Malware

MSILHeracles.24398 removal instruction

Malware Removal

The MSILHeracles.24398 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILHeracles.24398 virus can do?

  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine MSILHeracles.24398?



File Info:

name: CB3C9CD9A7B528AD846D.mlw
path: /opt/CAPEv2/storage/binaries/eb3b8e3ea34b8aa37e1cc660dcaec20b2df22961d7f86d1fec8b92c82e1f5a75
crc32: CD20B8F6
md5: cb3c9cd9a7b528ad846d25d6655bb2cc
sha1: cdd8b1ce8acb3e3935ad63c3db36c4a0ddc69724
sha256: eb3b8e3ea34b8aa37e1cc660dcaec20b2df22961d7f86d1fec8b92c82e1f5a75
sha512: fb62dc9667fb05973dbef9e7a301a383aaf189c43b390ecd015f5254feedc846ffa07dd340aeb142c5dcf834043a4d1eba42e291ea1d16bc41831c41f7ee537b
ssdeep: 24576:VGFvCCgszhjFTDk6y8EF7eUiY/jPvkt96VfNoKbw9AIClCrRXSjHm4IcWiR+rvQQ:0FvBdhc8E5ejIvKwfBbkbqCr0jHm4I9b
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A36523105BB9FA5FED453F3CB5A2B424E5F31F740A29A8BBD8CD326E25312D1065243A
sha3_384: 9edd2d34981fa065e991511fa022c7e6640d7763c532876303ab9f4142805c6073f1f74a1ae9b1d3a0f5a78e114b6c09
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-08-18 03:32:38


Version Info:

Translation: 0x0000 0x04b0
Comments: https://github.com/TheC0mpany/GrowtopiaStealer
CompanyName: github.com/TheC0mpany
FileDescription: GrowtopiaStealer
FileVersion: 1.0.0.0
InternalName: GrowtopiaStealer.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: TheC0mpany
OriginalFilename: GrowtopiaStealer.exe
ProductName: GrowtopiaStealer
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSILHeracles.24398 also known as:

LionicTrojan.Win32.Heracles.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.MSILHeracles.24398
FireEyeGeneric.mg.cb3c9cd9a7b528ad
McAfeeArtemis!CB3C9CD9A7B5
CylanceUnsafe
ZillyaTrojan.Anagra.Win32.378
SangforBackdoor.Win32.Bladabindi.ml
K7AntiVirusPassword-Stealer ( 0057fff91 )
AlibabaTrojanPSW:MSIL/Anagra.2000588c
K7GWPassword-Stealer ( 0057fff91 )
Cybereasonmalicious.e8acb3
BitDefenderThetaGen:NN.ZemsilF.34084.Dn0@auP0z2k
CyrenW32/Trojan.GWT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/PSW.Discord.YZ
TrendMicro-HouseCallTROJ_GEN.R002C0WHP21
Paloaltogeneric.ml
KasperskyTrojan-PSW.MSIL.Anagra.hv
BitDefenderGen:Variant.MSILHeracles.24398
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Variant.MSILHeracles.24398
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WHP21
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.MSILHeracles.24398 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.MSILHeracles.24398
eGambitUnsafe.AI_Score_99%
AviraTR/PSW.Discord.qmstw
MAXmalware (ai score=88)
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4605984
MalwarebytesSpyware.PasswordStealer.Growtopia
APEXMalicious
IkarusTrojan.Agent
MaxSecureTrojan.Malware.103970628.susgen
FortinetMSIL/Discord.YZ!tr.pws
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove MSILHeracles.24398?

MSILHeracles.24398 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment