Trojan

What is “MSIL/TrojanDropper.Small.EF”?

Malware Removal

The MSIL/TrojanDropper.Small.EF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDropper.Small.EF virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • CAPE detected the CobianRAT malware family
  • Deletes executed files from disk
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine MSIL/TrojanDropper.Small.EF?



File Info:

name: D663604F6F0DA2BA426C.mlw
path: /opt/CAPEv2/storage/binaries/8c1b97b3cad2f9291c84a2e26577fc3a2ab1f998a0a7c29169517ba29c06328d
crc32: A500E255
md5: d663604f6f0da2ba426c62a7905300bd
sha1: 14989f97d4ec8e6faa9a181bd7bc2f0ad11b9728
sha256: 8c1b97b3cad2f9291c84a2e26577fc3a2ab1f998a0a7c29169517ba29c06328d
sha512: 04bca8e3bf73883e8773ac28cace0ebdcd4b330c220255365982262f42ec13f31f3a7e88f07b53f0b1c473608af0d95e98fe5cff870ef9a11f5b5a999ed2c2c0
ssdeep: 768:z4bs8xfDxow5K1tbwbMAN+Xh/WBiTwd7yWBY6+O6C7Cu6BLUqu/tS9UPG:U4P9+1EXhuB0wddYe17CuqLvyS9U+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10163BE1A37A4E0D9E1D465341DC26F73C4F2B827180467AEBBC12E6FEE7AD85D610346
sha3_384: e98a9b6ec73908ed28ccc118f6d1102f26502daf3e443fbc469f1d84bbac9e5289f5cc4b8ddb354f0916e9d5e8f1ea33
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-13 10:13:32


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Launcher.exe
LegalCopyright:  
OriginalFilename: Launcher.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/TrojanDropper.Small.EF also known as:

BkavW32.AIDetectNet.01
CynetMalicious (score: 99)
FireEyeGeneric.mg.d663604f6f0da2ba
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.f6f0da
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/TrojanDropper.Small.EF
APEXMalicious
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderIL:Trojan.MSILZilla.19736
MicroWorld-eScanIL:Trojan.MSILZilla.19736
AvastWin32:RATX-gen [Trj]
Ad-AwareIL:Trojan.MSILZilla.19736
EmsisoftIL:Trojan.MSILZilla.19736 (B)
VIPREIL:Trojan.MSILZilla.19736
Trapminemalicious.high.ml.score
SophosML/PE-A
GDataIL:Trojan.MSILZilla.19736
AviraHEUR/AGEN.1221666
ArcabitIL:Trojan.MSILZilla.D4D18
MicrosoftProgram:Win32/Wacapew.C!ml
AhnLab-V3Trojan/Win32.RL_Small.C3488454
Acronissuspicious
ALYacIL:Trojan.MSILZilla.19736
MAXmalware (ai score=87)
RisingTrojan.Generic/MSIL@AI.92 (RDM.MSIL:3mC2TxezQnHrQgLEQsremQ)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Small.EF!tr
BitDefenderThetaGen:NN.ZemsilF.34592.em0@aSAYP3f
AVGWin32:RATX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove MSIL/TrojanDropper.Small.EF?

MSIL/TrojanDropper.Small.EF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment