Categories: Malware

MSIL/Filecoder.AMP malicious file

The MSIL/Filecoder.AMP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Filecoder.AMP virus can do?

  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Network activity detected but not expressed in API logs

How to determine MSIL/Filecoder.AMP?



File Info:

crc32: 85DB548Amd5: 3c27641fe6e18bc41ce1ac54a4d4346dname: 3C27641FE6E18BC41CE1AC54A4D4346D.mlwsha1: bff985e3e6b1d17e7ab6a0cf3bae9d6248961140sha256: bf5097f174568b9ecf4c2a49dd7e83881df4c3e43633fe653457471f384a9d99sha512: c469a5cbbf8b5a7cca0f2b277dd45e5e4377ce322d6b61282f5a36cefd9dd0eb075f6cbd91b63d4e750093f596d1b5af2d16593e03bdcb1ca5b7b4b000594cf6ssdeep: 12288:0haHwrmtC5Rbq47bIX4ZqtEvLN38SazC3H8H:0RrcSI4YXKqtEZdH8Htype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: Copyright Microsoft Corporation. All rights reserved.InternalName: msedge_exeCompanyShortName: MicrosoftFileVersion: 89.0.774.68CompanyName: Microsoft CorporationProductShortName: Microsoft EdgeProductName: Microsoft EdgeLastChange: 539ddb33b714f303e253891a6c693bf2798d0daaProductVersion: 89.0.774.68FileDescription: Microsoft EdgeOriginalFilename: msedge.exeOfficial Build: 1Translation: 0x0409 0x04b0

MSIL/Filecoder.AMP also known as:

Elastic malicious (high confidence)
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
Cylance Unsafe
CrowdStrike win/malicious_confidence_90% (D)
Cybereason malicious.3e6b1d
ESET-NOD32 a variant of MSIL/Filecoder.AMP
APEX Malicious
Cynet Malicious (score: 100)
Sophos ML/PE-A
BitDefenderTheta Gen:NN.ZemsilF.34294.Gm0@aKPdncei
FireEye Generic.mg.3c27641fe6e18bc4
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Generic.gyvbj
Avira TR/Dropper.Gen
eGambit Unsafe.AI_Score_99%
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Ikarus Worm.MSIL.Agent
MaxSecure Trojan.Malware.300983.susgen

How to remove MSIL/Filecoder.AMP?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: msedge_exeMSIL/Filecoder.AMP
2 years ago

Recent Posts

Barys.456554 information

The Barys.456554 is considered dangerous by lots of security experts. When this infection is active,…

10 mins ago

Midie.66060 (file analysis)

The Midie.66060 is considered dangerous by lots of security experts. When this infection is active,…

21 mins ago

Should I remove “Symmi.6017 (B)”?

The Symmi.6017 (B) is considered dangerous by lots of security experts. When this infection is…

36 mins ago

Zusy.540971 removal tips

The Zusy.540971 is considered dangerous by lots of security experts. When this infection is active,…

37 mins ago

Should I remove “Win32:VB-VBS [Wrm]”?

The Win32:VB-VBS [Wrm] is considered dangerous by lots of security experts. When this infection is…

41 mins ago

AdClicker.Trojan.Clicker.DDS malicious file

The AdClicker.Trojan.Clicker.DDS is considered dangerous by lots of security experts. When this infection is active,…

41 mins ago