About “Mal/MSIL-PU” infection

The Mal/MSIL-PU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/MSIL-PU virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Mal/MSIL-PU?


File Info:
name: 55B8B77A7929FA4ECA60.mlw
path: /opt/CAPEv2/storage/binaries/88747ddd6a2decb8afe04fbd4b5bfabf7c51a770ea76a297dc4def394f3e6398
crc32: 36687E91
md5: 55b8b77a7929fa4eca604f973e25a3cd
sha1: 040d0ce13f12c0d21b6504547f507046711bc2b8
sha256: 88747ddd6a2decb8afe04fbd4b5bfabf7c51a770ea76a297dc4def394f3e6398
sha512: 455af36a0b9b74f2ee24c28d31b8ca80de20aa24b63c49feaf060b5086f676df8a5c48ac95b716da286724056cff54a73caa89d7849c340dbfb88d677b8a805f
ssdeep: 768:KeC/T2woH6b9K2EQo/uSdtDA2SSys5Dfz:Sto8K5vW2NGIDfz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5F2AF0FBB96C445CF1903B7D9B7A3048955CE846569E37F29883F662D3214DC2CBEA4
sha3_384: 47c291088f56138f09321c49c36b5ea5b240581a2ecf8b174d6d880cc3833a028b645eba62842c7fbeb8473df54af857
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-06-07 18:28:58

Version Info:
Translation: 0x0000 0x04b0
Comments: RPX 1.3.4400.61
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Server.exe
LegalCopyright:  
OriginalFilename: Server.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Mal/MSIL-PU also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Heur.Mint.Packer.8
McAfee	BackDoor-FAXR!55B8B77A7929
Malwarebytes	Trojan.Agent.RP
VIPRE	Gen:Heur.Mint.Packer.8
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
Cybereason	malicious.a7929f
Cyren	W32/MSIL_Troj.FT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.IW
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Heur.Mint.Packer.8
SUPERAntiSpyware	Ransom.Agent/Variant
Avast	MSIL:Bladabindi-AJ [Trj]
Emsisoft	Gen:Heur.Mint.Packer.8 (B)
F-Secure	Heuristic.HEUR/AGEN.1309691
McAfee-GW-Edition	BackDoor-FAXR!55B8B77A7929
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.55b8b77a7929fa4e
Sophos	Mal/MSIL-PU
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.Mint.Packer.8
Google	Detected
Avira	HEUR/AGEN.1309691
MAX	malware (ai score=85)
Xcitium	TrojWare.MSIL.Zapchast.IW@7k7mpi
Arcabit	Trojan.Mint.Packer.8
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Generic.R127372
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.36250.cm0@a09RKPp
ALYac	Gen:Heur.Mint.Packer.8
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:nsT4fl2DcNsXFZLJj9Zz6g)
Ikarus	Win32.Outbreak
Fortinet	MSIL/Kryptik.B033!tr
AVG	MSIL:Bladabindi-AJ [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Mal/MSIL-PU?

Mal/MSIL-PU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X