What is “MSILHeracles.34946”?

The MSILHeracles.34946 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSILHeracles.34946 virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the OrcusRAT malware family

How to determine MSILHeracles.34946?


File Info:
name: 281C616454214B87BD42.mlw
path: /opt/CAPEv2/storage/binaries/4073df9884b3d05897a50ba94379491177017a6fed2effe687f43c742ee0a356
crc32: 734E3051
md5: 281c616454214b87bd42d26e925637c8
sha1: 83a46765d3e86b3812ea814c6ed868a08aec5347
sha256: 4073df9884b3d05897a50ba94379491177017a6fed2effe687f43c742ee0a356
sha512: b7338c48923ca6efd9be3958cb16f5953745b64753ef61af491f01cff286969dc39dc83a1ca73fbaa54597338d8eaf557e98ebf0c1eb019d3a810836d1e53237
ssdeep: 49152:oEOOQrravIqZVFcUq9jIybPmribQIHpgDc1Uwj7wGCRy99:o8emri/JgDxseRy9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C995DF51AB61CE07C3CA2B3AA567852C0BB1D552B31AF74F1F7C24BC6C632B64A053D6
sha3_384: ee69de006750ec6cf55c39caad839694fea8f326c42564d5aeca1094a7d942de4dae779ffa56d85f21ab1a0116d695e9
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-27 10:12:27

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: Orcus.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Orcus.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSILHeracles.34946 also known as:

Bkav	W32.AIDetectNet.01
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
FireEye	Generic.mg.281c616454214b87
ALYac	Gen:Variant.MSILHeracles.34946
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005069291 )
K7GW	Trojan ( 005069291 )
Cybereason	malicious.454214
Cyren	W32/MSIL_Injector.KK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Orcusrat.G
APEX	Malicious
ClamAV	Win.Malware.Wacatac-9835217-0
BitDefender	Gen:Variant.MSILHeracles.34946
MicroWorld-eScan	Gen:Variant.MSILHeracles.34946
Ad-Aware	Gen:Variant.MSILHeracles.34946
Emsisoft	Backdoor.Orcus (A)
F-Secure	Heuristic.HEUR/AGEN.1203178
VIPRE	Gen:Variant.MSILHeracles.34946
TrendMicro	BKDR_ORCUSRAT.SM
McAfee-GW-Edition	GenericRXNP-MP!281C61645421
Sophos	Mal/OrcusRAT-A
Ikarus	Trojan.MSIL.Agent
GData	Gen:Variant.MSILHeracles.34946
Jiangmin	Trojan.Generic.cthay
Avira	HEUR/AGEN.1203178
Antiy-AVL	Trojan/Generic.ASCommon.250
Arcabit	Trojan.MSILHeracles.D8882
Microsoft	Backdoor:MSIL/Orcus.A!bit
Google	Detected
AhnLab-V3	Trojan/Win32.RL_Generic.C4291574
Acronis	suspicious
McAfee	GenericRXNP-MP!281C61645421
MAX	malware (ai score=86)
VBA32	Malware-Cryptor.MSIL.AgentTesla.Heur
Malwarebytes	Backdoor.Orcus
TrendMicro-HouseCall	BKDR_ORCUSRAT.SM
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.ASJ!tr
BitDefenderTheta	Gen:NN.ZemsilF.34606.5n0@aaC98ao

How to remove MSILHeracles.34946?

MSILHeracles.34946 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X