MSILPerseus.148001 malicious file

The MSILPerseus.148001 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSILPerseus.148001 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Exhibits behavior characteristic of Pony malware
Collects information about installed applications
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients

Related domains:

z.whorecord.xyz

a.tomx.xyz

myp0nysite.ru

How to determine MSILPerseus.148001?


File Info:
crc32: C22ACA8B
md5: f8958a839b9672f687b65c8db2c8725c
name: F8958A839B9672F687B65C8DB2C8725C.mlw
sha1: f1d895220dab14fde1037788dacb17422b4b8b14
sha256: 02e6bcc6ba8a559c4d793920137903defae35ab8d32e4bc9b2f2068698a5e1db
sha512: 4cad07a7786f3501a45e0a3b3a4fd58d4c994aef9784e845d3512e2ae97441d90f9dce0d335389f1e9f4f945b4ad999ac554e975bd6cde9fdaef016bf0a116bc
ssdeep: 3072:6ouWZs4SROIXNZkLt3kysNdfbSIs4En8:64SROmN6Lt3ky8Vsln
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2018
Assembly Version: 1.0.0.0
InternalName: Tulfai.exe
FileVersion: 1.0.0.0
ProductName: Tulfai
ProductVersion: 1.0.0.0
FileDescription: Tulfai
OriginalFilename: Tulfai.exe

MSILPerseus.148001 also known as:

K7AntiVirus	Trojan ( 0052aed51 )
Lionic	Trojan.Win32.Generic.l!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.MSILPerseus.148001
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.1378603
Sangfor	Trojan.Win32.Agent.nil
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Trojan ( 0052aed51 )
Cybereason	malicious.39b967
Cyren	W32/Trojan.HVQY-7582
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.NHX
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan-Spy.Win32.Generic
BitDefender	Gen:Variant.MSILPerseus.148001
NANO-Antivirus	Trojan.Win32.Udtuu.ezcrgh
MicroWorld-eScan	Gen:Variant.MSILPerseus.148001
Tencent	Win32.Trojan-spy.Generic.Eeqv
Ad-Aware	Gen:Variant.MSILPerseus.148001
Sophos	Mal/Generic-S + Troj/MSIL-LHO
Comodo	Malware@#2r9sgw4kh9rso
BitDefenderTheta	Gen:NN.ZemsilF.34266.im0@aiIg3Yb
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_FAREIT.CBQ
FireEye	Generic.mg.f8958a839b9672f6
Emsisoft	Gen:Variant.MSILPerseus.148001 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanSpy.Generic.adm
Avira	HEUR/AGEN.1118528
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.250D216
Microsoft	Backdoor:Win32/Bladabindi!ml
Arcabit	Trojan.MSILPerseus.D24221
GData	Gen:Variant.MSILPerseus.148001
AhnLab-V3	Trojan/Win32.CoinMiner.C2434331
McAfee	Packed-FBZ!F8958A839B96
MAX	malware (ai score=98)
Malwarebytes	MachineLearning/Anomalous.96%
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TSPY_FAREIT.CBQ
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.NHX!tr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml

How to remove MSILPerseus.148001?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

MSILPerseus.148001 malicious file