Malware

About “MSIL/Kryptik.ZRL” infection

Malware Removal

The MSIL/Kryptik.ZRL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Kryptik.ZRL virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Collects information to fingerprint the system

How to determine MSIL/Kryptik.ZRL?



File Info:

crc32: 8D02931F
md5: a404ba1c876aaf170e18f6b4f39d12b0
name: A404BA1C876AAF170E18F6B4F39D12B0.mlw
sha1: 6a7f40ce4015aa528aa7cdbf90e749c805143ba4
sha256: d09274d4ae974f9b0bca5e78303559ff0f9ea23ea970c7cba2fe0e7564f39204
sha512: 6cd26c1895a5b4da3a86af1958b06abc692e94e3440d715916bbcb216c278dc31d917d12a39aef7f463a7a9041d68795584d23b118bebd87b86e8c9f1138ade2
ssdeep: 12288:CVoDIylYGLLAvWRNL3Ye1T593qFizWy0UPSDCWz5PapTrmi:Dl/LAvWX91zqMD0ESD/ipTrm
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright (C) 2019 Microsoft. All rights reserved
Assembly Version: 1.0.0.0
InternalName: x6c0fx57ceux592ax5546x7684Lx5b59x64ax62a.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft Corporation
LegalTrademarks: 
Comments: 
ProductName: Azure Data Studio
ProductVersion: 1.0.0.0
FileDescription: Azure Data Studio
OriginalFilename: x6c0fx57ceux592ax5546x7684Lx5b59x64ax62a.exe

MSIL/Kryptik.ZRL also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Packed2.42845
MicroWorld-eScanTrojan.GenericKD.45744034
FireEyeGeneric.mg.a404ba1c876aaf17
CAT-QuickHealTrojan.MSIL
ALYacTrojan.GenericKD.45744034
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.MSIL.Crypt.4!c
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00577fba1 )
BitDefenderTrojan.GenericKD.45744034
K7GWTrojan ( 00577fba1 )
Cybereasonmalicious.c876aa
BitDefenderThetaGen:NN.ZemsilF.34608.Rm0@aahEVak
CyrenW32/MSIL_Kryptik.DFR.gen!Eldorado
SymantecTrojan.Gen.2
APEXMalicious
AvastWin32:RATX-gen [Trj]
KasperskyHEUR:Trojan.MSIL.Crypt.gen
AlibabaTrojan:Win32/Kryptik.ali2000016
NANO-AntivirusTrojan.Win32.Crypt.ilxdog
TencentWin32.Trojan.Inject.Auto
Ad-AwareTrojan.GenericKD.45744034
EmsisoftTrojan.Crypt (A)
ZillyaTrojan.Kryptik.Win32.2896470
TrendMicroTrojanSpy.MSIL.AZORULT.BD
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosMal/Generic-R + Troj/Azorult-HG
IkarusTrojan.MSIL.Inject
AviraTR/Kryptik.wfjmm
MAXmalware (ai score=87)
Antiy-AVLTrojan/MSIL.Crypt
MicrosoftTrojanDownloader:MSIL/AgentTesla.LB!MTB
GridinsoftTrojan.Win32.Packed.oa
ArcabitTrojan.Generic.D2B9FFA2
AhnLab-V3Malware/Gen.RL_Reputation.C4339843
ZoneAlarmHEUR:Trojan.MSIL.Crypt.gen
GDataTrojan.GenericKD.45744034
CynetMalicious (score: 100)
ESET-NOD32a variant of MSIL/Kryptik.ZRL
McAfeePWS-FCUF!A404BA1C876A
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.MalPack.PNG.Generic
PandaTrj/GdSda.A
ZonerTrojan.Win32.104796
TrendMicro-HouseCallTrojanSpy.MSIL.AZORULT.BD
YandexTrojan.Crypt!3GYOlSlCMQE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/GenKryptik.FBUD!tr
AVGWin32:RATX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Kryptik.HwMAYl0A

How to remove MSIL/Kryptik.ZRL?

MSIL/Kryptik.ZRL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment