Malware

Marsilia.10425 (file analysis)

Malware Removal

The Marsilia.10425 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Marsilia.10425 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the CyberGate malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Touches a file containing cookies, possibly for information gathering
  • Creates known SpyNet mutexes and/or registry changes.
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Marsilia.10425?



File Info:

name: 5CB925AA264A63C70585.mlw
path: /opt/CAPEv2/storage/binaries/81f6733c3616aa1b4d2d09ae42fc8b31807302705987b47f92090702a737ab9d
crc32: 73F16A58
md5: 5cb925aa264a63c70585ab92de8e692c
sha1: 4ab8d47f3d99f05c65ac2fb5c73b8c7a3b60686b
sha256: 81f6733c3616aa1b4d2d09ae42fc8b31807302705987b47f92090702a737ab9d
sha512: 7b2a37318d76f3769335c252d986b6634461ebaa1410cafdee792e67a8a418e9df4ac6331e368ad7f7a23255e54929a2ffd28c2bcc4bd97d48d0609d01447e3d
ssdeep: 49152:RHGKRZ5zHXPGJY2WMehvPgpf62xpUFV3Q:Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4B50239C217BD1DCAAC28B444183DC51EB42DD7C274A759ED8CB5B272CE621EE6C4B8
sha3_384: 00889c62532812f56ca486bac35bdff8b7de7017b54078c9e88886979e52c871444caa66897dee887c6ac5e68c62347d
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-10-28 12:20:31


Version Info:

Translation: 0x0000 0x04b0
FileDescription: WindowsApplication3
FileVersion: 1.0.0.0
InternalName: WindowsApplication3.exe
LegalCopyright: Copyright ©  2014
OriginalFilename: WindowsApplication3.exe
ProductName: WindowsApplication3
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Marsilia.10425 also known as:

LionicTrojan.Win32.Llac.4!c
tehtrisGeneric.Malware
DrWebBackDoor.Tordev.9
MicroWorld-eScanGen:Variant.Marsilia.10425
FireEyeGeneric.mg.5cb925aa264a63c7
ALYacGen:Variant.Marsilia.10425
Cylanceunsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Generic.7b0730ea
K7GWTrojan ( 004e9e701 )
K7AntiVirusTrojan ( 004e9e701 )
BitDefenderThetaGen:NN.ZemsilF.36318.xo3@aaC6Sbo
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32MSIL/TrojanDropper.Agent.BFK
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Llac.lcep
BitDefenderGen:Variant.Marsilia.10425
NANO-AntivirusTrojan.Win32.Tordev.dztmrc
AvastWin32:Malware-gen
TencentWin32.Trojan.Llac.Fajl
EmsisoftGen:Variant.Marsilia.10425 (B)
F-SecureTrojan.TR/Dropper.Gen
VIPREGen:Variant.Marsilia.10425
TrendMicroTROJ_GEN.R011C0WGT23
McAfee-GW-EditionBehavesLike.Win32.Generic.vm
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Marsilia.10425
JiangminTrojanDropper.FrauDrop.tfh
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.Marsilia.D28B9
ViRobotTrojan.Win.Z.Marsilia.2476173
ZoneAlarmTrojan.Win32.Llac.lcep
MicrosoftWorm:Win32/Rebhip
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5461566
Acronissuspicious
McAfeeArtemis!5CB925AA264A
MAXmalware (ai score=82)
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R011C0WGT23
RisingMalware.Obfus/MSIL@AI.98 (RDM.MSIL2:5VUcNwpG10/i1dTtUg2wdQ)
IkarusTrojan-Dropper.SuspectCRC
FortinetW32/Llac.JNRT!tr
AVGWin32:Malware-gen
Cybereasonmalicious.a264a6
DeepInstinctMALICIOUS

How to remove Marsilia.10425?

Marsilia.10425 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment