Malware

Should I remove “MSILPerseus.91413”?

Malware Removal

The MSILPerseus.91413 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSILPerseus.91413 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Bitdefender Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Detects VMware through the presence of a registry key

How to determine MSILPerseus.91413?



File Info:

name: 0631DBC507E9E84D8C37.mlw
path: /opt/CAPEv2/storage/binaries/ff45657f5b719feb0bdcb090da53386f9ca2fa5c092c06e547ded5f303985277
crc32: 63CE33C6
md5: 0631dbc507e9e84d8c37e78b2ffe2cea
sha1: 47fdc2001f178dd43a2b3c401f1b7dcccf4c8f0a
sha256: ff45657f5b719feb0bdcb090da53386f9ca2fa5c092c06e547ded5f303985277
sha512: dadfe5f2883a78262f0aa1c4be2e870e55a10e56ab5fd53e59f7e2df2681f3bb7a97bb7d4b59dff1a7aef489d96d55f4acd44c515634ebc5bc1d8f950acefc97
ssdeep: 3072:cT3fCP0smMqL0731EwoGGGCtJcH4G1PXCJ8jm/cEle64etUlHP6zLvf6fE1111es:YMj739GFJg4G1PCJ8jm/ckejef
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T166040298136A4173C74FDBB55CC38563223D9628A4C29B7E181DB2793A9274CCECFB81
sha3_384: a5d1ae2ecff34bae6897bc4c7755fdf0c946987e9f089a830b38654376eefcc128bc7a14cf1fc2addeddf1763027fcab
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-03-23 17:16:49


Version Info:

Translation: 0x0000 0x04b0
FileDescription: currently
FileVersion: 1.0.0.0
InternalName: currently.exe
LegalCopyright: Copyright ©  2014
OriginalFilename: currently.exe
ProductName: currently
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSILPerseus.91413 also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Inject.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.MSILPerseus.91413
FireEyeGeneric.mg.0631dbc507e9e84d
ALYacGen:Variant.MSILPerseus.91413
CylanceUnsafe
ZillyaTrojan.Inject.Win32.71735
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:MSIL/RegRun.f7da25ca
K7GWTrojan ( 700000121 )
Cybereasonmalicious.507e9e
BitDefenderThetaGen:NN.ZemsilF.34786.lm0@aqiL1Le
SymantecMobileInsightAppRisk:Generisk
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.DDV
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.MSILPerseus.91413
NANO-AntivirusTrojan.Win32.Zbot.cwxreh
Ad-AwareGen:Variant.MSILPerseus.91413
SophosML/PE-A + Troj/MSIL-QE
VIPREGen:Variant.MSILPerseus.91413
TrendMicroTROJ_NEUREVT.RUE
McAfee-GW-EditionTrojan-FDWY!0631DBC507E9
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.MSILPerseus.91413 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.edwl
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1235349
Antiy-AVLTrojan/Generic.ASMalwS.77
KingsoftWin32.Troj.Inject.kg.(kcloud)
MicrosoftTrojan:Win32/Neurevt.AB
GDataGen:Variant.MSILPerseus.91413
CynetMalicious (score: 100)
Acronissuspicious
McAfeeTrojan-FDWY!0631DBC507E9
MAXmalware (ai score=82)
VBA32Trojan.Inject
TrendMicro-HouseCallTROJ_NEUREVT.RUE
TencentWin32.Trojan.Inject.Dkr
YandexTrojan.Inject!W98h9B6seVs
TACHYONTrojan/W32.DN-Inject.184832.C
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.DIO!tr
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove MSILPerseus.91413?

MSILPerseus.91413 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment