Malware

ML/PE-A + MSIL/Grenam-A malicious file

Malware Removal

The ML/PE-A + MSIL/Grenam-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What ML/PE-A + MSIL/Grenam-A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine ML/PE-A + MSIL/Grenam-A?


File Info:

name: 9FCF99C7E4503DF52729.mlw
path: /opt/CAPEv2/storage/binaries/665c12d1348880f97ca899a911a376054f30c65c9a486a28ad47d1ab5a42bc63
crc32: 3A5E1588
md5: 9fcf99c7e4503df52729205996e82844
sha1: 418b6948d342dad9a4c4c55da1bd4122979ce3c1
sha256: 665c12d1348880f97ca899a911a376054f30c65c9a486a28ad47d1ab5a42bc63
sha512: fc42f3be0b52b8a7a4d22af73c864f146163bb9f6c9f1edeb7a9e5f1bd4cd2576272113ac175b674106f09ac8c3aadeb5b6321bfd12ce21ee4348b94fc5f0a08
ssdeep: 3072:WQc01zAf6QGkBIO20ZMvxk9Hc3/nl6LAHkzI1UEgEA6II1G:WQcygYkBIOFixk96dA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13054E4167B848536D5AD0E785662A69D1370B829D4038F8B39D43EDEFFF2BC04E4127A
sha3_384: f8d71e63ae36ea1371a71a093b0e2fdb5c99f28de797d297b37e9ad24f6fa57b3522e3d87dfea427bb747de64cc8d21f
ep_bytes: ff250020400000000000000000000000
timestamp: 2012-06-02 12:12:48

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Security Client Policy Configuration Tool
FileVersion: 4.18.18362.1 (WinBuild.160101.0800)
InternalName: ConfigSecurityPolicy.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ConfigSecurityPolicy.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 4.18.18362.1
Translation: 0x0409 0x04b0

ML/PE-A + MSIL/Grenam-A also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop20.13470
MicroWorld-eScanTrojan.GenericKDZ.89286
FireEyeGeneric.mg.9fcf99c7e4503df5
McAfeeGenericRXTG-FA!9FCF99C7E450
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_70% (D)
ArcabitIL:Trojan.MSILMamut.D112D
BitDefenderThetaGen:NN.ZemsilF.34742.rm0@aesk7Pei
CyrenW32/MSIL_Agent.DJX.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Agent.EF
ClamAVWin.Virus.Renamer-9953540-0
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderTrojan.GenericKDZ.89286
AvastWin32:MalwareX-gen [Trj]
Ad-AwareTrojan.GenericKDZ.89286
EmsisoftTrojan.GenericKDZ.89286 (B)
McAfee-GW-EditionGenericRXTG-FA!9FCF99C7E450
Trapminesuspicious.low.ml.score
SophosML/PE-A + MSIL/Grenam-A
IkarusWorm.MSIL.Bladabindi
JiangminTrojan.Generic.hizqg
AviraHEUR/AGEN.1235262
MAXmalware (ai score=88)
MicrosoftVirus:MSIL/Grenam.gen!A
GDataTrojan.GenericKDZ.89286
CynetMalicious (score: 99)
VBA32TScope.Trojan.MSIL
ALYacIL:Trojan.MSILMamut.4397
MalwarebytesMalware.AI.1691162887
APEXMalicious
RisingVirus.Grenam!1.A2DD (CLASSIC)
SentinelOneStatic AI – Suspicious PE
FortinetMSIL/Agent.EF!worm
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.7e4503

How to remove ML/PE-A + MSIL/Grenam-A?

ML/PE-A + MSIL/Grenam-A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment