Malware

MSIL/Injector.CNW removal tips

Malware Removal

The MSIL/Injector.CNW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Injector.CNW virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Remcos malware family
  • Creates known Remcos directories and/or files
  • Creates known Remcos mutexes
  • Creates known Remcos registry keys

How to determine MSIL/Injector.CNW?



File Info:

name: C575F6436CE8DE09227C.mlw
path: /opt/CAPEv2/storage/binaries/94487d86624c0f3f788f6d53ebbb7af8fdb169efb8648895bc482103603d41cf
crc32: 4ABA8FB8
md5: c575f6436ce8de09227c6c32115607f1
sha1: 22a47313ca701c9ab0b65e705cc507214ec2c337
sha256: 94487d86624c0f3f788f6d53ebbb7af8fdb169efb8648895bc482103603d41cf
sha512: 024e86fd9b37a14b7e8bd1a868e0b192785d5ae7b91360f10f028bbffff9b0c63e641d830f6def3e485f7d6c6ecd8c9a3e64c6a7765900ef6ba9ecee7e24e9c7
ssdeep: 6144:FRYvEo7pDhnwr2xtVArgeLCon77MeVsVu:zong2TCgKRdSu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T136448E1776988B01DB583975C0EB643813E5EADB2B33F38D2F0D629D1D91362AD81B8D
sha3_384: c6a0b9198e5b418ba92fe20eb4998cedaa71dd5ba1c78c39e894dc92c961e5c73106a5a2d80da0bd7bc550b42bc893f2
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-12-05 17:35:54


Version Info:

Translation: 0x0000 0x04b0
Comments: はък骨骨аҘへтьҞъдḔ亊улрЦϚへこгḔふめώ亊Цへ
CompanyName: ふへҍЌへкϟҞаえめ与аодяώえг争ФЊҍふЏふḔЊẦも
FileDescription: ωЊқかひрҍоめ争こめаϚьЉえ与Ḕ亊めいбώ予ЉへこӨϐ
FileVersion: 5.6.7.8
InternalName: Server.exe
LegalCopyright: Copyright ©  ωЊқかひрҍоめ争こめаϚьЉえ与Ḕ亊めいбώ予ЉへこӨϐ  2014 
LegalTrademarks: 
OriginalFilename: Server.exe
ProductName: кШаҍふьḔほ頂あрФоотϐ事えまうөえいふはひϟҼь
ProductVersion: 5.6.7.8
Assembly Version: 1.2.3.4

MSIL/Injector.CNW also known as:

CynetMalicious (score: 99)
FireEyeGeneric.mg.c575f6436ce8de09
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00493e2c1 )
K7GWTrojan ( 00493e2c1 )
Cybereasonmalicious.36ce8d
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of MSIL/Injector.CNW
APEXMalicious
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderGen:Variant.MSILPerseus.1044
MicroWorld-eScanGen:Variant.MSILPerseus.1044
AvastMSIL:GenMalicious-L [Trj]
Ad-AwareGen:Variant.MSILPerseus.1044
EmsisoftGen:Variant.MSILPerseus.1044 (B)
F-SecureTrojan.TR/Dropper.Gen
VIPREGen:Variant.MSILPerseus.1044
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.MSILPerseus.1044
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.522E
ArcabitTrojan.MSILPerseus.D414
MicrosoftTrojan:MSIL/Bladabindi
GoogleDetected
AhnLab-V3Trojan/Win32.RL_Generic.C4252702
ALYacGen:Variant.MSILPerseus.1044
MAXmalware (ai score=88)
YandexTrojan.Agent!jq6pjOpnMGk
IkarusTrojan.MSIL.Injector
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZemsilF.34646.qq2@aSpC5Mm
AVGMSIL:GenMalicious-L [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (D)

How to remove MSIL/Injector.CNW?

MSIL/Injector.CNW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment