Trojan

IL:Trojan.MSILMamut.220 information

Malware Removal

The IL:Trojan.MSILMamut.220 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What IL:Trojan.MSILMamut.220 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine IL:Trojan.MSILMamut.220?


File Info:

name: 1ED76F9F447DFBFA80A3.mlw
path: /opt/CAPEv2/storage/binaries/e0853fc0d3cfab7eb6cc39118b6f3dcae115807e24e962b8f6b7688d4fce4e00
crc32: B9BDB4EA
md5: 1ed76f9f447dfbfa80a31fb298497157
sha1: 32dde56ccb0de44eecf3eae30e91405cfbcf2851
sha256: e0853fc0d3cfab7eb6cc39118b6f3dcae115807e24e962b8f6b7688d4fce4e00
sha512: 2b9c203af21c71ddb3dd79ac82cc00736c44b61d32b1ca143a02c7b2f70c9781755ca0a779ce0643b86aa8201a4d89e3cd3e6777b3998c0a04d19b1f0d8ad344
ssdeep: 12288:ISKwjzsZpds2JbrpoaSKwjzuZpXs2JTypo:ISKwWes6aSKw88s/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CEC4E042775406B3C879CA72E916C2B10F30EDADDB42C76F75C0B76B3CDA6A08A43A55
sha3_384: 3c75ed15e5b861833cd9ab1b2e24d637ad15f3b7bce67b954cb4c9a7965ccf89709f1a863ac79268ad5aaff1098795d6
ep_bytes: ff25002040005348c7c0010000000fa2
timestamp: 2017-07-08 10:36:23

Version Info:

Translation: 0x0000 0x04b0
Comments: The decryptor for the CryptoJoker ransomware
CompanyName: CryptoJoker A.E
FileDescription: CryptoJokerGUI
FileVersion: 1.0.0.0
InternalName: CryptoJoker.exe
LegalCopyright: Copyright © CryptoJoker 2017
LegalTrademarks:
OriginalFilename: CryptoJoker.exe
ProductName: CryptoJokerDecryptor
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

IL:Trojan.MSILMamut.220 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanIL:Trojan.MSILMamut.220
FireEyeIL:Trojan.MSILMamut.220
ALYacIL:Trojan.MSILMamut.220
CylanceUnsafe
SangforTrojan.MSIL.CryptoJoker.C
K7AntiVirusTrojan ( 700000121 )
AlibabaRansom:MSIL/CryptJoke.f0477298
K7GWTrojan ( 700000121 )
Cybereasonmalicious.f447df
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Filecoder.CryptoJoker.C
APEXMalicious
Paloaltogeneric.ml
BitDefenderIL:Trojan.MSILMamut.220
NANO-AntivirusTrojan.Win32.Filecoder.ewxwvj
AvastWin32:RansomX-gen [Ransom]
TencentMalware.Win32.Gencirc.114931b8
Ad-AwareIL:Trojan.MSILMamut.220
SophosMal/Generic-R + Mal/Jokryp-A
F-SecureHeuristic.HEUR/AGEN.1232325
ZillyaTrojan.Filecoder.Win32.9805
McAfee-GW-EditionRansomware-GFV!1ED76F9F447D
EmsisoftIL:Trojan.MSILMamut.220 (B)
SentinelOneStatic AI – Suspicious PE
AviraHEUR/AGEN.1232325
MAXmalware (ai score=96)
MicrosoftRansom:MSIL/CryptJoke.B!bit
GDataIL:Trojan.MSILMamut.220
CynetMalicious (score: 99)
AhnLab-V3Malware/Win.Generic.C4425864
McAfeeRansomware-GFV!1ED76F9F447D
VBA32TScope.Trojan.MSIL
MalwarebytesRansom.CryptoJoker
RisingRansom.CryptoJoker!1.D0E2 (CLASSIC)
IkarusTrojan-Ransom.FileCrypter
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/CryptoJoker.D!tr.ransom
BitDefenderThetaGen:NN.ZemsilF.34666.Im0@aeJP0wf
AVGWin32:RansomX-gen [Ransom]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove IL:Trojan.MSILMamut.220?

IL:Trojan.MSILMamut.220 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment