IL:Trojan.MSILMamut.243 (B) (file analysis)

The IL:Trojan.MSILMamut.243 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILMamut.243 (B) virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine IL:Trojan.MSILMamut.243 (B)?


File Info:
name: F3DF7445F81ED907C4EF.mlw
path: /opt/CAPEv2/storage/binaries/d9add6b9639ca4f95a5d9ae6923f88d3e678194005777142aa5a5e4afda2c76b
crc32: 55DDB9BE
md5: f3df7445f81ed907c4ef5ff537ba9108
sha1: 0e0bb679f266faca0408c952d2c52e1c22c9136a
sha256: d9add6b9639ca4f95a5d9ae6923f88d3e678194005777142aa5a5e4afda2c76b
sha512: 57752fe9d41d9b5f67124b58f1199ffda9da9cb1fc9efc10222349178edcaf9abde836a4bdaae09e5ab7da6dc203acb13b4b45fdb8956bb170c2a6221f3bafae
ssdeep: 3072:509G0oU6Hza7KKVF6ZxfLuqhK2SiePUvhrNbDpW6:aGE6NuqhK2SiBb0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16DE34928FBD4B132CCECECB45740B39C4336BE5770206B586AD176188614E77FA7899A
sha3_384: c70702434dc299057745b347bc4ea3154565d0d89547031a8115a689c9494c2de49cd43d7cec3bb26cc7a3b756b6a7c7
ep_bytes: ff25002040004d91683de5347731dbad
timestamp: 2055-11-15 17:10:52

Version Info:
Translation: 0x0000 0x04b0
CompanyName: sqlsrvs
FileDescription: sqlsrvs
FileVersion: 1.0.0.0
InternalName: sqlsrvs.dll
LegalCopyright:  
OriginalFilename: sqlsrvs.dll
ProductName: sqlsrvs
ProductVersion: 1.0.0
Assembly Version: 1.0.0.0

IL:Trojan.MSILMamut.243 (B) also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILMamut.243
ALYac	IL:Trojan.MSILMamut.243
K7AntiVirus	Trojan ( 005982a51 )
Alibaba	Trojan:MSIL/Kryptik.699e55f4
K7GW	Trojan ( 005982a51 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AAIC
APEX	Malicious
ClamAV	Win.Packed.Msilmamut-9958037-0
Kaspersky	VHO:Trojan.MSIL.Exnet.gen
BitDefender	IL:Trojan.MSILMamut.243
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	IL:Trojan.MSILMamut.243
Emsisoft	IL:Trojan.MSILMamut.243 (B)
VIPRE	IL:Trojan.MSILMamut.243
McAfee-GW-Edition	GenericRXTI-AA!F3DF7445F81E
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.f3df7445f81ed907
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
GData	IL:Trojan.MSILMamut.243
Google	Detected
Avira	HEUR/AGEN.1222418
MAX	malware (ai score=86)
Arcabit	IL:Trojan.MSILMamut.243
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4526993
Acronis	suspicious
McAfee	GenericRXTI-AA!F3DF7445F81E
Malwarebytes	Malware.AI.182686966
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:fpV6Y8AanZ/1IZzM+TFZ0w)
BitDefenderTheta	Gen:NN.ZemsilF.34726.im0@a0H1OEn
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.9f266f

How to remove IL:Trojan.MSILMamut.243 (B)?

IL:Trojan.MSILMamut.243 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X