Trojan

IL:Trojan.MSILZilla.15343 (file analysis)

Malware Removal

The IL:Trojan.MSILZilla.15343 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IL:Trojan.MSILZilla.15343 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection
  • CAPE detected the NetWire malware family

How to determine IL:Trojan.MSILZilla.15343?



File Info:

name: 402B334E0173DAEF95D5.mlw
path: /opt/CAPEv2/storage/binaries/4481825bcd0c41218a95bc2134e3303386afc5ec10258eb47de2957fc425304d
crc32: D1BA5413
md5: 402b334e0173daef95d563edfca9be1b
sha1: 860c89d1fc84132c186a0199e7559e6da6ec55db
sha256: 4481825bcd0c41218a95bc2134e3303386afc5ec10258eb47de2957fc425304d
sha512: 99feaeabcf839b7003ee6f29eae888fee4ec1f116572720f018864fdfa5c343df37de5deb74255738a4e963c69700be0dee07e10e535540a16a006e2aebe4d06
ssdeep: 6144:n8u8dknqA0LIXm3+3wco2xhAIPPIBEzZQley+EnwhVdjOdz48AU:8u8dyqA0MXm3+/PIBnlQCY4kLU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14A94F1E33B57499CD10C2B331066A3D0FA7B35BA3E4ADE0E3089570DAE1661B9B12775
sha3_384: 5a627938aba49d305ebf63c79b643678a19ba5af87bdf8f98f07ab67c6731bba75dc971715dbd546e2aaeccca7ebd1d3
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-04-21 08:23:01


Version Info:

Translation: 0x0000 0x04b0
Comments: Diagnostic Host System
CompanyName: 
FileDescription: Project1.Properties
FileVersion: 4.22.15.1
InternalName: Project1.exe
LegalCopyright: Copyright ©  2016
LegalTrademarks: 
OriginalFilename: Project1.exe
ProductName: Project1.Properties
ProductVersion: 4.22.15.1
Assembly Version: 254.12.11.10

IL:Trojan.MSILZilla.15343 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanIL:Trojan.MSILZilla.15343
FireEyeGeneric.mg.402b334e0173daef
ALYacIL:Trojan.MSILZilla.15343
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004e93531 )
AlibabaTrojan:Win32/Skeeyah.be0c2a95
K7GWTrojan ( 004e93531 )
Cybereasonmalicious.e0173d
VirITTrojan.Win32.MSIL10.FAQ
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.OZA
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Inject.eckr
BitDefenderIL:Trojan.MSILZilla.15343
NANO-AntivirusTrojan.Win32.Drop.ebuaov
AvastWin32:Malware-gen
TencentMsil.Trojan.Inject.Oyop
Ad-AwareIL:Trojan.MSILZilla.15343
TACHYONTrojan/W32.DN-NetWiredRC.431616
EmsisoftIL:Trojan.MSILZilla.15343 (B)
ComodoMalware@#1bqzch7gsyp9v
DrWebTrojan.MulDrop6.37853
ZillyaTrojan.Injector.Win32.375463
TrendMicroTROJ_FRS.0NA103AA19
McAfee-GW-EditionBehavesLike.Win32.Fareit.gc
Trapminemalicious.high.ml.score
SophosMal/Generic-R + Mal/MSIL-OM
IkarusTrojan.MSIL.Agent
GDataIL:Trojan.MSILZilla.15343
JiangminTrojan.PSW.Fareit.cve
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1232143
KingsoftWin32.Hack.NetWiredRC.c.(kcloud)
ViRobotTrojan.Win32.Z.Netwiredrc.431616
ZoneAlarmTrojan.MSIL.Inject.eckr
MicrosoftTrojan:Win32/Ceevee
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C1391962
Acronissuspicious
McAfeeDownloader-FBEO!402B334E0173
MAXmalware (ai score=94)
MalwarebytesMachineLearning/Anomalous.97%
TrendMicro-HouseCallTROJ_FRS.0NA103AA19
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:yOdsLhVjFa58iWadpGPtpA)
YandexBackdoor.NetWiredRC!5G/a+G6FdT8
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.OYS!tr
BitDefenderThetaGen:NN.ZemsilF.34742.Am0@a822Obj
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove IL:Trojan.MSILZilla.15343?

IL:Trojan.MSILZilla.15343 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment