About “IL:Trojan.MSILMamut.243” infection

The IL:Trojan.MSILMamut.243 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILMamut.243 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine IL:Trojan.MSILMamut.243?


File Info:
name: 6CE1E96AC8B9572478B5.mlw
path: /opt/CAPEv2/storage/binaries/5f211503f45347e0882750c570690319efdf94a728611e213d23407d951f3a12
crc32: EAA1D162
md5: 6ce1e96ac8b9572478b5bb83888be04b
sha1: 4b92a7792f37bda4c331008d89e939840b767979
sha256: 5f211503f45347e0882750c570690319efdf94a728611e213d23407d951f3a12
sha512: 673179e51585189bb6f723581c606e1897977c9a6a48999fd7800dae8b345f6e3a9935599465d54e78058d571ec1162266dfa8f71be954955835426f86cc2171
ssdeep: 1536:WhUtJlegpnKz4AwtwB09HFBOAgzetOlFFtBX+rnPUs11OFgy5:WhPgpnK8hpxFBOCtOlFVO8n
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E693372CE7C0B103DCED4D785B54B69C83327E1374006B695AF166285221F7BFAF899A
sha3_384: 977357f82bf212c98a5e02139fb68263bcebf5fec08c4a958e87d44e0a7c1238465b7e250c6cf19a48b3ad64b24c2d73
ep_bytes: ff2500204000d5cf7a65fbcb08cf3d00
timestamp: 2050-03-20 21:19:15

Version Info:
Translation: 0x0000 0x04b0
CompanyName: sqlsrvs
FileDescription: sqlsrvs
FileVersion: 1.0.0.0
InternalName: sqlsrvs.dll
LegalCopyright:  
OriginalFilename: sqlsrvs.dll
ProductName: sqlsrvs
ProductVersion: 1.0.0
Assembly Version: 1.0.0.0

IL:Trojan.MSILMamut.243 also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Mamut.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILMamut.243
FireEye	Generic.mg.6ce1e96ac8b95724
ALYac	IL:Trojan.MSILMamut.243
Cylance	Unsafe
VIPRE	IL:Trojan.MSILMamut.243
Alibaba	Trojan:MSIL/Kryptik.b3e4f127
K7GW	Trojan ( 0057a7dd1 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AAIC
APEX	Malicious
ClamAV	Win.Packed.Msilmamut-9958037-0
BitDefender	IL:Trojan.MSILMamut.243
Avast	Win32:TrojanX-gen [Trj]
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:1Y5iuc0p6CyKFBt/uXzfew)
Ad-Aware	IL:Trojan.MSILMamut.243
Emsisoft	IL:Trojan.MSILMamut.243 (B)
F-Secure	Heuristic.HEUR/AGEN.1222418
TrendMicro	TROJ_GEN.R002C0PHB22
McAfee-GW-Edition	GenericRXTM-PB!6CE1E96AC8B9
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
GData	IL:Trojan.MSILMamut.243
Google	Detected
Avira	HEUR/AGEN.1222418
MAX	malware (ai score=82)
Antiy-AVL	Trojan/MSIL.Kryptik
Arcabit	IL:Trojan.MSILMamut.243
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4526993
Acronis	suspicious
McAfee	GenericRXTM-PB!6CE1E96AC8B9
Malwarebytes	Malware.AI.2878892006
TrendMicro-HouseCall	TROJ_GEN.R002C0PHB22
Fortinet	PossibleThreat
BitDefenderTheta	Gen:NN.ZemsilF.34592.fm0@aeFe3Pf
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.92f37b

How to remove IL:Trojan.MSILMamut.243?

IL:Trojan.MSILMamut.243 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X