MSIL/Kryptik.QPE (file analysis)

The MSIL/Kryptik.QPE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.QPE virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/Kryptik.QPE?


File Info:
name: 659CBCC428A122B47658.mlw
path: /opt/CAPEv2/storage/binaries/812557c2aa0d39df9ba8e8c5f2ca460581fbe945925e41cc6eef541b60000da6
crc32: 2C5B2806
md5: 659cbcc428a122b47658ca81df6fad77
sha1: 1dc553a58733657de0f7f85dbf46c634dab4ff59
sha256: 812557c2aa0d39df9ba8e8c5f2ca460581fbe945925e41cc6eef541b60000da6
sha512: 98b8057068185e8b476d2589cc6e500f68b96ec139e7872431f92b7d3d85d76e6d44fed34428da7ff522b7bbd728d3d4521a780ef9d9b4ad4e164680b2c97b1e
ssdeep: 12288:3qgptCgj6RISXudHbOK93G9c6WXuVkkG62Pz3Q2DZyh+yAEb3JMWdFjxWc:3LCKsIyuFbQc6NkZcuZyhiWR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C15F1B6788295ACC50D4B35247755C0BAB72ACA3DE5CE0DB0DD430C5F2272BB352B6A
sha3_384: c20f46f095557c75d110da860a6be766b79e01c55a846277c1ad58058a34e091f853cd67cd763d2bf46562b84a0b7b30
ep_bytes: ff250020400000000000000000000000
timestamp: 2006-11-27 09:07:58

Version Info:
Translation: 0x0000 0x04b0
Comments: Random comments
CompanyName: Company name
FileDescription: IIS request monitor
FileVersion: 1.0.0.0
InternalName: 70014.exe
LegalCopyright: Copyright © 2008 - 2018. All rights reserved.
OriginalFilename: 70014.exe
ProductName: IIS request monitor
ProductVersion: 1.0.0.0
Assembly Version: 0.0.0.0

MSIL/Kryptik.QPE also known as:

Lionic	Trojan.Win32.Razy.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.MSIL.Benin.3
FireEye	Generic.mg.659cbcc428a122b4
McAfee	Packed-FPW!659CBCC428A1
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.MSIL.Agent.aeacv
K7AntiVirus	Trojan ( 00545e451 )
Alibaba	Trojan:MSIL/Kryptik.3168ee81
K7GW	Trojan ( 00545e451 )
CrowdStrike	win/malicious_confidence_60% (D)
Cyren	W32/MSIL_Injector.QK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.QPE
APEX	Malicious
Kaspersky	Trojan.MSIL.Agent.aeacv
BitDefender	Gen:Heur.MSIL.Benin.3
NANO-Antivirus	Trojan.Win32.Kryptik.fnyloy
Avast	Win32:Trojan-gen
Tencent	Msil.Trojan.Agent.Wpaa
Ad-Aware	Gen:Heur.MSIL.Benin.3
Sophos	Mal/Generic-S
Comodo	Malware@#32pa5vpxf07hb
Zillya	Trojan.Kryptik.Win32.1599087
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Emsisoft	Gen:Heur.MSIL.Benin.3 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.MSIL.Benin.3
Avira	HEUR/AGEN.1101621
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Generic.ASMalwS.2A6A38A
Arcabit	Trojan.MSIL.Benin.3
Microsoft	Trojan:Win32/Occamy.C
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Generic.C4399008
BitDefenderTheta	Gen:NN.ZemsilF.34062.2m0@amnUbdo
Yandex	Trojan.Agent!tn6FNQvMoWY
Ikarus	Trojan.MSIL.Crypt
Fortinet	MSIL/Kryptik.QRG!tr
AVG	Win32:Trojan-gen
Cybereason	malicious.428a12
Panda	Trj/GdSda.A

How to remove MSIL/Kryptik.QPE?

MSIL/Kryptik.QPE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X