Categories: Malware

MSIL/Packed.CodeWall.B removal

The MSIL/Packed.CodeWall.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Packed.CodeWall.B virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Creates a copy of itself

How to determine MSIL/Packed.CodeWall.B?


File Info:
name: 98340F5EA591CD16C5F9.mlwpath: /opt/CAPEv2/storage/binaries/a6ba9c9fe9ba74387b1662526465ab75e8177e588a962e0ec9aaa0e7ad1eb4cfcrc32: B19EC7E1md5: 98340f5ea591cd16c5f9d3a9e95641a4sha1: 873871179f145a0e4d9d91d9aed837ae0e4e1ac6sha256: a6ba9c9fe9ba74387b1662526465ab75e8177e588a962e0ec9aaa0e7ad1eb4cfsha512: 63ae3683e05171ede8ed1ad571c1274b7b1be376197003c6ccb706e37688730c72565dc85016f2ffdcd76ab072069b90d2a95723359527caeb6b1ab99257d974ssdeep: 3072:8IfeoadX9ZTuXT4XH1nuzYYwqe/U7/okpIH9aZMHD5aa:pfadX9Z8ygzYY3e/UMkp1GD5type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C5141998FF0CD582D26CB237C1E6452003628CD5CB1AF95B6D553BCC9BE33B309656AAsha3_384: 2cacc69bb4b9af25c2311865bac42367dccef18030ee51b875619754eeee8212cfd7c3f7eee9ab64d367956ad4c99042ep_bytes: ff250020400000000000000000000000timestamp: 2013-02-07 19:14:59
Version Info:
Translation: 0x0000 0x04b0Comments: RPX 1.3.4399.43191FileDescription:  FileVersion: 0.0.0.0InternalName: 1.exeLegalCopyright:  OriginalFilename: 1.exeProductVersion: 0.0.0.0Assembly Version: 0.0.0.0

MSIL/Packed.CodeWall.B also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader8.49902
MicroWorld-eScan	Gen:Heur.MSIL.Bladabindi.1
FireEye	Generic.mg.98340f5ea591cd16
McAfee	Artemis!98340F5EA591
Cylance	Unsafe
Zillya	Trojan.Disfa.Win32.3592
K7AntiVirus	Trojan ( 00528cb81 )
K7GW	Trojan ( 00528cb81 )
Cybereason	malicious.ea591c
BitDefenderTheta	Gen:NN.ZemsilF.34062.mm0@aSYtCop
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Packed.CodeWall.B
TrendMicro-HouseCall	TROJ_SPNR.3AHQ13
Kaspersky	HEUR:Trojan.MSIL.ShopBot.gen
BitDefender	Gen:Heur.MSIL.Bladabindi.1
NANO-Antivirus	Trojan.Win32.Disfa.cuimbu
Avast	MSIL:GenMalicious-FX [Trj]
Tencent	Msil.Trojan.Disfa.Hssa
Ad-Aware	Gen:Heur.MSIL.Bladabindi.1
Sophos	Mal/Generic-S
Comodo	Malware@#3kf8pgi477r2r
F-Secure	Heuristic.HEUR/AGEN.1118661
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_SPNR.3AHQ13
McAfee-GW-Edition	Artemis!PUP
Emsisoft	Gen:Heur.MSIL.Bladabindi.1 (B)
Ikarus	PUA.Codewall
Avira	HEUR/AGEN.1118661
MAX	malware (ai score=82)
Kingsoft	Win32.Troj.Disfa.p.(kcloud)
Microsoft	Backdoor:MSIL/Bladabindi.AA
GData	Gen:Heur.MSIL.Bladabindi.1
VBA32	TScope.Trojan.MSIL
Malwarebytes	Generic.Malware/Suspicious
APEX	Malicious
Yandex	Trojan.Disfa!3vmNYQJBWDU
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
AVG	MSIL:GenMalicious-FX [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_90% (D)