Malware

How to remove “MSILHeracles.28878 (B)”?

Malware Removal

The MSILHeracles.28878 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILHeracles.28878 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet

How to determine MSILHeracles.28878 (B)?



File Info:

name: A5A31F043F4E293E2760.mlw
path: /opt/CAPEv2/storage/binaries/18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986
crc32: B2E454AB
md5: a5a31f043f4e293e2760ccb4f209451e
sha1: 81ca6f4f16e8968e789332a6f3a6bf6847ed5fd5
sha256: 18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986
sha512: 19205650a46d3db2eb02ceb060da1297b6b774fa1f08aa3f93e9ed251733bb73094f915e2e68b438364b68a02a5102d9cc83ad890ddafc6a0413adf71fa61ecc
ssdeep: 12288:ef+uRISpxJAYkxssE2z5WZPhmF0kNV1zJTXg+:+lRIEJbkRErZPhsNV1xQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T176D4021906061197C0347E76708F323067FB4E579669DE8E5A9C3EE13E623EA8ED1393
sha3_384: 38e4a2f54c6fa7a963dddac0c5a392a5e7719ea6d3ce33459028e9882329b1494322d3fcb2c5484bbcc7707ed457eb5c
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-29 11:35:30


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Adobe                                                       
FileDescription: Adobe Photoshop 2022 Setup                                  
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Adobe Photoshop 2022                                        
ProductVersion: v23.0.0.36 64 Bit                                 
Translation: 0x0000 0x04b0

MSILHeracles.28878 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.MSILHeracles.28878
FireEyeGeneric.mg.a5a31f043f4e293e
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
McAfeeRDN/Generic.cf
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0056e5201 )
AlibabaTrojan:Win32/runner.ali1000123
K7GWTrojan ( 0056e5201 )
CrowdStrikewin/malicious_confidence_80% (W)
BitDefenderThetaGen:NN.ZemsilF.34114.Nm0@amIWkJl
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Androm.uwxm
BitDefenderGen:Variant.MSILHeracles.28878
NANO-AntivirusTrojan.Win32.Androm.jirsmq
AvastWin32:Trojan-gen
TencentWin32.Backdoor.Androm.Lndz
Ad-AwareGen:Variant.MSILHeracles.28878
EmsisoftGen:Variant.MSILHeracles.28878 (B)
TrendMicroTROJ_GEN.R002C0PL321
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosMal/Generic-S
IkarusTrojan.MSIL.Crypt
GDataGen:Variant.MSILHeracles.28878
AviraHEUR/AGEN.1138882
MAXmalware (ai score=85)
Antiy-AVLTrojan/MSIL.Kryptik
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftBackdoor:Win32/Fynloski.M
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.C3511924
ALYacGen:Variant.MSILHeracles.28878
MalwarebytesBackdoor.DarkComet
TrendMicro-HouseCallTROJ_GEN.R002C0PL321
YandexBackdoor.Androm!IdBvxQs3qtc
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetPossibleThreat
AVGWin32:Trojan-gen
Cybereasonmalicious.f16e89
PandaTrj/GdSda.A

How to remove MSILHeracles.28878 (B)?

MSILHeracles.28878 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment