Categories: Trojan

IL:Trojan.MSILZilla.17087 malicious file

The IL:Trojan.MSILZilla.17087 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What IL:Trojan.MSILZilla.17087 virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
CAPE detected the shellcode get eip malware family
Creates a copy of itself
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine IL:Trojan.MSILZilla.17087?


File Info:
name: A7C14A936E9C91BE9C6F.mlwpath: /opt/CAPEv2/storage/binaries/dc76274487f45a49d272cb7493856e62629ad7e95ac961292c89b4defc9367fccrc32: B36BF906md5: a7c14a936e9c91be9c6f0c8e154c166csha1: 6d5a409d4db1f8e9bafb75c3f474dc939cbee502sha256: dc76274487f45a49d272cb7493856e62629ad7e95ac961292c89b4defc9367fcsha512: 1b4d2f4ba01fc49339c5c963545e33d415d60223a8e0e01c6254acb485f24c2821c934f47a498d1e7e966d109fbbf7a6128dc07176a163ea837a5d5acd6a48a2ssdeep: 49152:77Rrv9nzOUt+JtMOD/KBJuhJcAiMT64XTTcMqiXguiaSCEjyNXTw4+pv19I7tR+I:7trv9zOUtqyOD/+u0AiP4XTTcMqiXXi6type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12085F10358508442FDE94230A2FBBB74D3FE3B52775A942EAC562E0920F7BE1B47564Bsha3_384: 744556472fe9723ccebec6fd72e324d2d2262fdca3a3efc0f6a7b15866295e8530e844c5d07a54668b3df1fd701dc1c9ep_bytes: ff250020400000000000000000000000timestamp: 2024-01-25 16:34:39
Version Info:
Translation: 0x0000 0x04b0Comments: IE Per-User Initialization utilityCompanyName: Microsoft CorporationFileDescription: IE Per-User Initialization utilityFileVersion: 8.0.7601.17514InternalName: loveness.exeLegalCopyright: Microsoft Corporation. All rights reserved.LegalTrademarks: Microsoft Corporatio.OriginalFilename: loveness.exeProductName: Windows Internet ExplorerProductVersion: 8.0.7601.17514Assembly Version: 8.0.7601.17514

IL:Trojan.MSILZilla.17087 also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Meredrop.4!c
DrWeb	BackDoor.Comet.152
MicroWorld-eScan	IL:Trojan.MSILZilla.17087
ClamAV	Win.Dropper.HawkEye-9886454-0
FireEye	Generic.mg.a7c14a936e9c91be
Skyhigh	GenericRXJC-WE!A7C14A936E9C
McAfee	GenericRXJC-WE!A7C14A936E9C
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056f3081 )
K7GW	Trojan ( 0056f3081 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	IL:Trojan.MSILZilla.D42BF
BitDefenderTheta	Gen:NN.ZemsilF.36680.Un0@amuDrSf
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Injector.BYE
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	IL:Trojan.MSILZilla.17087
NANO-Antivirus	Trojan.Win32.DarkKomet.dcmlbu
Avast	MSIL:Dropper-AAF [Drp]
Tencent	Win32.Trojan.Generic.Hmnw
Emsisoft	IL:Trojan.MSILZilla.17087 (B)
F-Secure	Trojan.TR/Meredrop.EB.1
VIPRE	IL:Trojan.MSILZilla.17087
Sophos	Troj/FakeMS-X
SentinelOne	Static AI – Malicious PE
Webroot	W32.Suspicious.Heur
Google	Detected
Avira	TR/Meredrop.EB.1
MAX	malware (ai score=89)
Kingsoft	malware.kb.c.1000
Xcitium	TrojWare.MSIL.Meredrop.EI@5673c5
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	IL:Trojan.MSILZilla.17087
Varist	W32/MSIL_Agent.GHG.gen!Eldorado
AhnLab-V3	Backdoor/Win32.DarkKomet.C221238
ALYac	IL:Trojan.MSILZilla.17087
Cylance	unsafe
Ikarus	Trojan.MereDropper
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Injector.BEO!tr
AVG	MSIL:Dropper-AAF [Drp]
Cybereason	malicious.d4db1f
DeepInstinct	MALICIOUS