Malware

How to remove “MSIL/Kryptik.VK”?

Malware Removal

The MSIL/Kryptik.VK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.VK virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys
  • Uses suspicious command line tools or Windows utilities

How to determine MSIL/Kryptik.VK?



File Info:

name: CBAF7AC2DF4B8B4DAD08.mlw
path: /opt/CAPEv2/storage/binaries/a5ec7bb2aaf538dcbd2c468c18986f58ff5e82d8211f16472bbbca0d42741c23
crc32: 47477397
md5: cbaf7ac2df4b8b4dad08ccbd1791f633
sha1: 5aeb2037573d036b3c5dc9bedc4a88f35c4ddc49
sha256: a5ec7bb2aaf538dcbd2c468c18986f58ff5e82d8211f16472bbbca0d42741c23
sha512: 8d4706091060ab9cd58996eba75bd21a2fe624208ed3a7ae29662f33e0df44146041f50bf3509f50df63d7c2d56107be95da39a08e1a224f31e110d2d5d0df13
ssdeep: 1536:S5Ywii2dTMsPlmfBjzrxXDfl5/XHxe/A2EkUn/gy3uPDLXEE1goVP:SAtPzy3uHXEE1gg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B3448E3E58BE263BC578E2BA8FD98927F481D9377012AD3998D30765C74594336C223E
sha3_384: 6e1313a49b21f33f0cf89a9e8d16d7519e6687a2cfa2ff7122b2b624069bf16876bb96d203a7e7b39e8c5d56637229ff
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-12-06 19:02:42


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: svchost.exe
LegalCopyright:  
OriginalFilename: svchost.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.VK also known as:

LionicTrojan.Win32.Generic.miOe
Elasticmalicious (high confidence)
DrWebBackDoor.Bladabindi.1702
MicroWorld-eScanGen:Heur.Variadic.A.348.1
FireEyeGeneric.mg.cbaf7ac2df4b8b4d
ALYacGen:Heur.Variadic.A.348.1
CylanceUnsafe
K7AntiVirusTrojan ( 004ba6981 )
AlibabaTrojan:MSIL/Kryptik.c7826b0c
K7GWTrojan ( 004ba6981 )
Cybereasonmalicious.2df4b8
BitDefenderThetaGen:NN.ZemsilF.34062.pm0@aat1lXb
CyrenW32/Trojan.DIS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.VK
TrendMicro-HouseCallTROJ_GEN.R002C0PL621
Paloaltogeneric.ml
ClamAVWin.Packed.Gamarue-7752012-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Variadic.A.348.1
TencentWin32.Trojan.Generic.Tbit
Ad-AwareGen:Heur.Variadic.A.348.1
EmsisoftGen:Heur.Variadic.A.348.1 (B)
TrendMicroTROJ_GEN.R002C0PL621
McAfee-GW-EditionBehavesLike.Win32.Generic.dz
SophosMal/Generic-S
GDataGen:Heur.Variadic.A.348.1
JiangminTrojanSpy.MSIL.esg
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.34E5F96
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/MSILKrypt09.Exp
McAfeeGenericRXFQ-KZ!CBAF7AC2DF4B
MAXmalware (ai score=84)
VBA32CIL.StupidStealth.Heur
MalwarebytesTrojan.Agent
PandaTrj/GdSda.A
APEXMalicious
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.DN.10E8A3!tr
AVGMSIL:Downloader-LX [Trj]
AvastMSIL:Downloader-LX [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/Kryptik.VK?

MSIL/Kryptik.VK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment