Malware

MSILHeracles.12789 (B) information

Malware Removal

The MSILHeracles.12789 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILHeracles.12789 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify desktop wallpaper
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine MSILHeracles.12789 (B)?



File Info:

name: 3897E1902C7FEF5F4EC0.mlw
path: /opt/CAPEv2/storage/binaries/551e496f42712476a4d8432984111d29ff58e93f3848c45e4b0e6734a5de286d
crc32: 3AFF0FC9
md5: 3897e1902c7fef5f4ec0a6981777ddd4
sha1: 5a42114fc80fa2b00c024d3e92f5810b31ed5c38
sha256: 551e496f42712476a4d8432984111d29ff58e93f3848c45e4b0e6734a5de286d
sha512: 4e534f82e49492377349854f0fffded8c6cd7ca82d79f2f3e65845985c3cbc057cba103300c45bf68af1574c72b1bae045694ffca90de534eae33217d9ce71c1
ssdeep: 98304:Iy29dxNqlVPN8ZkRzi+7DeKBe+Jytz8ECU4Gl7ZizZSrnCCesQxP4n:SrelVPN8ZKzV7D/w+JSCcPuCeFxQn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T133363302BBD4D5B3C25224399A097B2279BC3C301B73A667F38C794D96351E1623B7B2
sha3_384: cb9f627ec526581ac8ecd9624061a1ad77bffd944498815d66478ea19668087ddd31a6a13abd90753411970d7e7db85e
ep_bytes: e89a040000e98efeffff3b0d68d64300
timestamp: 2020-03-26 10:02:47


Version Info:

0: [No Data]

MSILHeracles.12789 (B) also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Variant.MSILHeracles.12789
FireEyeGen:Variant.MSILHeracles.12789
ALYacGen:Variant.MSILHeracles.12789
CylanceUnsafe
Cybereasonmalicious.02c7fe
CyrenW32/S-536dd2d1!Eldorado
AvastWin32:SpywareX-gen [Trj]
KasperskyHEUR:Trojan.MSIL.Agentb.gen
BitDefenderGen:Variant.MSILHeracles.12789
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
EmsisoftGen:Variant.MSILHeracles.12789 (B)
GDataGen:Variant.MSILHeracles.12789
ArcabitTrojan.MSILHeracles.D31F5
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
MAXmalware (ai score=88)
VBA32Trojan.MSIL.Agentb
MalwarebytesMalware.AI.4100313538
APEXMalicious
eGambitUnsafe.AI_Score_99%
FortinetW32/Agentb!tr
AVGWin32:SpywareX-gen [Trj]

How to remove MSILHeracles.12789 (B)?

MSILHeracles.12789 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment