MSIL/TrojanDownloader.Small.CSU removal tips

The MSIL/TrojanDownloader.Small.CSU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Small.CSU virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Small.CSU?


File Info:
name: 20D4B5790E6ED41F300C.mlw
path: /opt/CAPEv2/storage/binaries/2025071ea0a0461f397301631e5b438b39942193041a352c3b1905324ce5a6c9
crc32: 59891051
md5: 20d4b5790e6ed41f300c92152b6ba96e
sha1: a9b0c3eea1dbf4ac5829a4dd9824401b4977ddfb
sha256: 2025071ea0a0461f397301631e5b438b39942193041a352c3b1905324ce5a6c9
sha512: fe36697cd4d769c66c424b5dfcde6f070581c16fcb6a03ef0ba1ed6933acc592119e65370119394098cd0df04984bcac5b135a81872230735ab6135bfa303a6f
ssdeep: 192:IWAV5DgL+Uq2ULHJBahrgLEpvWTf+awDjsi8vkYcV6+U2FJFEs2+:C7d2kHJBaO4pfN6kYcV6+UiJFnh
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T16B22F82052E40176D93145336D29AB06AFB6E6BF7D1A43AE348C091F7FB30118323B6A
sha3_384: 8b3203da854ec2dffe4c890102c87da8decfc44e0114e0bca31a329f92d3f3db96f5ed109532788f6969f4111d4a56d2
ep_bytes: ff250020400000000000000000000000
timestamp: 2071-01-05 02:18:13

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: WindowsDefence(x64)
FileVersion: 1.0.0.0
InternalName: WindowsDefence(x64).exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: WindowsDefence(x64).exe
ProductName: WindowsDefence(x64)
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Small.CSU also known as:

Lionic	Trojan.Win32.Generic.4!c
FireEye	Trojan.GenericKD.48292123
Sangfor	Trojan.Win32.Sabsik.TE
BitDefenderTheta	Gen:NN.ZemsilCO.34212.am0@amhYz9n
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	MSIL/TrojanDownloader.Small.CSU
TrendMicro-HouseCall	TROJ_GEN.R002H0CB422
Cynet	Malicious (score: 99)
BitDefender	Trojan.GenericKD.48292123
MicroWorld-eScan	Trojan.GenericKD.48292123
Avast	Win32:Trojan-gen
Ad-Aware	Trojan.GenericKD.48292123
Emsisoft	Trojan.GenericKD.48292123 (B)
McAfee-GW-Edition	RDN/Generic.dx
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.MSIL.Small
GData	Win32.Trojan.Agent.63T7BV
Avira	HEUR/AGEN.1236212
MAX	malware (ai score=84)
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
McAfee	RDN/Generic.dx
APEX	Malicious
Rising	Trojan.Generic/MSIL@AI.98 (RDM.MSIL:f3vILdAB43W51PHGyoEC6Q)
SentinelOne	Static AI – Suspicious PE
Fortinet	MSIL/Small.CSU!tr.dldr
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_70% (W)

How to remove MSIL/TrojanDownloader.Small.CSU?

MSIL/TrojanDownloader.Small.CSU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X