IL:Trojan.MSILZilla.12157 (file analysis)

The IL:Trojan.MSILZilla.12157 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILZilla.12157 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine IL:Trojan.MSILZilla.12157?


File Info:
name: 42AA84A299264BCC8601.mlw
path: /opt/CAPEv2/storage/binaries/200831da0a65bef54037b30efefb7fa4362209567cb71a86346834b50cf60ef4
crc32: BDB7903B
md5: 42aa84a299264bcc8601d733234bc43d
sha1: ffe8364d2cc6365e8f87db4278536a410a527468
sha256: 200831da0a65bef54037b30efefb7fa4362209567cb71a86346834b50cf60ef4
sha512: 0cee3a8e66609bd4f93a660b6dee01ec00a252512c5c11a754ce0b307e69d8759d4aba9ed5e3c9fdbe8d921840f53eb75ad3cc9a757b222d79d985e4f1d30470
ssdeep: 48:6cfkByTF3nONje1eFJ3E3LczguOCx915qBHHuulcxvqXSfbNtm:QQ3v3LMgwx9Pk5axhzNt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12CC12F0167AA85F3D2618B72C66A4300A37BA731059ACFCE2E84C3697CFD1538F526E0
sha3_384: cb9c20c408219ecdf34a89cceffb94df69284118833312066f792fa147a023638e74383fccd4df084496fb7427e2843d
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-11-03 17:39:53

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Crypted.exe
LegalCopyright:  
OriginalFilename: Crypted.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

IL:Trojan.MSILZilla.12157 also known as:

Bkav	W32.Common.623BDE5D
Lionic	Trojan.Win32.Tiny.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.12157
Skyhigh	Artemis!Trojan
McAfee	Artemis!42AA84A29926
Cylance	unsafe
Zillya	Downloader.Tiny.Win32.17539
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004dcb4e1 )
Alibaba	TrojanDownloader:MSIL/Citrate.124f629f
K7GW	Trojan ( 004dcb4e1 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	MSIL.Downloader!gen7
ESET-NOD32	a variant of MSIL/TrojanDownloader.Tiny.APB
Cynet	Malicious (score: 99)
APEX	Malicious
ClamAV	Win.Packed.Razy-9794845-0
Kaspersky	HEUR:Backdoor.MSIL.Citrate.gen
BitDefender	IL:Trojan.MSILZilla.12157
SUPERAntiSpyware	Trojan.Agent/Gen-Virtool
Avast	Win32:RATX-gen [Trj]
Emsisoft	IL:Trojan.MSILZilla.12157 (B)
F-Secure	Heuristic.HEUR/AGEN.1365506
VIPRE	IL:Trojan.MSILZilla.12157
TrendMicro	TROJ_GEN.R002C0DK323
Sophos	Mal/DotNet-C
Ikarus	Trojan-Downloader.MSIL.Tiny
GData	IL:Trojan.MSILZilla.12157
Jiangmin	Backdoor.MSIL.ghgt
Varist	W32/MSIL_Troj.ADF.gen!Eldorado
Avira	HEUR/AGEN.1365506
Antiy-AVL	Trojan[Downloader]/MSIL.Tiny
Kingsoft	malware.kb.c.1000
Arcabit	IL:Trojan.MSILZilla.D2F7D
ZoneAlarm	HEUR:Backdoor.MSIL.Citrate.gen
Microsoft	TrojanDownloader:MSIL/Tiny.AP!MTB
Google	Detected
AhnLab-V3	Trojan/Win32.Tiggre.C2524515
BitDefenderTheta	Gen:NN.ZemsilF.36680.am0@aqnYJKi
MAX	malware (ai score=80)
Malwarebytes	Trojan.MalPack.PGen
TrendMicro-HouseCall	TROJ_GEN.R002C0DK323
Rising	Backdoor.Citrate!8.10E07 (TFE:C:zCldIufCGWV)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Tiny.APB!tr.dldr
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.d2cc63
DeepInstinct	MALICIOUS

How to remove IL:Trojan.MSILZilla.12157?

IL:Trojan.MSILZilla.12157 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X