Categories: Malware

How to remove “MSIL/Packed.CodeWall.A”?

The MSIL/Packed.CodeWall.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Packed.CodeWall.A virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine MSIL/Packed.CodeWall.A?


File Info:
name: 29AFC4E001D1A9520319.mlwpath: /opt/CAPEv2/storage/binaries/901f7c4fdfe5727679315848e3472a0817cb4ad34006b77144ce57a9cf5daecacrc32: 930DB8E3md5: 29afc4e001d1a95203190c0c6b067a60sha1: e48bb396ebc2eac1f4553774b19ad725e19ffac1sha256: 901f7c4fdfe5727679315848e3472a0817cb4ad34006b77144ce57a9cf5daecasha512: 225283c181b91f2f327a69d76b1a366a998aaf740b40350682b29e088f0af07fc1f61c7200b1942347e0d22d4071a546bce782b5454eb4b6aac62d90e085220dssdeep: 3072:nQhre+mCW659cU1WhSaTnqj9MqRdL8Y/6vjKMYEo0ht2uId0fGSKjiSfTce6cd7C:lvCa9RhtaSfhXS77TKtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T159249E9819C35336CA7203BB55AF0EAA3B7DD348742FDB4812A52138DF56AB73903467sha3_384: beed485bfa10ec44891f04ad6d675efd108364464cb041939f18d727ac2c3b5110a324264fd21225aa827b8e8f0cc1caep_bytes: ff250020400000000000000000000000timestamp: 2015-08-05 23:53:45
Version Info:
Translation: 0x0000 0x04b0Comments: Assembly created using a Trial Version of CodeWall (www.codewall.net). Redistribution to End Users Not Allowed.FileDescription:  FileVersion: 0.0.0.0InternalName: Server.exeLegalCopyright:  OriginalFilename: Server.exeProductVersion: 0.0.0.0Assembly Version: 0.0.0.0

MSIL/Packed.CodeWall.A also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.MSIL.Bladabindi.1
FireEye	Generic.mg.29afc4e001d1a952
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
Alibaba	Trojan:MSIL/CodeWall.7bc85b92
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/MSIL_Troj.BGS.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Packed.CodeWall.A
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.MSIL.Tpyn.gen
BitDefender	Gen:Heur.MSIL.Bladabindi.1
NANO-Antivirus	Trojan.Win32.Crypted.duzhsm
Avast	Win32:TrojanX-gen [Trj]
Tencent	Win32.Trojan.Crypt.Htcx
Ad-Aware	Gen:Heur.MSIL.Bladabindi.1
Sophos	Generic ML PUA (PUA)
F-Secure	Heuristic.HEUR/AGEN.1208558
BitDefenderTheta	Gen:NN.ZemsilF.34606.nm0@amjWGzj
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Emsisoft	Gen:Heur.MSIL.Bladabindi.1 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.MSIL.Bladabindi.1
Avira	HEUR/AGEN.1208558
Microsoft	Backdoor:Win32/Bladabindi!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.RL_Generic.C3490820
Acronis	suspicious
McAfee	GenericRXCE-KG!29AFC4E001D1
MAX	malware (ai score=100)
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:gAH9ghN4dgyKUtnlavdcMw)
Yandex	Trojan.CodeWall!bRVSTWASUQo
Ikarus	PUA.MSIL.CodeWall
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.001d1a
Panda	Trj/CI.A