Malware

What is “MSILPerseus.172506 (B)”?

Malware Removal

The MSILPerseus.172506 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILPerseus.172506 (B) virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Looks up the external IP address
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

Related domains:

ipinfo.io

How to determine MSILPerseus.172506 (B)?



File Info:

crc32: 8B997577
md5: 9453866dc9e10226668e7e42e9266c3d
name: upload_file
sha1: 8a0b2f158f8815ee6db019ea0be793a00b4d1124
sha256: 4458232e85617e2cad19adca2e9f65e1b4eb890733f81d05924fc92c6fc4d341
sha512: de40aafa0dd2b5553ed4b17bf42958c9681abf4cb13ac8f8e51590dd419670adafd162ca86df8af391ca783ea69caea4786861f05a61b8cc43478ce9a99aaea5
ssdeep: 3072:+rm2Hn/NYaUDpO/eOIy1ogqFu/M+a6T74eFkx95jsY8O5KlDm:+rfnlYX6Iy1Pt/M+aOBFM9qOQU
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2019
Assembly Version: 1.0.0.0
InternalName: SeafkoAgent.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
LegalTrademarks: SAEFKO
Comments: Windows Explorer
ProductName: Windows Explorer
ProductVersion: 1.0.0.0
FileDescription: Windows Explorer
OriginalFilename: SeafkoAgent.exe

MSILPerseus.172506 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.MSILPerseus.172506
FireEyeGeneric.mg.9453866dc9e10226
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
Qihoo-360Win32/Trojan.Spy.67f
McAfeeGenericRXKU-OL!9453866DC9E1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 00562f821 )
BitDefenderGen:Variant.MSILPerseus.172506
K7GWBackdoor ( 005422d41 )
CrowdStrikewin/malicious_confidence_100% (W)
TrendMicroBackdoor.MSIL.IRCBOT.SMF
CyrenW32/MSIL_Perseus.P.gen!Eldorado
SymantecTrojan Horse
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.MSIL.Stealer.gen
AlibabaBackdoor:MSIL/IRCbot.71310a2c
NANO-AntivirusTrojan.Win32.IRCBot.gehmnp
SUPERAntiSpywareBackdoor.IRCBot/Variant
Ad-AwareGen:Variant.MSILPerseus.172506
SophosMal/Generic-S
F-SecureTrojan.TR/BAS.Samca.pgmex
DrWebTrojan.DownLoader27.33680
InvinceaMal/Generic-S
McAfee-GW-EditionGenericRXKU-OL!9453866DC9E1
EmsisoftGen:Variant.MSILPerseus.172506 (B)
IkarusTrojan.MSIL.IRCBot
JiangminTrojanSpy.MSIL.aflz
WebrootW32.Trojan.Gen
AviraTR/BAS.Samca.pgmex
Antiy-AVLTrojan[Spy]/MSIL.Stealer
MicrosoftBackdoor:MSIL/IRCbot.L!bit
ArcabitTrojan.MSILPerseus.D2A1DA
ZoneAlarmHEUR:Trojan-Spy.MSIL.Stealer.gen
GDataGen:Variant.MSILPerseus.172506
CynetMalicious (score: 90)
AhnLab-V3Trojan/Win32.MSIL.R293405
BitDefenderThetaGen:NN.ZemsilF.34282.jm1@aCB6Gmk
ALYacGen:Variant.MSILPerseus.172506
MAXmalware (ai score=84)
VBA32TScope.Trojan.MSIL
MalwarebytesBackdoor.IRCBot
ZonerTrojan.Win32.86110
ESET-NOD32MSIL/IRCBot.GB
TrendMicro-HouseCallBackdoor.MSIL.IRCBOT.SMF
RisingBackdoor.Saefko!1.C93F (CLASSIC)
YandexTrojan.IRCBot!BjGgAJFZolI
SentinelOneDFI – Malicious PE
FortinetMSIL/IRCBot.GB!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen

How to remove MSILPerseus.172506 (B)?

MSILPerseus.172506 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment