Categories: Malware

MSIL/Injector.TRU information

The MSIL/Injector.TRU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Injector.TRU virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Attempts to remove evidence of file being downloaded from the Internet
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Spoofs its process name and/or associated pathname to appear as a legitimate process
Creates a hidden or system file
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.nordic.pw

How to determine MSIL/Injector.TRU?


File Info:
crc32: ED874288md5: 21b6ef8e414de61619cef4f4ef4e6304name: 21B6EF8E414DE61619CEF4F4EF4E6304.mlwsha1: 1725fced7e3dc989274f9763b19318436085787dsha256: 1a3045af50253c6e884b526cfe1eb710b6e9318d51d6bc233469f0db71092e3dsha512: 1b6866ed1d7efbdada9cd56850e5005912bc7e5012ee40d7720536f0ed258cf29b56684315398abd69154a910373f2cb768a4523d5e1132cbec7be42940506bcssdeep: 24576:Ruc5hy8n0HHMaJZlpI+lXGcW6wWJwpZ+LrblRwovkH8algHy:RpyLHHJZlpIMdhDwpYLrbvkHAHytype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: Copyright OpenLR 2018Assembly Version: 1.0.0.0InternalName: OpenLR.exeFileVersion: 1.0.0.0CompanyName: LegalTrademarks: Comments: ProductName: OpenLRProductVersion: 1.0.0.0FileDescription: OpenLROriginalFilename: OpenLR.exe

MSIL/Injector.TRU also known as:

K7AntiVirus	Trojan ( 0050e79f1 )
Lionic	Trojan.MSIL.Generic.m!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Siggen2.2331
Cynet	Malicious (score: 100)
ALYac	IL:Trojan.MSILZilla.5250
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Backdoor:MSIL/Injector.06c82d04
K7GW	Trojan ( 0050e79f1 )
Cybereason	malicious.e414de
Cyren	W32/MSIL_Injector.PS.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.TRU
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Packed.Zusy-7589722-0
Kaspersky	HEUR:Backdoor.MSIL.Agent.gen
BitDefender	IL:Trojan.MSILZilla.5250
NANO-Antivirus	Trojan.Win32.GenKryptik.fdugrk
MicroWorld-eScan	IL:Trojan.MSILZilla.5250
Tencent	Msil.Backdoor.Agent.Hqlq
Ad-Aware	IL:Trojan.MSILZilla.5250
Sophos	ML/PE-A
Comodo	Malware@#13qh9ivwyo57i
BitDefenderTheta	Gen:NN.ZemsilF.34236.qn0@aGO0KKk
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_MALREP.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.21b6ef8e414de616
Emsisoft	IL:Trojan.MSILZilla.5250 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor.MSIL.akkq
Avira	HEUR/AGEN.1137075
eGambit	Unsafe.AI_Score_94%
Antiy-AVL	Trojan/Generic.ASMalwS.268DE5D
Microsoft	Trojan:Win32/Occamy.C
GData	IL:Trojan.MSILZilla.5250
AhnLab-V3	Trojan/Win32.Genasep.C2561602
McAfee	GenericRXFW-BY!21B6EF8E414D
MAX	malware (ai score=97)
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_MALREP.SM
Yandex	Trojan.GenKryptik!CKqQd6OQOAg
Ikarus	Trojan.MSIL.Injector
Fortinet	MSIL/Kryptik.LKA!tr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml