Malware

MSILPerseus.212137 removal guide

Malware Removal

The MSILPerseus.212137 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What MSILPerseus.212137 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine MSILPerseus.212137?


File Info:

name: 2D871FDCD22DF91991B8.mlw
path: /opt/CAPEv2/storage/binaries/5bb127f1ee2a2421b27250d62cf23e7ccd8a9f320c3722759164fd311b5bc2d3
crc32: 7F453B31
md5: 2d871fdcd22df91991b85e5e04227692
sha1: 096e33fdb1dfa5737d8c4def138609889e060db5
sha256: 5bb127f1ee2a2421b27250d62cf23e7ccd8a9f320c3722759164fd311b5bc2d3
sha512: d97c51961789e1f6acbfe2d8787cea7589bf15c9e4c5cb32476ecb02674dda041a742651590ebb7bb7ba0f9d7840f2e90c6b8664147ef88e6d4b073ebc6fbeb0
ssdeep: 3072:0eeZCn6amtt7bvyTYX7gl0IpaeeZCn6amtt7bvyTYX7gl0Ip1:0eeY67tnEhpaeeY67tnEhp1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C924E783768B8710D55955B5C0EF493507E6BFC37633E28A3E4C77994E823A39E80B89
sha3_384: 85dc050b514b70567affac24d3fab14e12edf27976b990bcf08c60e46071658ce53c3cf1cb017eab41c9fc72b0198dc4
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-01-12 15:52:54

Version Info:

Translation: 0x0000 0x04b0
FileDescription: OmeGa_2
FileVersion: 1.0.0.0
InternalName: OmeGa_2.exe
LegalCopyright: Copyright © 2014
OriginalFilename: OmeGa_2.exe
ProductName: OmeGa_2
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSILPerseus.212137 also known as:

BkavW32.AIDetectNet.01
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.MSILPerseus.212137
FireEyeGeneric.mg.2d871fdcd22df919
McAfeeGenericRXHH-CX!2D871FDCD22D
CylanceUnsafe
VIPREGen:Variant.MSILPerseus.212137
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.cd22df
VirITBackdoor.Win32.Bladabindi.JEM
CyrenW32/MSIL_Injector.AZ.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.HEE
APEXMalicious
ClamAVWin.Trojan.Generickd-1843
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.MSILPerseus.212137
NANO-AntivirusTrojan.Win32.Dwn.dtdxvv
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10b38d06
Ad-AwareGen:Variant.MSILPerseus.212137
EmsisoftGen:Variant.MSILPerseus.212137 (B)
ComodoTrojWare.MSIL.Agent.db@5j43hg
DrWebTrojan.DownLoader12.8719
ZillyaTrojan.Injector.Win32.270938
McAfee-GW-EditionGenericRXHH-CX!2D871FDCD22D
Trapminemalicious.moderate.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.MSILPerseus.212137
WebrootW32.Malware.gen
AviraHEUR/AGEN.1203849
Antiy-AVLTrojan/Generic.ASMalwS.330C
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:MSIL/Bladabindi!rfn
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Bladabindi.R137605
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.34582.nq3@aOSa1Ij
ALYacGen:Variant.MSILPerseus.212137
MAXmalware (ai score=82)
VBA32TrojanDropper.FrauDrop
MalwarebytesTrojan.Injector
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:j64KbLiHS/eI7jqVA8qTTw)
YandexTrojan.DR.FrauDrop!zV0QtC/SjhE
IkarusTrojan.Dropper
FortinetMSIL/Kryptik.JXB!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSILPerseus.212137?

MSILPerseus.212137 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment