Malware

MSIL:GenMalicious-BB [Trj] (file analysis)

Malware Removal

The MSIL:GenMalicious-BB [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL:GenMalicious-BB [Trj] virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the DarkComet malware family
  • Interacts with known DarkComet registry keys
  • Creates known Fynloski/DarkComet mutexes

How to determine MSIL:GenMalicious-BB [Trj]?



File Info:

name: AB437369A7D18400E613.mlw
path: /opt/CAPEv2/storage/binaries/73ab1a771427b2add7c14c45cf55b37c8e124ae2f1c34721da364fa75abc0393
crc32: DF18A9C3
md5: ab437369a7d18400e613547083295123
sha1: 0b018f69b214afe2d83c25fea13d8cdd9ba61ae2
sha256: 73ab1a771427b2add7c14c45cf55b37c8e124ae2f1c34721da364fa75abc0393
sha512: 7552c6120bc38ca1f962161e349d9ae0cbe98101b563d8f9b6ee039aedb601830bb0e71eb1bbfca5fca54b163cac3c0ab93bd465dc4ebf39290027b164e958ea
ssdeep: 24576:ZTUX5CA2keSmidYGr1vfp4cZA5N7wfS27Yb:Z2ezGr1vficxfS2a
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A1357DAE9379C32D9C2875F93F2104B468C8DD88BA9CADF8C50FCA01B64E879195D4F5
sha3_384: 0de8e43db844b86a0db4cc9854b67850a86447161a57f216db8565ff0b6df958dbc263629a81ea95109e1964e6d6b010
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-03-13 03:32:02


Version Info:

FileDescription: Microsoft SX 
Translation: 0x0000 0x04b0

MSIL:GenMalicious-BB [Trj] also known as:

BkavW32.AIDetectNet.01
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Jatif.Gen.1
FireEyeGeneric.mg.ab437369a7d18400
McAfeeArtemis!AB437369A7D1
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.9a7d18
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Fynloski.AM
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Jatif.Gen.1
NANO-AntivirusTrojan.Win32.Fynloski.cuopsr
AvastMSIL:GenMalicious-BB [Trj]
TencentWin32.Trojan.FalseSign.Lqil
Ad-AwareGen:Heur.Jatif.Gen.1
EmsisoftGen:Heur.Jatif.Gen.1 (B)
ComodoMalware@#39shnb84bnr3u
DrWebTrojan.DownLoader9.46210
VIPREGen:Heur.Jatif.Gen.1
TrendMicroTROJ_GEN.R067C0RIC22
McAfee-GW-EditionArtemis!Trojan
SophosML/PE-A + Mal/BadCert-Gen
IkarusTrojan.Injector
GDataGen:Heur.Jatif.Gen.1
WebrootW32.Trojan.Gen
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.330C
KingsoftWin32.Hack.DarkKomet.ch.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Dropper/Win32.Dapato.R100917
Acronissuspicious
ALYacGen:Heur.Jatif.Gen.1
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R067C0RIC22
RisingTrojan.Dynamer!8.3A0 (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Injector.DEN!tr
BitDefenderThetaGen:NN.ZemsilF.34646.an1@aCI3INk
AVGMSIL:GenMalicious-BB [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL:GenMalicious-BB [Trj]?

MSIL:GenMalicious-BB [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment