Malware

MSILHeracles.39894 malicious file

Malware Removal

The MSILHeracles.39894 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILHeracles.39894 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSILHeracles.39894?



File Info:

name: 6309A72BC87BD7621763.mlw
path: /opt/CAPEv2/storage/binaries/0e7d15f06c9b621386dc52bb17ed67a1138ad6586b10a59cdef4e2204ec1e728
crc32: A59143C1
md5: 6309a72bc87bd76217639230cf538ca3
sha1: a33d8f0ad081bd8fb66cabd6a3e07234dc815ae6
sha256: 0e7d15f06c9b621386dc52bb17ed67a1138ad6586b10a59cdef4e2204ec1e728
sha512: 3edab267fcde9e453b8c822607add2c4d79194a863ba1d05292b906611dee6b4c6bb9c52333c10976ba66aad3ab864ead178b7ace01b1ef60ff94347ad1c0c0b
ssdeep: 98304:DPS57h38Pin5FMSQlvQF5aLZOFH9YPChWbJ48t3CrO:DPihMPin5SvQF5aLcHc48tSr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T181163308DBCC5A52FBD56739149701989AFEFB23F522EB1EA50911AC3FA33E419C02D5
sha3_384: c6fbbe732a8f73bf0e11bffd39532081ac20141f40b5a1f18001f397cbf41030411c999401bef717482e36775eba4a8f
ep_bytes: ff2500c09b00feb62947bb167ab9fdab
timestamp: 2077-06-29 14:33:21


Version Info:

Translation: 0x0000 0x04b0
Comments: Ophelia#1000 and Jinor#1000
CompanyName: 
FileDescription: Lexia
FileVersion: 1.2
InternalName: Lexia.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: Lexia.exe
ProductName: Lexia
ProductVersion: 1.2
Assembly Version: 1.2.0.0

MSILHeracles.39894 also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Heracles.4!c
MicroWorld-eScanGen:Variant.MSILHeracles.39894
McAfeeArtemis!6309A72BC87B
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058dd1c1 )
AlibabaPacked:Win32/VMProtect.d2ae37f6
K7GWTrojan ( 0058dd1c1 )
Cybereasonmalicious.bc87bd
BitDefenderThetaGen:NN.ZemsilF.34582.@x0@aClA5Cg
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.VMProtect.ACR
TrendMicro-HouseCallTROJ_GEN.R002H09H722
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.GenericML.xnet
BitDefenderGen:Variant.MSILHeracles.39894
AvastMalwareX-gen [Trj]
Ad-AwareGen:Variant.MSILHeracles.39894
EmsisoftGen:Variant.MSILHeracles.39894 (B)
F-SecureHeuristic.HEUR/AGEN.1226420
VIPREGen:Variant.MSILHeracles.39894
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.6309a72bc87bd762
SophosGeneric PUA KD (PUA)
APEXMalicious
GDataGen:Variant.MSILHeracles.39894
AviraHEUR/AGEN.1226420
MAXmalware (ai score=83)
Antiy-AVLTrojan[Packed]/Win32.VMProtect
ArcabitTrojan.MSILHeracles.D9BD6
ZoneAlarmUDS:Trojan.Win32.GenericML.xnet
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
ALYacGen:Variant.MSILHeracles.39894
MalwarebytesMalware.AI.1267943197
RisingTrojan.Generic/MSIL@AI.90 (RDM.MSIL:jmFc99hPxfRR/FTKAkA0Ow)
IkarusTrojan.Win32.VMProtect
FortinetPossibleThreat
AVGMalwareX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSILHeracles.39894?

MSILHeracles.39894 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment