Trojan

How to remove “MSIL/TrojanDownloader.Small.CIA”?

Malware Removal

The MSIL/TrojanDownloader.Small.CIA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Small.CIA virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine MSIL/TrojanDownloader.Small.CIA?



File Info:

name: B29E3CD27EC9AF650238.mlw
path: /opt/CAPEv2/storage/binaries/88b64800d49a7e2fce55ac7add12514430022e1fee7b8cddfde834f316f573dd
crc32: B01A30DE
md5: b29e3cd27ec9af650238ee22ce6063f5
sha1: 994ab1b6351066ac5eb4e1672eddecda6e0d7dc7
sha256: 88b64800d49a7e2fce55ac7add12514430022e1fee7b8cddfde834f316f573dd
sha512: 93e9d532fb2cd185a429a35cb721c61d86be55bc7f90cab0b266915a1ad6396fe61cb388b52a1a97875353caf51e95e9aa69d8be9797c5c9194d564d7b2ad9cb
ssdeep: 384:YMQ2uJBiXSim4IvtTVE3dmicdaTCLk245juomb/R56oToIWm:YMuqJm4IVhdMM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T119C2E71312DEBEE6C5B91A70377393C1C76DDE058953C62E69D07429C9BE2037A923C9
sha3_384: 1e5ecb90fcfa86f12256c22224477aebd07391001ce2a820c9db462c368ec30205e3aacc3930990a18d988d2214a1027
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-11-24 15:22:08


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: WindowsApplication46
FileVersion: 1.0.0.0
InternalName: WindowsApplication46.exe
LegalCopyright: Copyright © Microsoft 2020
OriginalFilename: WindowsApplication46.exe
ProductName: WindowsApplication46
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Small.CIA also known as:

LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.276306
FireEyeGeneric.mg.b29e3cd27ec9af65
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGen:Variant.Bulz.276306
ZillyaTrojan.Kryptik.Win32.2694190
SangforTrojan.Win32.Wacatac.B
CrowdStrikewin/malicious_confidence_70% (W)
AlibabaTrojan:MSIL/Kryptik.0e7f03ad
K7GWTrojan ( 004ee54a1 )
K7AntiVirusTrojan ( 004ee54a1 )
BitDefenderThetaGen:NN.ZemsilF.34182.bq0@aKVJ!Jm
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDownloader.Small.CIA
Paloaltogeneric.ml
BitDefenderGen:Variant.Bulz.276306
NANO-AntivirusTrojan.Win32.Kryptik.ignjya
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:Jyh5eNOFbtvLJmZ4wyOPKQ)
EmsisoftGen:Variant.Bulz.276306 (B)
ComodoMalware@#16zqz4e7k6jod
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
AviraTR/Kryptik.fbtxy
Antiy-AVLTrojan/Generic.ASMalwS.310C26F
MicrosoftBackdoor:Win32/Bladabindi!ml
GDataGen:Variant.Bulz.276306
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.RL_Generic.C4247400
McAfeeArtemis!B29E3CD27EC9
MAXmalware (ai score=84)
APEXMalicious
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.FZV!tr
Cybereasonmalicious.27ec9a

How to remove MSIL/TrojanDownloader.Small.CIA?

MSIL/TrojanDownloader.Small.CIA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment