IL:Trojan.MSILZilla.27404 removal guide

The IL:Trojan.MSILZilla.27404 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILZilla.27404 virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine IL:Trojan.MSILZilla.27404?


File Info:
name: C967A686ADA9BEECBB90.mlw
path: /opt/CAPEv2/storage/binaries/7298ea90dde04871a485a964374676710f255bd2935243e94d1f133ea67f4eac
crc32: 4DEB1BBC
md5: c967a686ada9beecbb901f5f4eed7eac
sha1: 80ba03b2cad860e4003f8a806c1543b81b5c7f46
sha256: 7298ea90dde04871a485a964374676710f255bd2935243e94d1f133ea67f4eac
sha512: f13d739b7a922fe7cb9892d2643c95bea6470f743f836e289757c972a9f77e12e62f5938671e068f9a7c53fd8df101500f7445439a400ccdbd167a99a10095b5
ssdeep: 49152:NxkahzUXM62IkJVT3ZNZfpKuiWWuU3eq0egUWQeziL2BYHo93:NxZ62Ik/1BKv93aNo0j3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10CC533198A6EC911FB771277C4211A0387737A966D91F1EBFA8F10EC8F57FA80246427
sha3_384: 7f08b0fd18f1c98a260b9d15ef9ac3e6eb0f15a70fcd406454498765ad6a92a3816db3f26d1732b6389dfd1a5c2a01f0
ep_bytes: ff250020400000000000000000000000
timestamp: 2104-09-22 03:35:01

Version Info:
Translation: 0x0000 0x04b0
Comments: KeyAuth Loader Winform Example
CompanyName: Nelson Cybersecurity LLC
FileDescription: Loader
FileVersion: 1.0.0.0
InternalName: Loader.exe
LegalCopyright: Copyright © KeyAuth.cc
LegalTrademarks: 
OriginalFilename: Loader.exe
ProductName: Loader
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

IL:Trojan.MSILZilla.27404 also known as:

ALYac	IL:Trojan.MSILZilla.27404
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/RiskWare.HackTool.Agent_AGen.S
APEX	Malicious
BitDefender	IL:Trojan.MSILZilla.27404
MicroWorld-eScan	IL:Trojan.MSILZilla.27404
Emsisoft	IL:Trojan.MSILZilla.27404 (B)
VIPRE	IL:Trojan.MSILZilla.27404
McAfee-GW-Edition	GenericRXUX-YK!C967A686ADA9
FireEye	IL:Trojan.MSILZilla.27404
Ikarus	Trojan.Win64.Agent
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	IL:Trojan.MSILZilla.D6B0C
GData	IL:Trojan.MSILZilla.27404
AhnLab-V3	Trojan/Win.WI.C5417749
McAfee	GenericRXUX-YK!C967A686ADA9
MAX	malware (ai score=87)
Malwarebytes	Trojan.MalPack.Confuser
Rising	Hacktool.Agent!8.335 (TFE:dGZlOgzW+AIB4vITJg)
SentinelOne	Static AI – Suspicious PE
Fortinet	Riskware/HackTool
BitDefenderTheta	Gen:NN.ZemsilF.36196.Io0@aeEQsld
DeepInstinct	MALICIOUS

How to remove IL:Trojan.MSILZilla.27404?

IL:Trojan.MSILZilla.27404 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X