Categories: Malware

Should I remove “MSIL/Injector.NBJ”?

The MSIL/Injector.NBJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Injector.NBJ virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Presents an Authenticode digital signature
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
A process created a hidden window
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Steals private information from local Internet browsers
Exhibits behavior characteristic of Pony malware
Exhibits possible ransomware file modification behavior
Collects information about installed applications
Creates a hidden or system file
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients

Related domains:

ocsp.verisign.com

evcs-ocsp.ws.symantec.com

How to determine MSIL/Injector.NBJ?


File Info:
crc32: 223CEEF2md5: a1933d25e1591674f51e76917101f20aname: A1933D25E1591674F51E76917101F20A.mlwsha1: 234d37f3a9b8b4ece2bc00105d4dc72ba1ab4f2asha256: 52baad9dab220788130ca691baaed3a1f22cc68d913e217bc09f29c2ae822e81sha512: bd7ea453fa2b0197cbbeec5cd394e50e794284dfb0a73fc3369994491ba3ec15892d03295c349b622d680c199eb4651870f6ad85d7ac705cb6827488f2e527bdssdeep: 3072:aRKqejC7g8T4qWwgiBYT4h3dYZXFYfrxITD:aRKqX4fwby8h3KZXFYluDtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2014 by GammadyneFileVersion: 44.1CompanyName: GammadyneProductName: Gammadyne MailerProductVersion: 44.1FileDescription: Installer for Gammadyne MailerTranslation: 0x0409 0x04e4

MSIL/Injector.NBJ also known as:

K7AntiVirus	Trojan ( 0055e39a1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.1932
Cynet	Malicious (score: 99)
ALYac	Gen:Heur.MSIL.Abuja.2
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 0055e39a1 )
Cybereason	malicious.5e1591
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.NBJ
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Dropper.Genericrxer-9857196-0
Kaspersky	HEUR:Trojan-Dropper.Win32.Generic
BitDefender	Gen:Heur.MSIL.Abuja.2
NANO-Antivirus	Trojan.Win32.Stealer.dzwzri
MicroWorld-eScan	Gen:Heur.MSIL.Abuja.2
Tencent	Win32.Trojan.Falsesign.Llgt
Ad-Aware	Gen:Heur.MSIL.Abuja.2
Sophos	Mal/Generic-R + Mal/Kryptik-AY
Comodo	.UnclassifiedMalware@0
BitDefenderTheta	Gen:NN.ZemsilF.34686.hm1@a8Q22zci
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	GenericRXER-GI!A1933D25E159
FireEye	Generic.mg.a1933d25e1591674
Emsisoft	Gen:Heur.MSIL.Abuja.2 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1114859
eGambit	Unsafe.AI_Score_51%
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	VirTool:MSIL/Injector.II!bit
Arcabit	Trojan.MSIL.Abuja.2
AegisLab	Trojan.Win32.Fareit.i!c
GData	Gen:Heur.MSIL.Abuja.2
AhnLab-V3	Trojan/Win.Generic.C4443799
McAfee	GenericRXER-GI!A1933D25E159
MAX	malware (ai score=89)
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R02DC0DDT21
Rising	Trojan.Injector!8.C4 (CLOUD)
Yandex	Trojan.PWS.Fareit!Ed8DKvWviNs
Ikarus	Trojan.MSIL.Injector
Fortinet	MSIL/Kryptik.EPT!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml