Malware

MSIL/Injector.KFA (file analysis)

Malware Removal

The MSIL/Injector.KFA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Injector.KFA virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine MSIL/Injector.KFA?



File Info:

name: 61321EDB1A28E7CBC129.mlw
path: /opt/CAPEv2/storage/binaries/9622f1ca93a94092d7822175ebcc0b1ee1b1acce8df66e02cdf89068e73118df
crc32: E4A8FE1C
md5: 61321edb1a28e7cbc12957fcaae388c8
sha1: 94121769fb5c09e8c83351e698dab6910a20eabc
sha256: 9622f1ca93a94092d7822175ebcc0b1ee1b1acce8df66e02cdf89068e73118df
sha512: 2d47dbede21fd6515168dc11a9c5b80a08b4946201f6b4425a62ef3716d91d0fdf012ce65847a847edf731016733a89829f95d3aba4668580af244f668f9c60c
ssdeep: 24576:YkQhhhTAm9tHUSiEqSvXw4EB2RwI7kujyWt0mImtqZS2DWd06YyqCZezSESsD2fr:HQ9TH/dxoMLTqnCtPo2smHzL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172656D969C3ED8EAA46F4D27041E3FACB02BB0205C0167ED80D9295B6F39B771907D5E
sha3_384: 4d0d265ef3ae81ebf48b06d467b4ea20abc2a1c812b792febcbb46b965ddb979fe0198575a634ff4354c703a66f2d212
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-17 13:16:26


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: ratencode.exe
LegalCopyright:  
OriginalFilename: ratencode.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Injector.KFA also known as:

BkavW32.AIDetectNet.01
CynetMalicious (score: 100)
FireEyeGeneric.mg.61321edb1a28e7cb
CylanceUnsafe
SangforSuspicious.Win32.Save.a
Cybereasonmalicious.9fb5c0
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.KFA
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
RisingTrojan.Generic/MSIL@AI.94 (RDM.MSIL:LyX7x6Du5V7hnMNXfLpYog)
McAfee-GW-EditionBehavesLike.Win32.Backdoor.th
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.MSIL.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
Acronissuspicious
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.QSJ!tr
BitDefenderThetaGen:NN.ZemsilF.34786.Dn0@aKedkYc
CrowdStrikewin/malicious_confidence_100% (D)

How to remove MSIL/Injector.KFA?

MSIL/Injector.KFA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment