Malware

MSILHeracles.142813 (B) removal guide

Malware Removal

The MSILHeracles.142813 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILHeracles.142813 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the embedded pe malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine MSILHeracles.142813 (B)?



File Info:

name: 7B66C054FE139B40A9F3.mlw
path: /opt/CAPEv2/storage/binaries/3c7f2605fcb3c7f90b7d0436d6d93ba8a227776cc3a1c079a6577a4453c5a53c
crc32: 964BADD7
md5: 7b66c054fe139b40a9f362cc8e914df3
sha1: af3d2bc78f2ffe0c85e826fe35ac06f22fe62d82
sha256: 3c7f2605fcb3c7f90b7d0436d6d93ba8a227776cc3a1c079a6577a4453c5a53c
sha512: 70909fef9f6d642fa4eb565c20e133bfb2cfb3dd65af01a8387716dac965f2ae2a95b545e52852887ad30cc7d5d1e0410a28bdf7e0348454f8875103988e929b
ssdeep: 6144:J1sA6fnlk/yk3laiga7Lh9za0HBzJVJJrRHkgwpVWQC4OGMozRy8m:LinQf3Vga7Lh7zPcVWQNso3m
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T170A4F10175D5C032E2BF1B385C70A66559BEBAB12F74C98FA75C852E4EB82C0D724B63
sha3_384: e0191a5b362c6fa1f2b56abad83c01b11f1513354825bd8ce23040544408765ade26bf96e7fcc1786d37b4947a2142f3
ep_bytes: 558bec837d0c017505e8a3020000ff75
timestamp: 2017-11-18 21:59:06


Version Info:

Translation: 0x0000 0x04e4
Comments: C:WiXTesttiho_exe.cs
FileDescription: DTF Self-Extracting Custom Action
FileVersion: 3.11.1.2318
InternalName: SfxCA
LegalCopyright: Copyright (c) .NET Foundation and contributors.  All rights reserved.
OriginalFilename: SfxCA.dll
ProductVersion: 3.11.1.2318
Assembly Version: 0.0.0.0
CompanyName: .NET Foundation
ProductName: Windows Installer XML Toolset

MSILHeracles.142813 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.MSIL.Downloader.073am9@bSlaRBp
FireEyeGen:Trojan.MSIL.Downloader.073am9@bSlaRBp
K7GWTrojan-Downloader ( 005b11251 )
K7AntiVirusTrojan-Downloader ( 005b11251 )
KasperskyUDS:Trojan-Downloader.MSIL.Agent.gen
BitDefenderGen:Trojan.MSIL.Downloader.073am9@bSlaRBp
AvastWin32:DropperX-gen [Drp]
EmsisoftGen:Variant.MSILHeracles.142813 (B)
VIPREGen:Trojan.MSIL.Downloader.073am9@bSlaRBp
IkarusTrojan.Win32.Seheq
GoogleDetected
VaristW32/MSIL_Agent.HKL.gen!Eldorado
Antiy-AVLGrayWare/Win32.Wacapew
ArcabitTrojan.MSILHeracles.D22DDD
ZoneAlarmHEUR:Trojan-Downloader.MSIL.Agent.gen
GDataGen:Variant.MSILHeracles.142813
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C5559966
ALYacGen:Variant.MSILHeracles.142813
MAXmalware (ai score=88)
MalwarebytesTrojan.Downloader.MSIL
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002H07BK24
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.QGE!tr
AVGWin32:DropperX-gen [Drp]

How to remove MSILHeracles.142813 (B)?

MSILHeracles.142813 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment