Trojan

IL:Trojan.MSILZilla.7456 removal tips

Malware Removal

The IL:Trojan.MSILZilla.7456 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IL:Trojan.MSILZilla.7456 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Accessed credential storage registry keys
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system

How to determine IL:Trojan.MSILZilla.7456?



File Info:

name: 16D9B1E3F35DAF5344F6.mlw
path: /opt/CAPEv2/storage/binaries/96f9335f96c8f5c1828b8a2b24cf998e1826f7419f7b58ccd56c6e0eec846e69
crc32: DEEA0729
md5: 16d9b1e3f35daf5344f63b1ad9d4d8fd
sha1: d3a2b135bc6c30ded133e236d320b0cb28349ff7
sha256: 96f9335f96c8f5c1828b8a2b24cf998e1826f7419f7b58ccd56c6e0eec846e69
sha512: dd07102d616db25b0e45be47e1ba283b780a51b18839f33b8bb4db9e92e54cfcfed0908014937312a0864958ae612b2df460d2a1203c0e69fa79bbb4a7d3c245
ssdeep: 24576:DuEney0lGgXrDD5lekBpB1rBSSlcqokNBY3oxXJNG:D+lGgXrDD5lekBpnNlc8fY3+XJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A9753A2273558704C83A07F01876D2C053766EABBB68C61D384E329D9DF27979B12BE7
sha3_384: 9b39a10019bd544319a54489e551ff1011c9872cf024ad0bad3aadfd19b25fd3e037c6ac312a56691d5e08337a958474
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-09-12 13:47:03


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Envitech LTD.
FileDescription: Communication Center
FileVersion: 1.8.1.293
InternalName: ComserveHost.exe
LegalCopyright: Copyright © Envitech LTD 
LegalTrademarks: 
OriginalFilename: ComserveHost.exe
ProductName: Communication Center
ProductVersion: 1.8.1.293
Assembly Version: 1.8.1.293

IL:Trojan.MSILZilla.7456 also known as:

MicroWorld-eScanIL:Trojan.MSILZilla.7456
McAfeeArtemis!16D9B1E3F35D
TrendMicro-HouseCallTROJ_GEN.R002H09KQ21
BitDefenderIL:Trojan.MSILZilla.7456
Ad-AwareIL:Trojan.MSILZilla.7456
McAfee-GW-EditionArtemis
FireEyeIL:Trojan.MSILZilla.7456
EmsisoftIL:Trojan.MSILZilla.7456 (B)
GDataIL:Trojan.MSILZilla.7456
ViRobotTrojan.Win32.Z.Dropper.1591296
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
ALYacIL:Trojan.MSILZilla.7456
MAXmalware (ai score=88)
APEXMalicious
MaxSecureTrojan.Malware.300983.susgen
FortinetPossibleThreat

How to remove IL:Trojan.MSILZilla.7456?

IL:Trojan.MSILZilla.7456 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment