
F-SecureTrojan.TR/Dropper.MSIL.Gen
DrWebBackDoor.Comet.152
VIPREGen:Heur.MSIL.Krypt.11
SophosMal/Generic-S
Paloaltogeneric.ml
JiangminTrojan.Generic.ukku
GoogleDetected
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan/MSIL.Kryptik
KingsoftWin32.HeurC.KVM007.a
MicrosoftTrojan:Win32/Phonzy.A!ml
ArcabitTrojan.MSIL.Krypt.11 [many]
ZoneAlarmHEUR:Trojan-Spy.MSIL.Xegumumune.gen
GDataGen:Heur.MSIL.Krypt.11 (2x)
VaristW32/ABRisk.EDXN-3667
BitDefenderThetaGen:NN.ZemsilF.36804.im0@aatuDKii
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002H0DCU24
RisingMalware.FakePDF/ICON!1.9C3A (CLASSIC)
YandexTrojan.Kryptik!M+hyWteBsoY
IkarusBackdoor.Win32.Androm
MaxSecureTrojan.Malware.74266564.susgen
FortinetMSIL/Kryptik.OM!tr
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan[spy]:MSIL/Xegumumune.gen

How to remove MSIL/Kryptik.OM?

MSIL/Kryptik.OM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment