Malware

MSIL/Kryptik.UJJ (file analysis)

Malware Removal

The MSIL/Kryptik.UJJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.UJJ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine MSIL/Kryptik.UJJ?



File Info:

name: 499015563CE34C06E26D.mlw
path: /opt/CAPEv2/storage/binaries/67e2f39e7ba5900123f637b6f5e0c9dc372e3929b244e30ed7dd38da67af1456
crc32: 2DB77E98
md5: 499015563ce34c06e26d7e9467abdb52
sha1: c515a52b2b6397b77a11a489172eb4bc441e7a19
sha256: 67e2f39e7ba5900123f637b6f5e0c9dc372e3929b244e30ed7dd38da67af1456
sha512: 32e8de1781b29c243aff4200007f9234b0e7859af876639b7900ac8473f763cc8436d39701913384ae2c9dd01fcde42ad5e7b22f0b19aac5fbb91fc4d6eb8fe7
ssdeep: 12288:nbwVoQBtWhRgt05lLHM5qithE66+9DMXJxpni+LvycA3Ycd5aCq:bwn85iEithEI9mbhi+e13Y25w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13AE4D091F2B8BA71CA774233C8E75D3507A6AE96E333FF8E1A1D72590E731224912153
sha3_384: 32f4bda7f617b8acedad51d3fb3bd72d077c6fdcf873a9be4d60f8317a8a3a51745e448ce8400874f18f491931c3a9cb
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-01-19 07:18:39


Version Info:

Translation: 0x0000 0x04b0
Comments: A simple stat viewer and management utility for Pi-Hole software
CompanyName: Justin Boughton
FileDescription: ManHole
FileVersion: 1.2.2.0
InternalName: ManHole.exe
LegalCopyright: Copyright ©2018 Justin Boughton
LegalTrademarks: 
OriginalFilename: ManHole.exe
ProductName: ManHole
ProductVersion: 1.2.2.0
Assembly Version: 1.2.2.0

MSIL/Kryptik.UJJ also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.MSILPerseus.207837
FireEyeGeneric.mg.499015563ce34c06
CAT-QuickHealBackdoor.MSIL
McAfeeArtemis!499015563CE3
MalwarebytesTrojan.Crypt.MSIL
ZillyaTrojan.Kryptik.Win32.1912597
K7AntiVirusTrojan ( 0055f1a91 )
AlibabaTrojan:Win32/runner.ali1000123
K7GWTrojan ( 0055f1a91 )
Cybereasonmalicious.63ce34
BitDefenderThetaGen:NN.ZemsilF.34182.Pq0@am8vMze
CyrenW32/MSIL_Agent.BBP.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.UJJ
TrendMicro-HouseCallTROJ_GEN.R002C0GLI21
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.NanoBot.gen
BitDefenderGen:Variant.MSILPerseus.207837
AvastWin32:Trojan-gen
TencentMsil.Backdoor.Nanobot.Peps
EmsisoftGen:Variant.MSILPerseus.207837 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1143908
Antiy-AVLTrojan/Generic.ASMalwS.2FDE654
MicrosoftBackdoor:Win32/Bladabindi!ml
GDataGen:Variant.MSILPerseus.207837
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.C3985308
VBA32TScope.Trojan.MSIL
ALYacGen:Variant.MSILPerseus.207837
MAXmalware (ai score=82)
CylanceUnsafe
APEXMalicious
RisingMalware.Obfus/MSIL@AI.97 (RDM.MSIL:fSmOxo3pu4D7vZS9oA5rOg)
YandexTrojan.Kryptik!ycOQUvUID0g
FortinetMSIL/NanoBot.JLK!tr.bdr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove MSIL/Kryptik.UJJ?

MSIL/Kryptik.UJJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment