Malware

MSIL/Filecoder.AMP malicious file

Malware Removal

The MSIL/Filecoder.AMP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MSIL/Filecoder.AMP virus can do?

  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Network activity detected but not expressed in API logs

How to determine MSIL/Filecoder.AMP?


File Info:

crc32: 85DB548A
md5: 3c27641fe6e18bc41ce1ac54a4d4346d
name: 3C27641FE6E18BC41CE1AC54A4D4346D.mlw
sha1: bff985e3e6b1d17e7ab6a0cf3bae9d6248961140
sha256: bf5097f174568b9ecf4c2a49dd7e83881df4c3e43633fe653457471f384a9d99
sha512: c469a5cbbf8b5a7cca0f2b277dd45e5e4377ce322d6b61282f5a36cefd9dd0eb075f6cbd91b63d4e750093f596d1b5af2d16593e03bdcb1ca5b7b4b000594cf6
ssdeep: 12288:0haHwrmtC5Rbq47bIX4ZqtEvLN38SazC3H8H:0RrcSI4YXKqtEZdH8H
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: Copyright Microsoft Corporation. All rights reserved.
InternalName: msedge_exe
CompanyShortName: Microsoft
FileVersion: 89.0.774.68
CompanyName: Microsoft Corporation
ProductShortName: Microsoft Edge
ProductName: Microsoft Edge
LastChange: 539ddb33b714f303e253891a6c693bf2798d0daa
ProductVersion: 89.0.774.68
FileDescription: Microsoft Edge
OriginalFilename: msedge.exe
Official Build: 1
Translation: 0x0409 0x04b0

MSIL/Filecoder.AMP also known as:

Elasticmalicious (high confidence)
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (D)
Cybereasonmalicious.3e6b1d
ESET-NOD32a variant of MSIL/Filecoder.AMP
APEXMalicious
CynetMalicious (score: 100)
SophosML/PE-A
BitDefenderThetaGen:NN.ZemsilF.34294.Gm0@aKPdncei
FireEyeGeneric.mg.3c27641fe6e18bc4
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.gyvbj
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
IkarusWorm.MSIL.Agent
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/Filecoder.AMP?

MSIL/Filecoder.AMP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment