Risk

MSIL/Riskware.Crypter.GD malicious file

Malware Removal

The MSIL/Riskware.Crypter.GD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Riskware.Crypter.GD virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine MSIL/Riskware.Crypter.GD?



File Info:

name: 48972BC5287B75F3288B.mlw
path: /opt/CAPEv2/storage/binaries/d64f449c9cf93d99d8d365fc5c33a4ffd502f2e87a66fb6945c93ed8f698f82e
crc32: 967A6E04
md5: 48972bc5287b75f3288b2c85aa26c5c5
sha1: 73ce228b9a8a52ca59a041b871fedb38d4a8fe46
sha256: d64f449c9cf93d99d8d365fc5c33a4ffd502f2e87a66fb6945c93ed8f698f82e
sha512: df777bec244615461f0d61d289a4c6608cb5fc6b0ee54073c2fe75fc1fdbc5a19ab129d35a0ef83e80f15c3e8bfd12a4581572a19123e505ba078911db5911e9
ssdeep: 98304:o9J34mJnUg7gitUsrtB0Q6kvUocPa5/LzWXDF:ovImJnUertUsr0+vbcPa9zWXDF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18706233136D2C4E7C506477845B8F67EB5AC2CF2FE6E01B375183BEDBA38A806151296
sha3_384: 6e0c349c0f4e7f602a2e84bd2e609b12d715e6310c2add33149773e8d1e5661a662093ac0fa5d5b4f625279522691a63
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2015-07-17 06:47:19


Version Info:

Translation: 0x0000 0x04b0
Comments: [ Master ] Advanced Keylogger 3 Final
CompanyName: THE LORD
FileDescription: [ Master ] Advanced Keylogger 3 Final
FileVersion: 1.0.0.0
InternalName: [ Master ] Advanced Keylogger v.3 Final.exe
LegalCopyright: Copyright © THE LORD  2015
LegalTrademarks: [ Master ] Advanced Keylogger 3 Final
OriginalFilename: [ Master ] Advanced Keylogger v.3 Final.exe
ProductName: [ Master ] Advanced Keylogger 3 Final
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Riskware.Crypter.GD also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.myc9
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.30972987
FireEyeGeneric.mg.48972bc5287b75f3
ALYacTrojan.GenericKD.30972987
CylanceUnsafe
ZillyaTool.Crypter.Win32.184
AlibabaRiskWare:MSIL/Crypter.3a35a9e4
Cybereasonmalicious.5287b7
BitDefenderThetaGen:NN.ZexaF.34294.Lt0@aePqG4f
CyrenW32/Symmi.O.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Riskware.Crypter.GD
APEXMalicious
BitDefenderTrojan.GenericKD.30972987
NANO-AntivirusTrojan.Win32.XtremeRat.duheqg
AvastWin32:Malware-gen
TencentMsil.Risk.Riskware.Pegd
Ad-AwareTrojan.GenericKD.30972987
SophosMal/Generic-S
ComodoMalware@#34miqqgsd92xe
DrWebBackDoor.XtremeRat.27
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
EmsisoftTrojan.GenericKD.30972987 (B)
GDataTrojan.GenericKD.30972987
WebrootSystem.Monitor.Keylogger.Gen
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
McAfeeArtemis!48972BC5287B
MAXmalware (ai score=100)
TrendMicro-HouseCallTROJ_GEN.R002H0CKQ21
RisingTrojan.Generic@ML.100 (RDML:sSlhmy8Y12YDZqqfWtP6jg)
YandexRiskware.Crypter!r+4T31/zTXc
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_100%
FortinetRiskware/Crypter
AVGWin32:Malware-gen
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/Riskware.Crypter.GD?

MSIL/Riskware.Crypter.GD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment