Malware

About “MSIL:GenMalicious-BXB [Trj]” infection

Malware Removal

The MSIL:GenMalicious-BXB [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL:GenMalicious-BXB [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine MSIL:GenMalicious-BXB [Trj]?



File Info:

name: 0D6226991BADCC3133BD.mlw
path: /opt/CAPEv2/storage/binaries/790638a2bf4e230dcceb9eb488419f9119a2fb1704900bca96155746ad6c1168
crc32: D4AE7F36
md5: 0d6226991badcc3133bd1130d6cbeb85
sha1: 09f5b9928de161ccdc0c909b72a6a31f334b4d14
sha256: 790638a2bf4e230dcceb9eb488419f9119a2fb1704900bca96155746ad6c1168
sha512: e8b5cf47b7b510f9b162f2367a7bfe129203c705111ccca1a2dcecc99cfc29269087e19def7932d51de5f397fe099548840c3775bb4e0468d0f14bf4e4b41d87
ssdeep: 3072:UeyjgYTWy5nlnl2MnpvuPTZVPQtMi0dmQ500ByweKwUL5rMUneI3p6nLOutJ25J6:UeyJTWy5nlnl2MnpSTZVPQtMi0dmQ50F
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5046B497748EA25C57C663BC7EA12690333A1D79AA7C3066E8D62DC3C373B7152620F
sha3_384: 4a9c774c40564ae26588c575b25b663ffe358393d6ab6b30f62a6af91e42cc73daffbb90d6dfa96e365b166c248bd835
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-02-16 16:46:13


Version Info:

Translation: 0x0000 0x04b0
Comments: Assembly created using a Trial Version of CodeWall (www.codewall.net). Redistribution to End Users Not Allowed.
FileDescription:  
FileVersion: 0.0.0.0
InternalName: mmmsssd.exe
LegalCopyright:  
OriginalFilename: mmmsssd.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL:GenMalicious-BXB [Trj] also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.lEnj
Elasticmalicious (high confidence)
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.28de16
BitDefenderThetaGen:NN.ZemsilF.34592.lm0@aq3Wvpi
CyrenW32/MSIL_Troj.BGS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Packed.CodeWall.D
APEXMalicious
ClamAVWin.Packed.Bladabindi-9811966-0
KasperskyHEUR:Trojan.MSIL.Tpyn.gen
NANO-AntivirusTrojan.Win32.Crypted.dxxbkx
AvastMSIL:GenMalicious-BXB [Trj]
TencentWin32.Trojan.Generic.Hfe
SophosMal/Generic-S
ComodoMalware@#2c9dh0knwvfgs
ZillyaTrojan.Packed.Win32.55209
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.0d6226991badcc31
SentinelOneStatic AI – Malicious PE
JiangminGarbage.MSIL.adm
GoogleDetected
AviraHEUR/AGEN.1208545
Antiy-AVLTrojan/Generic.ASMalwS.3303
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 99)
Acronissuspicious
McAfeeGenericRXAB-EQ!0D6226991BAD
MalwarebytesBladabindi.Backdoor.Njrat.DDS
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:BLIvkG6sn5tk9QFULgqluQ)
YandexTrojan.CodeWall!Dyr//2CUIbA
IkarusTrojan.MSIL.CodeWall
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/CodeWall.B!tr
AVGMSIL:GenMalicious-BXB [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL:GenMalicious-BXB [Trj]?

MSIL:GenMalicious-BXB [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment