What is “MSIL/Rozena.EI”?

The MSIL/Rozena.EI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Rozena.EI virus can do?

Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine MSIL/Rozena.EI?


File Info:
name: 2E124A4C0834B57BDE02.mlw
path: /opt/CAPEv2/storage/binaries/46a70ba89923f9ad83da6cdd87efe4906e1192380464203beaf929a4e7cae8d4
crc32: E325BAF9
md5: 2e124a4c0834b57bde02f8390078a09e
sha1: f54e5a56958227f9e3cea84665d242d5a1f4a9ce
sha256: 46a70ba89923f9ad83da6cdd87efe4906e1192380464203beaf929a4e7cae8d4
sha512: 9a1a94569dd4cea852bff0e41c9921346a28fa0e40da9a2165e76b280d1c48c41f58eb92dbd50c9c3f45700c6671a9cb33670e67289fd350667e0099c708ba58
ssdeep: 96:LO/dcq+K2kkvcj6tLwn0450Ag29KsPWF+Auye0m/++v/7ezNt:a/GqmcW72Dg29bemyTm/Pc
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T162D1C506EBD44936EDAB4B729973934012B5F3419D578F7E6CC9A22B7D3321409933B1
sha3_384: a6936b68c1701d4b781264840c93b58711ca120c1126836f8e54bd51fd3ed103851f553ccb716e75151b0bdcac194754
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2063-03-23 16:15:03

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: runner2
FileVersion: 1.0.0.0
InternalName: runner2.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: runner2.exe
ProductName: runner2
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Rozena.EI also known as:

Lionic	Trojan.Win32.Tedy.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.47368
FireEye	Generic.mg.2e124a4c0834b57b
ALYac	Gen:Variant.Tedy.47368
Zillya	Trojan.Rozena.Win32.131592
K7AntiVirus	Trojan ( 0058b0c71 )
Alibaba	Trojan:MSIL/Rozena.756bc3a9
K7GW	Trojan ( 0058b0c71 )
Cyren	W64/Rozena.CM.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Rozena.EI
APEX	Malicious
BitDefender	Gen:Variant.Tedy.47368
Tencent	Win32.Trojan.Tedy.Hrpa
Ad-Aware	Gen:Variant.Tedy.47368
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1144732
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Tedy.47368 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1144732
Gridinsoft	Ransom.Win64.Wacatac.sa
GData	Gen:Variant.Tedy.47368
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win64.RL_Generic.C4339496
MAX	malware (ai score=83)
TrendMicro-HouseCall	TROJ_GEN.R002H0CKS21
Ikarus	Trojan.MSIL.Rozena
Fortinet	MSIL/Rozena.N!tr
CrowdStrike	win/malicious_confidence_90% (W)

How to remove MSIL/Rozena.EI?

MSIL/Rozena.EI removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X