About “MSIL/Kryptik.PUY” infection

The MSIL/Kryptik.PUY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.PUY virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/Kryptik.PUY?


File Info:
name: 0DC69B46438ABD6D7700.mlw
path: /opt/CAPEv2/storage/binaries/252f49e709d6cd514715b8b5fb7a5ff4fb5d92da9c09ad570a8a3359e94f0175
crc32: B4F55584
md5: 0dc69b46438abd6d7700686fd4cc14a2
sha1: 25cbf44109b2a1191abccb1f42f4dd70fbd71412
sha256: 252f49e709d6cd514715b8b5fb7a5ff4fb5d92da9c09ad570a8a3359e94f0175
sha512: 6657eb415e6b44de3211a0de53f84343c23f3b9b95697a9b4802b41163d8f180092de761e69dc09d4bb2152b8c43a759e15842a3dfe9df6d4ab5a34e6a5e5188
ssdeep: 49152:G+jLZlei7w/DYpfFMzM//DKd4/8HuDJX:G+Dp7wc9IMnDoG8sJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13AA59C5776648E00C2312232C0DB866047E46F912762E616F98F739B1E12BAFFD5E1DE
sha3_384: a67591832ad16b55f7fe95dd80d754c6e34626fc44d79bbb72e92720ab9c83e43bfe52d22a57fefafa8b52ebc3c24507
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-10-11 17:18:30

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: Handlist
FileDescription: Hoppes
FileVersion: 3.2.2.7
InternalName: SNES.net.exe
LegalCopyright: Copyright © 2008-2018 Handlist
LegalTrademarks: 
OriginalFilename: SNES.net.exe
ProductName: Hoppes
ProductVersion: 3.2.2.7
Assembly Version: 3.2.2.7

MSIL/Kryptik.PUY also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.Fareit.4!c
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win32.AgentTesla.vc
McAfee	Artemis!0DC69B46438A
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.Kryptik.Win32.1527715
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0053eaeb1 )
Alibaba	TrojanPSW:MSIL/Fareit.2c846f74
K7GW	Trojan ( 0053eaeb1 )
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.PUY
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-PSW.MSIL.Fareit.gen
NANO-Antivirus	Trojan.Win32.Fareit.hsygzp
Avast	Win32:MalwareX-gen [Trj]
Tencent	Malware.Win32.Gencirc.1157e263
F-Secure	Heuristic.HEUR/AGEN.1324071
FireEye	Generic.mg.0dc69b46438abd6d
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Crypt
Jiangmin	Trojan.PSW.MSIL.fem
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1324071
Antiy-AVL	Trojan[PSW]/MSIL.Fareit
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#yg0hjc7qv263
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Fareit.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
BitDefenderTheta	Gen:NN.ZemsilF.36744.bs0@aKEzdPe
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Trojan.Kryptik!8.8 (CLOUD)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Generic.AP.14BE32A!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.109b2a
DeepInstinct	MALICIOUS

How to remove MSIL/Kryptik.PUY?

MSIL/Kryptik.PUY removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X