Trojan

IL:Trojan.MSILZilla.4787 removal

Malware Removal

The IL:Trojan.MSILZilla.4787 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IL:Trojan.MSILZilla.4787 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

Related domains:

wpad.local-net

How to determine IL:Trojan.MSILZilla.4787?



File Info:

name: C7E1807B2BB279DC2645.mlw
path: /opt/CAPEv2/storage/binaries/e3d32428fd7d3b625a6b2fdcac94687316640c0363f1de16c5d26a0e503d0b78
crc32: 3BEAB697
md5: c7e1807b2bb279dc2645fc10d0c34553
sha1: ab41d0b85aa424ac06381fcb8aa98fd4aa7c2c9e
sha256: e3d32428fd7d3b625a6b2fdcac94687316640c0363f1de16c5d26a0e503d0b78
sha512: 35185ea17288323b1493b17dd2d68be27e801bdc9301a37a49929f21e9d6141b07480615a241af3b8820dac82790b6a56513869c8e22d6e2502f7d4050916f80
ssdeep: 768:oJiEyNYz6O/nRLLRHtwvYmYl6nMvXL/0KnwYV2hOHKYzJ0DrTw:oJV+OjHtwQD3fHyM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A7032BAD73E49614E5BE1E720AB1E2015379EC177A21E64D19C1B0AA1E77350EE00FB3
sha3_384: b11a2b7300d5103bb13f3b5a8c3ba290e75333868273c2d114e2280d4c9a829490bce60b0aa87b1da9e70d3ecbaa2c3b
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-12-27 23:52:46


Version Info:

Translation: 0x0000 0x04b0
Comments: Microsoft Corporation
CompanyName: Microsoft Corporation
FileDescription: Microsoft Corporation
FileVersion: 0.0.0.0
InternalName: E.exe
LegalCopyright: Microsoft Corporation
LegalTrademarks: Microsoft Corporation
OriginalFilename: E.exe
ProductName: Microsoft Corporation
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

IL:Trojan.MSILZilla.4787 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebBackDoor.BladabindiNET.20
MicroWorld-eScanIL:Trojan.MSILZilla.4787
FireEyeGeneric.mg.c7e1807b2bb279dc
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacIL:Trojan.MSILZilla.4787
MalwarebytesTrojan.Injector
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:Win32/Malex.8a8866b0
K7GWTrojan ( 700000121 )
Cybereasonmalicious.b2bb27
ArcabitIL:Trojan.MSILZilla.D12B3
BitDefenderThetaAI:Packer.8D14D1DB1F
CyrenW32/MSIL_Bladabindi.DI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.LB
TrendMicro-HouseCallBKDR_BLADABI.SMQ
Paloaltogeneric.ml
ClamAVWin.Trojan.Generic-6417450-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderIL:Trojan.MSILZilla.4787
NANO-AntivirusTrojan.Win32.Mlw.ijaxtk
TencentWin32.Trojan.Generic.Tbif
Ad-AwareIL:Trojan.MSILZilla.4787
SophosMal/Generic-R + Mal/Bladabi-S
ComodoMalware@#381b2off1iciv
BaiduMSIL.Backdoor.Bladabindi.a
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_BLADABI.SMQ
McAfee-GW-EditionGenericRXAI-NM!C7E1807B2BB2
EmsisoftMalware.Generic.CN1 (A)
IkarusWorm.MSIL.Bladabindi
JiangminTrojan.Generic.gslxe
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Win32.Malex
MicrosoftTrojan:Win32/Malex.gen!E
GDataIL:Trojan.MSILZilla.4787
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Malex.C1935769
McAfeeGenericRXAI-NM!C7E1807B2BB2
MAXmalware (ai score=82)
VBA32Trojan.MSIL.gen.15
PandaTrj/GdSda.A
APEXMalicious
RisingBackdoor.Blackworm!1.C8E6 (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Generic.AP.2AC56!tr
AVGMSIL:Agent-CIB [Trj]
AvastMSIL:Agent-CIB [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove IL:Trojan.MSILZilla.4787?

IL:Trojan.MSILZilla.4787 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment