MSIL/Injector.OUB (file analysis)

The MSIL/Injector.OUB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Injector.OUB virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Uses Windows utilities for basic functionality
Sniffs keystrokes
Installs itself for autorun at Windows startup
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine MSIL/Injector.OUB?


File Info:
crc32: DBA23A8D
md5: 6ed69175435510ba1eb67016b3d3a9b6
name: 6ED69175435510BA1EB67016B3D3A9B6.mlw
sha1: c0cddd0696a3b0a274f51ad72c915dc010ad1a36
sha256: ec17e1d9a25d91e839a7942ba6907de9095bc2632ac1f0c465d69a4ef63eeb7c
sha512: 3263d0f2cc2a6e5f21562f38586c7503b2f0481aa030daa0582b9ba6750457fab9def003083c92b1a5098a709ab163eb6cd1c516072c99655b8eb31deef60ab7
ssdeep: 3072:O98xCz2us0xqVUGM8ze/6TAC2qL3eT1Gu64j7b1/5OtM8s+kiRi9kwY6qOmO33E:Jd+gegY1Gulbz8pRi6wYXQ2
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
LegalCopyright: PortableApps.com
InternalName: PortableApps.com Launcher
FileVersion: 2.2.0.0
CompanyName: PortableApps.com
LegalTrademarks: PortableApps.com is a Trademark of Rare Ideas, LLC.
Comments: A build of the PortableApps.com Launcher for 2X RDP Portable, allowing it to be run from a removable drive.  For additional details, visit PortableApps.com
ProductName: 2X RDP Portable
ProductVersion: 2.2.0.0
FileDescription: 2X RDP Portable (PortableApps.com Launcher)
OriginalFilename: 2XClient.exe
Translation: 0x0000 0x04e6

MSIL/Injector.OUB also known as:

K7AntiVirus	Trojan ( 700000121 )
Lionic	Trojan.MSIL.Zapchast.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop6.34709
Cynet	Malicious (score: 99)
ALYac	Trojan.MSIL.Basic.9.Gen
Cylance	Unsafe
Zillya	Trojan.Zapchast.Win32.114129
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:MSIL/Injector.d80f7189
K7GW	Trojan ( 700000121 )
Cybereason	malicious.543551
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.OUB
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Dropper.Razy-7430372-0
Kaspersky	HEUR:Backdoor.Win32.Generic
BitDefender	Trojan.MSIL.Basic.9.Gen
NANO-Antivirus	Trojan.Win32.Drop.ebesez
MicroWorld-eScan	Trojan.MSIL.Basic.9.Gen
Tencent	Msil.Trojan.Zapchast.Wtxu
Ad-Aware	Trojan.MSIL.Basic.9.Gen
Sophos	Mal/Generic-R + Troj/MSIL-IAU
Comodo	Malware@#18qwundk5rogh
BitDefenderTheta	Gen:NN.ZemsilF.34236.om1@aqUtjbp
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BackDoor-FDEH!6ED691754355
FireEye	Generic.mg.6ed69175435510ba
Emsisoft	Trojan.MSIL.Basic.9.Gen (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1115197
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.17F09EB
Kingsoft	Win32.Troj.Zapchast.(kcloud)
Microsoft	Backdoor:Win32/Bladabindi!ml
Arcabit	Trojan.MSIL.Basic.9.Gen
ZoneAlarm	HEUR:Backdoor.Win32.Generic
GData	MSIL.Trojan.Injector.HG
AhnLab-V3	Malware/Win32.RL_Generic.C4306839
McAfee	BackDoor-FDEH!6ED691754355
MAX	malware (ai score=100)
Panda	Trj/GdSda.A
Yandex	Trojan.Zapchast!ndz5/lrHgMw
Ikarus	Trojan.MSIL.Injector
Fortinet	MSIL/Injector.EF29!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove MSIL/Injector.OUB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

MSIL/Injector.OUB (file analysis)