Trojan

IL:Trojan.MSILZilla.5902 removal

Malware Removal

The IL:Trojan.MSILZilla.5902 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What IL:Trojan.MSILZilla.5902 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the BlackNET malware family
  • BlackNET RAT mutex detected

How to determine IL:Trojan.MSILZilla.5902?


File Info:

name: 7D93791C21CC42F048A7.mlw
path: /opt/CAPEv2/storage/binaries/c739306cd5b53767ccc1560ca05d3c75d234e38f76b7be816e6b25cd08acdfd9
crc32: A116D63A
md5: 7d93791c21cc42f048a711b1da742e37
sha1: 19ba921f6d76e1b0206d91999ea819826e0ad496
sha256: c739306cd5b53767ccc1560ca05d3c75d234e38f76b7be816e6b25cd08acdfd9
sha512: 9cf7a943e803dcf28b6e0b2876e231f7d76943a6bf3da6135c3da956f42a4cfb872c5ba4ac2f2e1303bab672c252011cc8cd88833c77063cc74fc57dcdf4d986
ssdeep: 3072:rFKDWXMr7cnbvCFAn1jN3v8O4WpkqUrdE5/f38:WWXMr4nbKCpSgX3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19234700172BC879BD1AA5BB49D63A2542F71AF2A78D0D64DB9F4234D33F17488508EE3
sha3_384: 73e646a6d7a5931abb53ef423c3bb05e3a7000a38846813c9c156deff2627fd9edd4f811a323189fb075f7528b2ea6d5
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-06 16:14:08

Version Info:

Translation: 0x0000 0x04b0
Comments: Host Process for Windows Services
CompanyName: Microsoft Corporation
FileDescription: Windows Update Assistant
FileVersion: 10.0.18362.1
InternalName: svchost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
LegalTrademarks:
OriginalFilename: svchost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.18362.1
Assembly Version: 10.0.18362.1

IL:Trojan.MSILZilla.5902 also known as:

Elasticmalicious (high confidence)
DrWebBackDoor.DarkCrystalNET.7
MicroWorld-eScanIL:Trojan.MSILZilla.5902
FireEyeGeneric.mg.7d93791c21cc42f0
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
McAfeeBackDoor-FEBU!7D93791C21CC
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0056a86a1 )
AlibabaBackdoor:MSIL/Blacknet.842d6181
K7GWTrojan ( 0056a86a1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34084.pm0@a8v8g@m
CyrenW32/MSIL_Bladabindi.FN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.VC
TrendMicro-HouseCallBackdoor.MSIL.BLACKNET.SMDA
Paloaltogeneric.ml
ClamAVWin.Trojan.Razy-9778111-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderIL:Trojan.MSILZilla.5902
AvastWin32:BotX-gen [Trj]
TencentWin32.Trojan.Generic.Akzb
Ad-AwareIL:Trojan.MSILZilla.5902
EmsisoftIL:Trojan.MSILZilla.5902 (B)
TrendMicroBackdoor.MSIL.BLACKNET.SMDA
McAfee-GW-EditionBackDoor-FEBU!7D93791C21CC
SophosML/PE-A + ATK/Blacknet-A
IkarusWorm.MSIL.Agent
eGambitUnsafe.AI_Score_99%
AviraTR/Dropper.Gen
MAXmalware (ai score=80)
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftBackdoor:MSIL/Blacknet.GG!MTB
GDataIL:Trojan.MSILZilla.5902
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4736537
VBA32CIL.StupidStealth.Heur
ALYacIL:Trojan.MSILZilla.5902
MalwarebytesSpyware.BitCoinStealer.MSIL
APEXMalicious
RisingTrojan.AntiVM!1.CF63 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.VC!tr
AVGWin32:BotX-gen [Trj]
Cybereasonmalicious.c21cc4
PandaTrj/GdSda.A

How to remove IL:Trojan.MSILZilla.5902?

IL:Trojan.MSILZilla.5902 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment