Malware

About “MSIL/Injector.IXW” infection

Malware Removal

The MSIL/Injector.IXW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MSIL/Injector.IXW virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • CAPE detected the njRat malware family
  • Creates a copy of itself
  • Accessed credential storage registry keys
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine MSIL/Injector.IXW?


File Info:

name: 8EF03F61B4E417E7F478.mlw
path: /opt/CAPEv2/storage/binaries/7a75e29669ff8ed1bf1c17120355a1fcfd8f48d8f6185b4bc3ac71e4fcc08870
crc32: DFF322B1
md5: 8ef03f61b4e417e7f47852509a415737
sha1: 93ca97eee2296e3721120a1eb15e1f79850836af
sha256: 7a75e29669ff8ed1bf1c17120355a1fcfd8f48d8f6185b4bc3ac71e4fcc08870
sha512: bd5a5993b28f53fc392312b8516b1254538de1ffca62452ed51a7e99428bf03ece41fefa4aada150d7cb9709bd4b53101cd6394198f9d734d08271fcea7428c1
ssdeep: 6144:qEW2vxNsNM1U+89uwEzG3qRQ2kt6YKepdBGvS6YykH2H19G0:hv3EM6FvEkqRQ2k1KUd0vTW+/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13164CFC5EBBEBD8AC1AD117740B1568D1431CE01C120CD3736E67BBA0A732D75666E8B
sha3_384: a948a21da636b4af8088a81ccde7f34ca56ef3382d58299d81a6c83cb821dfaec8d869a8f822fff025ef45ba5df7973f
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-04-15 10:44:40

Version Info:

CompanyName: BitTorrent Inc.
FileDescription: µTorrent
FileVersion: 3.5.5.45628
InternalName: uTorrent.exe
OriginalFilename: uTorrent.exe
LegalCopyright: ©2020 BitTorrent, Inc. All Rights Reserved.
ProductName: µTorrent
ProductVersion: 3.5.5.45628
SpecialBuild: stable34 stable
Translation: 0x0409 0x04e4

MSIL/Injector.IXW also known as:

LionicTrojan.Win32.Generic.m!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.8ef03f61b4e417e7
McAfeeRDN/Generic BackDoor
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforPUP.Win32.Razy.478984
K7AntiVirusTrojan ( 004bc0aa1 )
AlibabaBackdoor:MSIL/Injector.a7257446
K7GWTrojan ( 004bc0aa1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34062.sm3@a8KAFvhi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.IXW
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Hpbladabi-6860330-0
KasperskyUDS:Backdoor.Win32.Generic
NANO-AntivirusTrojan.Win32.Razy.inovyd
AvastWin32:Trojan-gen
TencentWin32.Trojan.Falsesign.Egom
ComodoMalware@#8exqaj17klzn
DrWebTrojan.PackedNET.30
TrendMicroTROJ_GEN.R007C0PL421
McAfee-GW-EditionRDN/Generic BackDoor
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
AviraTR/Injector.fgriv
MicrosoftTrojan:Win32/Occamy.C7A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4800913
MalwarebytesBackdoor.Bladabindi
TrendMicro-HouseCallTROJ_GEN.R007C0PL421
YandexTrojan.Injector!xUEcuzgP5tk
IkarusTrojan.MSIL.Injector
eGambitUnsafe.AI_Score_99%
FortinetMSIL/IXW!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.1b4e41

How to remove MSIL/Injector.IXW?

MSIL/Injector.IXW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment