MSIL/PSW.Discord.AEH (file analysis)

The MSIL/PSW.Discord.AEH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/PSW.Discord.AEH virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/PSW.Discord.AEH?


File Info:
name: C658A9B759A2D83E34F6.mlw
path: /opt/CAPEv2/storage/binaries/97c565ac24f468994f2b0affc51e7eb9918a011ab17f2b086be90f583b0e39ab
crc32: 6CFB7212
md5: c658a9b759a2d83e34f6bf89e2ec71a2
sha1: 0ab41d81442cafb777bf0bbc577c84bd48402664
sha256: 97c565ac24f468994f2b0affc51e7eb9918a011ab17f2b086be90f583b0e39ab
sha512: edfda9a91e64dee32ed7445fb2e4937564ee7a144892b04be9c95542f12ef7c60076f477b40821733cc1bd25cb3ad6b22913d0f49d30ff93652013e496f795b1
ssdeep: 96:o7P4FAkrSkoYJgg3KQNDanmsi/wV/uyp1U90l9/Ilpl4IF6Co19ozNt:o7P4FJ1Jgg3lDamsiY164I0Ce9q
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T13B02E715B3FC8621EEBB4B39ACB307206778F7625826DB5E2586910A1D337484D62F36
sha3_384: 3651d34da5eb2125ea22878c7b61b8cbdfe2bd07545466f38fb1299a8cfbd817f2272488cdf50c8f4e6a1a17af951d3e
ep_bytes: ff250020400000000000000000000000
timestamp: 2052-11-22 07:55:10

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: ConsoleApp1
FileVersion: 1.0.0.0
InternalName: ConsoleApp1.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: ConsoleApp1.exe
ProductName: ConsoleApp1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/PSW.Discord.AEH also known as:

MicroWorld-eScan	IL:Trojan.MSILZilla.10699
FireEye	Generic.mg.c658a9b759a2d83e
McAfee	Artemis!C658A9B759A2
Cylance	Unsafe
Sangfor	Infostealer.MSIL.Disco.gen
K7AntiVirus	Password-Stealer ( 0058bbe81 )
Alibaba	TrojanPSW:MSIL/Disco.17fe1e86
K7GW	Password-Stealer ( 0058bbe81 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/PSW.Discord.AEH
APEX	Malicious
Kaspersky	HEUR:Trojan-PSW.MSIL.Disco.gen
BitDefender	IL:Trojan.MSILZilla.10699
Tencent	Msil.Trojan.Msilzilla.Sxoa
Ad-Aware	IL:Trojan.MSILZilla.10699
Sophos	Mal/Generic-S
DrWeb	Trojan.PWS.Stealer.31963
Zillya	Trojan.Discord.Win32.6750
TrendMicro	TROJ_GEN.R002C0WLR21
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	IL:Trojan.MSILZilla.10699 (B)
SentinelOne	Static AI – Suspicious PE
Avira	TR/PSW.Discord.uppvy
Gridinsoft	Ransom.Win32.Sabsik.sa
Arcabit	IL:Trojan.MSILZilla.D29CB
ViRobot	Trojan.Win32.Z.Psw.8704.E
GData	IL:Trojan.MSILZilla.10699
Cynet	Malicious (score: 99)
BitDefenderTheta	Gen:NN.ZemsilF.34114.am0@amCPIhl
ALYac	IL:Trojan.MSILZilla.10699
MAX	malware (ai score=81)
VBA32	TScope.Trojan.MSIL
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0WLR21
Yandex	Trojan.PWS.Discord!HU1L9YhpBz4
Ikarus	Trojan.MSIL.PSW
Fortinet	MSIL/Discord.AEH!tr.pws
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_90% (W)

How to remove MSIL/PSW.Discord.AEH?

MSIL/PSW.Discord.AEH removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X