Should I remove “MSIL/Kryptik.YWO”?

The MSIL/Kryptik.YWO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.YWO virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/Kryptik.YWO?


File Info:
name: D8AA5BBFEA1CF8F8EEB9.mlw
path: /opt/CAPEv2/storage/binaries/6458493f87177661ab86190dedcd50a8983a387c7fe257cc9d0fd23625da8aba
crc32: C0B86FD5
md5: d8aa5bbfea1cf8f8eeb954e5938362a3
sha1: 8e700330eea189d9c8ed8acb4ff839898b43eb3b
sha256: 6458493f87177661ab86190dedcd50a8983a387c7fe257cc9d0fd23625da8aba
sha512: 82d5eae86d55de3846a741f1ec9998cf336a9b0396ee9ecd5c2349b81c2aced07ffdbdb4e9dda2c61e531d927a0f11f7488421a6f5d4bc9fd17210d3e9f94c86
ssdeep: 1536:4rAO9qUwX5MVa2HJGlfWos2/PDa9JL5+9w1JEyBl68l1X+ZaASoUSgrp/9rq4FvL:4r8DAJygJN76aOZaASxSYp5BFec
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T127738E66D3AFCB8EC81D19B1196B069DFD898EDC4933E3E5D0DDD07211CB09826D26A3
sha3_384: a52831bdd665c020973584571c279b811db741786f5763d2b5de95aeeb145f225fd225ed3af97f271348fd6ff8ef1bb2
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-06-22 17:27:22

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: WcfService1
FileVersion: 1.0.0.0
InternalName: WcfService1.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: WcfService1.exe
ProductName: WcfService1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Kryptik.YWO also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.MSIL.Androm.3
FireEye	Generic.mg.d8aa5bbfea1cf8f8
McAfee	Artemis!D8AA5BBFEA1C
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005747cb1 )
K7GW	Trojan ( 005747cb1 )
Cybereason	malicious.fea1cf
ESET-NOD32	a variant of MSIL/Kryptik.YWO
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	UDS:Backdoor.MSIL.Bladabindi.gen
BitDefender	Gen:Heur.MSIL.Androm.3
Avast	RATX-gen [Trj]
Ad-Aware	Gen:Heur.MSIL.Androm.3
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Heur.MSIL.Androm.3 (B)
SentinelOne	Static AI – Malicious PE
GData	MSIL.Backdoor.Bladabindi.GV8HF6
Avira	TR/Dropper.Gen
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.34742.em0@aKGQxKl
ALYac	Gen:Heur.MSIL.Androm.3
MAX	malware (ai score=89)
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:oI77Irof8urWkRxV6OKjiQ)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.YWO!tr
AVG	RATX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove MSIL/Kryptik.YWO?

MSIL/Kryptik.YWO removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X