Malware

About “MSIL:GenMalicious-CJF [Trj]” infection

Malware Removal

The MSIL:GenMalicious-CJF [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What MSIL:GenMalicious-CJF [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine MSIL:GenMalicious-CJF [Trj]?


File Info:

name: 0A928D0AE3A4F62B0120.mlw
path: /opt/CAPEv2/storage/binaries/267d5c6358677d1e2f08bb8f12df69e771cd0da4de29c9f1bf415f1e8924f9c7
crc32: F40E5490
md5: 0a928d0ae3a4f62b0120a2f1eb2992bc
sha1: 097321ff1da3886082c64f98296567bf9572425f
sha256: 267d5c6358677d1e2f08bb8f12df69e771cd0da4de29c9f1bf415f1e8924f9c7
sha512: 0ff23377b835e6cd86ee0dc18886596267844190804ad04b4c96409342b2a5ccfcec130fb9087df7609d58c92500660f21ff8a6a67a730e4a7a5440a5f65b7d5
ssdeep: 12288:KWFityw1tnD2x3SLr7P8zVsqt5RZ0V+d0qHXFctybSy4dw:KWFityw1tnD2xCLviVsqt5T0+GKXetvm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10AB4F1093A84D622C46C717BDAEF2691832261DA9E57D3039E8D72DC7C733B3151A26F
sha3_384: d01783a510626873f35a094fb3afa11909e06f06498b4a27058ceba31f42c97cb3a8fcc68c0f8351136ae118d14072ff
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-11-15 10:04:24

Version Info:

Translation: 0x0000 0x04b0
Comments: Assembly created using a Trial Version of CodeWall (www.codewall.net). Redistribution to End Users Not Allowed.
CompanyName: ay_t_N_o_P_
FileDescription: ad_5_a_g_
FileVersion: 5.8.11.49
InternalName: 1.exe
LegalCopyright: Copyright © 2007
LegalTrademarks: ak_T_M_5_M_m_e_
OriginalFilename: 1.exe
ProductName: aP_p_1_Y_l_Q_
ProductVersion: 5.8.11.49
Assembly Version: 5.8.11.49

MSIL:GenMalicious-CJF [Trj] also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.lEnj
DrWebBackDoor.Bladabindi.5787
MicroWorld-eScanGen:Heur.MSIL.Vuvazi.C.2
ALYacGen:Heur.MSIL.Vuvazi.C.2
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.ae3a4f
BitDefenderThetaGen:NN.ZemsilF.34582.Em0@aGxGB@d
VirITBackdoor.Win32.Bladabindi.IOP
CyrenW32/MSIL_Troj.BGS.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Packed.CodeWall.D suspicious
APEXMalicious
ClamAVWin.Packed.Bladabindi-9811966-0
KasperskyHEUR:Trojan.MSIL.Crypt.gen
BitDefenderGen:Heur.MSIL.Vuvazi.C.2
NANO-AntivirusTrojan.Win32.Bladabindi.dizzge
AvastMSIL:GenMalicious-CJF [Trj]
TencentWin32.Trojan.Generic.Hfe
Ad-AwareGen:Heur.MSIL.Vuvazi.C.2
EmsisoftGen:Heur.MSIL.Vuvazi.C.2 (B)
VIPREGen:Heur.MSIL.Vuvazi.C.2
McAfee-GW-EditionGenericRXAB-EQ!0A928D0AE3A4
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.0a928d0ae3a4f62b
SophosGeneric ML PUA (PUA)
IkarusPUA.Codewall
AviraHEUR/AGEN.1208554
MAXmalware (ai score=81)
MicrosoftBackdoor:MSIL/Bladabindi!rfn
ArcabitTrojan.MSIL.Vuvazi.C.2
GDataGen:Heur.MSIL.Vuvazi.C.2
CynetMalicious (score: 100)
McAfeeGeneric Dropper.agu
MalwarebytesTrojan.Agent
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:tGE6E1f6gb1YA8Hv8gcSMg)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/CodeWall.B!tr
AVGMSIL:GenMalicious-CJF [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL:GenMalicious-CJF [Trj]?

MSIL:GenMalicious-CJF [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment