MSIL/Spy.Keylogger.AXH malicious file

The MSIL/Spy.Keylogger.AXH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.Keylogger.AXH virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine MSIL/Spy.Keylogger.AXH?


File Info:
name: 48D3D061D6A0885311CF.mlw
path: /opt/CAPEv2/storage/binaries/a602f6d0c1b5ef20c321bfd2092e6eda6ec1010d87a06ae988db68e909f49140
crc32: 6CE7DAFF
md5: 48d3d061d6a0885311cf2b044d3c4cf0
sha1: bb86e8cad3288946361dda06bc56160342ab0ab1
sha256: a602f6d0c1b5ef20c321bfd2092e6eda6ec1010d87a06ae988db68e909f49140
sha512: 0568bf1cb5ae2e4490bc2bfba96b852fb12956cca19f7a9b91ea0c4dd0bd5a1a1f9c46541f794e43a627bafdd8a03e45327af6bc8ded518104e847749afc2829
ssdeep: 192:0s+d5qllezBojsF2tK8VwhOO1eWe3kWvsqckz:fuoQFMnwhX1ve3PvVz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17D12C8057BF88763E0BE5BBA9DF707219771B42A8532C71F0C8D455D84F23594950FA1
sha3_384: 1ecebde87a3356c1c487f61810331ee98381a95ccb623609f61df45e0818a84d22796ab8f869580532f2321344dd35a5
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-10-27 19:25:10

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: muj.exe
LegalCopyright:  
OriginalFilename: muj.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Spy.Keylogger.AXH also known as:

Lionic	Trojan.MSIL.KeyLogger.lG0c
FireEye	Generic.mg.48d3d061d6a08853
McAfee	Artemis!48D3D061D6A0
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
Alibaba	Worm:MSIL/LovGate.748034c0
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34726.am0@a4ZXvsc
Cyren	W32/A-e70d6f01!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Keylogger.AXH
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R002H0CJD22
Paloalto	generic.ml
Kaspersky	Trojan-Spy.Win32.Bobik.dyi
NANO-Antivirus	Trojan.Win32.Keylogger.fmqghw
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan-Spy.Bobik.Iflw
Comodo	Malware@#23mazyuyr5isq
F-Secure	Trojan.TR/Spy.Gen
Zillya	Trojan.Keylogger.Win32.61500
McAfee-GW-Edition	BehavesLike.Win32.Generic.zt
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Spy
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Spy.Gen
Antiy-AVL	Worm[Email]/MSIL.LovGate
Gridinsoft	Ransom.Win32.Wacatac.sa
ZoneAlarm	Trojan-Spy.Win32.Bobik.dyi
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Dropper/Win32.Agent.C91608
Malwarebytes	Generic.Malware/Suspicious
Rising	Worm.LovGate!8.D24 (CLOUD)
Yandex	TrojanSpy.Keylogger!lbw1Gy2GUNo
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Generic.AP.C18C98!tr
AVG	Win32:Trojan-gen
Cybereason	malicious.ad3288
Panda	Trj/GdSda.A

How to remove MSIL/Spy.Keylogger.AXH?

MSIL/Spy.Keylogger.AXH removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X