Trojan

IL:Trojan.MSILZilla.6271 removal guide

Malware Removal

The IL:Trojan.MSILZilla.6271 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IL:Trojan.MSILZilla.6271 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet
  • Sniffs keystrokes
  • Attempts to modify desktop wallpaper
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine IL:Trojan.MSILZilla.6271?



File Info:

name: 0BC4F2495A0349A441BE.mlw
path: /opt/CAPEv2/storage/binaries/9930121e45391a3c531b44fe186ee60a7f7b2371a59291758e95db6ad964569f
crc32: 9A5EDE93
md5: 0bc4f2495a0349a441beaf9abd158c9c
sha1: 81d3d02dad318307d3ddea51f2bd756be5af7aa7
sha256: 9930121e45391a3c531b44fe186ee60a7f7b2371a59291758e95db6ad964569f
sha512: e1d0a326e566477b272c2e55576e516ff9447c70530babe8564bbd91f33187c5063b668f45e97217894e88f3cd49e3c7725c78a89ba5d983ec537d7ce9c16e78
ssdeep: 98304:fZb0VLCix0NrBpTVH/7JOlVAAc7g9AxHVbkm0:fh0VmDBBbqVAASVbt0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E046E0C42302E76BD3F2A0FB246656F433114BCEE549B555D21CE74018AA32E1AEFED6
sha3_384: 2298be8f76bab410b84486ed6f31e01d855f83ff18687c922ea5b1a3b8f7d9ee44c7fad837fe9fb0ed2aafd2e790344c
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-01-17 18:24:41


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 44.0.3.1
InternalName: AVSDocumentConvert.exe
LegalCopyright: 44.0.3.1
OriginalFilename: AVSDocumentConvert.exe
ProductVersion: 44.0.3.1
Assembly Version: 44.0.3.1

IL:Trojan.MSILZilla.6271 also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanIL:Trojan.MSILZilla.6271
ALYacIL:Trojan.MSILZilla.6271
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:MSIL/Injector.07237aa1
K7GWTrojan ( 700000121 )
Cybereasonmalicious.95a034
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.HGP
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Agent.adhlk
BitDefenderIL:Trojan.MSILZilla.6271
NANO-AntivirusTrojan.Win32.NanoBot.ecylkl
AvastMSIL:GenMalicious-COE [Trj]
TencentMsil.Trojan.Agent.Isq
Ad-AwareIL:Trojan.MSILZilla.6271
SophosMal/Generic-S
ComodoMalware@#2mlkhvxyx7509
F-SecureHeuristic.HEUR/AGEN.1234976
DrWebTrojan.Bladabindi.27
ZillyaBackdoor.Generic.Win32.28460
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.0bc4f2495a0349a4
EmsisoftIL:Trojan.MSILZilla.6271 (B)
IkarusTrojan.MSIL.Agent
GDataIL:Trojan.MSILZilla.6271
JiangminTrojan.MSIL.gyoy
AviraHEUR/AGEN.1234976
Antiy-AVLTrojan/Generic.ASMalwS.21C7CC0
ArcabitIL:Trojan.MSILZilla.D187F
MicrosoftTrojan:MSIL/Injector.RB!MSR
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.C3513120
Acronissuspicious
McAfeeArtemis!0BC4F2495A03
MAXmalware (ai score=99)
VBA32Trojan.MSIL.Agent
YandexTrojan.Agent!Cp3wjs/0AcU
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Injector.HZJ!tr
BitDefenderThetaGen:NN.ZemsilF.34606.@p0@aKIK3rp
AVGMSIL:GenMalicious-COE [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove IL:Trojan.MSILZilla.6271?

IL:Trojan.MSILZilla.6271 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment