Malware

About “MSIL/Disabler.DR” infection

Malware Removal

The MSIL/Disabler.DR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Disabler.DR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine MSIL/Disabler.DR?



File Info:

name: 882497B5AFFF34EEB790.mlw
path: /opt/CAPEv2/storage/binaries/e7bfc45e6a86b96acdfb3fd8fa03aa4aef88dc69a2c657a038c410cad91fbcf6
crc32: BCA52910
md5: 882497b5afff34eeb790995e38ff98e0
sha1: 13049d072d489476f4e4ed94d04b6231599fceeb
sha256: e7bfc45e6a86b96acdfb3fd8fa03aa4aef88dc69a2c657a038c410cad91fbcf6
sha512: cb3a05dc2d4d58757525e5c739d9dff07d2c58db2417afafba53881d3f9286bff332eed3f3e92a8d331c0405431afd9f283824f9d0179049bad3260b4d8774f0
ssdeep: 12288:ZMrvy90Fd6VgXYuO6UFzpOX3LfoLDA39p/Bfx1YrbFi:CyAgVDuHUF0sA9bYrbE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17AE4120BEAF84031E9B407B009F707C71A3A7E616B798717275FAD482873664627237B
sha3_384: cc3f5ccc395bac483ae0348a59754e70fdce6ea925a269a0f42c43b301817ab8fe5b7ac67338ba8211d9a57bb4e3198a
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

MSIL/Disabler.DR also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.65331035
FireEyeGeneric.mg.882497b5afff34ee
CAT-QuickHealTrojan.MSIL
ALYacTrojan.GenericKD.65331035
MalwarebytesGeneric.Trojan.Injector.DDS
VIPRETrojan.GenericKD.65331035
K7AntiVirusTrojan ( 005690671 )
K7GWTrojan ( 005690671 )
CrowdStrikewin/malicious_confidence_70% (W)
BaiduMulti.Threats.InArchive
CyrenW32/KillAV.KMEF-6536
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Disabler.DR
APEXMalicious
CynetMalicious (score: 99)
KasperskyUDS:Trojan.Win32.Zenpak.gen
NANO-AntivirusTrojan.Win32.Disabler.junsud
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Ransom.Win32.Stop.gen
DrWebTrojan.Siggen19.32857
TrendMicroTROJ_GEN.R002C0PBK23
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
Trapminemalicious.moderate.ml.score
SentinelOneStatic AI – Malicious SFX
AviraTR/Disabler.ocayi
Antiy-AVLTrojan/Script.Phonzy
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Trojan.MSIL.Agent.gen
GDataGeneric.Trojan.PSEB.WGPCII
McAfeePWS-FDON!7E93BACBBC33
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PBK23
RisingTrojan.Generic@AI.100 (RDML:/JyM+Os/vQ5p43W5ypEfjw)
YandexTrojan.Disabler!G6z7qDxyklM
IkarusTrojan.Win32.Crypt
FortinetPossibleThreat
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.5afff3

How to remove MSIL/Disabler.DR?

MSIL/Disabler.DR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment