Trojan

IL:Trojan.MSILZilla.5677 (file analysis)

Malware Removal

The IL:Trojan.MSILZilla.5677 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IL:Trojan.MSILZilla.5677 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine IL:Trojan.MSILZilla.5677?



File Info:

name: E3B6AF0E25547B4EABFD.mlw
path: /opt/CAPEv2/storage/binaries/64c36a62d684899a38e6e29cb1ac8208a32df2408172a2a205682370731c8341
crc32: 41A5A925
md5: e3b6af0e25547b4eabfdcdc08bf557dd
sha1: 20b7f85ab3ccb6eb3102d26d5ddda6973e56425a
sha256: 64c36a62d684899a38e6e29cb1ac8208a32df2408172a2a205682370731c8341
sha512: 5cdea80033e9966122dda3959382d1f81a88b6c6f5fc62f78d72778e1e1afeaa4cbf5d1ea744a39fdbf2427119f50faca364ed1ef355805f9a3dc9367a0b01cc
ssdeep: 6144:BzA1mzGq9h0452wk8nVXR839zKp/MnfY7UURAQXEz66EEjsxZOp:GzOS4vk8VGM/MngeCg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C94412A4E912BA9FF77F92B6D27D11026D0A2ECE5C07CC5728D806C57885C688378DDB
sha3_384: e3fbe18230f9d3ef6b93669f4fa958161bdefdd79b3e3fe5bb3f16d32ec5036cf878345683790a38c0e175c0105670dd
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-27 11:44:38


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: efsfesfesfeseffses.exe
LegalCopyright:  
OriginalFilename: efsfesfesfeseffses.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

IL:Trojan.MSILZilla.5677 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanIL:Trojan.MSILZilla.5677
FireEyeGeneric.mg.e3b6af0e25547b4e
McAfeeArtemis!E3B6AF0E2554
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderIL:Trojan.MSILZilla.5677
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/GenKryptik.CSSU
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL:kTbAR3aZrTEXwfueh3yhsg)
EmsisoftIL:Trojan.MSILZilla.5677 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataIL:Trojan.MSILZilla.5677
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.C3465910
ALYacIL:Trojan.MSILZilla.5677
MAXmalware (ai score=82)
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/GdSda.A
IkarusTrojan.Shelma
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/GenKryptik.CSSU!tr
BitDefenderThetaGen:NN.ZemsilF.34182.rm0@am63V1i
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.e25547
AvastWin32:MalwareX-gen [Trj]

How to remove IL:Trojan.MSILZilla.5677?

IL:Trojan.MSILZilla.5677 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment