Trojan

What is “IL:Trojan.MSILZilla.12980”?

Malware Removal

The IL:Trojan.MSILZilla.12980 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IL:Trojan.MSILZilla.12980 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine IL:Trojan.MSILZilla.12980?



File Info:

name: 53977AB3A03A84019261.mlw
path: /opt/CAPEv2/storage/binaries/db891e52b22acc70a5c9f3d63f150d06cf6efa94c56de218469eb4a81aeebdc9
crc32: 7CDC0D02
md5: 53977ab3a03a840192619d89ee8a2b88
sha1: e391bf8e87dba89302eb6f6f3fe6a9922318c3a7
sha256: db891e52b22acc70a5c9f3d63f150d06cf6efa94c56de218469eb4a81aeebdc9
sha512: 6d022c28c5ea3dc8798e59efe0e85fd1df19c3d72cc60fb79cea67ae232c335e38879b4519d4feb6badabdd5cb824f3187830293c2a3d206185c9f7c283e702f
ssdeep: 6144:lo+2IsYVZDk8xpZxYAS6CJH9LmcHYYXMMQ/sOkvDufykxPDAsJc:lZFFZDk8xhqXJHx7HYzvbKkZDAsJc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6B48B412A5CFDE9FA2046700BB2B6656622FCB58CD4561E65823E9EFB7E1C3BD01313
sha3_384: f49bb949e51023715a4ae061334684368be804ad3aedca6b239316c884052eac3a58d3337efe07f1e0ecd2ceed199ff0
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-06 21:54:30


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Application Verifier Automation DLL
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
InternalName: 
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: vrfauto.dll
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.3.9600.16384
Translation: 0x0409 0x04b0

IL:Trojan.MSILZilla.12980 also known as:

BkavW32.AIDetectNet.01
tehtrisGeneric.Malware
CynetMalicious (score: 100)
CAT-QuickHealTrojan.MsilFC.S6058611
McAfeeTrojan-FJLP!53977AB3A03A
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056f0d81 )
K7GWTrojan ( 0056f0d81 )
Cybereasonmalicious.3a03a8
CyrenW32/MSIL_Troj.JD.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik.GRR
APEXMalicious
ClamAVWin.Packed.Zusy-7135725-0
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderIL:Trojan.MSILZilla.12980
MicroWorld-eScanIL:Trojan.MSILZilla.12980
AvastWin32:TrojanX-gen [Trj]
Ad-AwareIL:Trojan.MSILZilla.12980
EmsisoftIL:Trojan.MSILZilla.12980 (B)
F-SecureHeuristic.HEUR/AGEN.1235345
DrWebBackDoor.Bladabindi.13678
VIPREIL:Trojan.MSILZilla.12980
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.53977ab3a03a8401
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataIL:Trojan.MSILZilla.12980
JiangminTrojan.Blocker.ejw
AviraHEUR/AGEN.1235345
ArcabitIL:Trojan.MSILZilla.D32B4
SUPERAntiSpywareBackdoor.NanoBot/Variant
ZoneAlarmHEUR:Trojan.MSIL.Generic
MicrosoftTrojan:MSIL/AgentTesla.DK!MTB
AhnLab-V3Trojan/Win32.NanoBot.C1520978
Acronissuspicious
ALYacIL:Trojan.MSILZilla.12980
MAXmalware (ai score=86)
MalwarebytesTrojan.FakeMS
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:Os+eEQbaTV0eiW55crZqXQ)
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.GRR!tr
BitDefenderThetaGen:NN.ZemsilF.34582.Em0@aiL6kzoi
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove IL:Trojan.MSILZilla.12980?

IL:Trojan.MSILZilla.12980 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment