Malware

Should I remove “MSIL/Injector.BXV”?

Malware Removal

The MSIL/Injector.BXV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Injector.BXV virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine MSIL/Injector.BXV?



File Info:

name: 573C9F7D8A7154FE3BDF.mlw
path: /opt/CAPEv2/storage/binaries/8f23302d7bb5c1834d71e3c2ba0be1514f47eb3073cc3e1078f288660425ea4e
crc32: 1F648C32
md5: 573c9f7d8a7154fe3bdfed5475e4c460
sha1: 096e1d07f8007145eae0f2673bc0a4f4aeb2337a
sha256: 8f23302d7bb5c1834d71e3c2ba0be1514f47eb3073cc3e1078f288660425ea4e
sha512: 42992258a8c07b1c2c88f1ce2a5b3fe2626d0caf21a6ffb5d294573fd07c7a4e4e3e478dbde4731605b2e67861a810672d228608c4603f64d83772118a42bbd9
ssdeep: 12288:v6+1Ts75OoFlfMNcrk5Oe5OB//YwTDY6W8CkY+/KhwHl+fVXGMiH:jT+tfOY//13Yf8RZyhKl+fVXGMiH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5E46112A5482A66CC9D9C73CA4E6DFC41E085DF1F2AD647A9D023E85798FECF2150CB
sha3_384: 5000f1fb46ca4b8d5752dedc64806dbec3ea630b259dc14a8f7f54c1338529bbe311a7ed5d5213f83969b3dbd5bb056a
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-01-11 20:16:54


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: 444.exe
LegalCopyright:  
OriginalFilename: 444.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Injector.BXV also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Bladabindi.1
FireEyeGeneric.mg.573c9f7d8a7154fe
McAfeeArtemis!573C9F7D8A71
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Heur.MSIL.Bladabindi.1
K7GWTrojan ( 0055e39a1 )
K7AntiVirusTrojan ( 0055e39a1 )
ArcabitTrojan.MSIL.Bladabindi.1
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Injector.BXV
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.Generic
NANO-AntivirusTrojan.Win32.Agent.ctozqc
Ad-AwareGen:Heur.MSIL.Bladabindi.1
EmsisoftGen:Heur.MSIL.Bladabindi.1 (B)
ComodoMalware@#1598venhyjvzn
DrWebTrojan.DownLoader10.19958
VIPREGen:Heur.MSIL.Bladabindi.1
McAfee-GW-EditionBehavesLike.Win32.Generic.jm
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=80)
KingsoftWin32.Troj.Agent.(kcloud)
MicrosoftTrojan:Win32/Dynamer!ac
ZoneAlarmHEUR:Backdoor.MSIL.Generic
GDataGen:Heur.MSIL.Bladabindi.1
CynetMalicious (score: 100)
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.34582.Om0@aK7uOhe
VBA32Trojan.Agent
MalwarebytesBackdoor.Agent.PGen
PandaGeneric Malware
RisingTrojan.Generic!8.C3 (CLOUD)
YandexTrojan.Zusy!jXbo1Dc4Rhs
IkarusTrojan.SuspectCRC
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.CJJ!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.d8a715
AvastWin32:RATX-gen [Trj]

How to remove MSIL/Injector.BXV?

MSIL/Injector.BXV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment