Malware

Ser.MSILHeracles.270 (B) removal

Malware Removal

The Ser.MSILHeracles.270 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ser.MSILHeracles.270 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Created a process from a suspicious location

How to determine Ser.MSILHeracles.270 (B)?


File Info:

name: 6FE4133180EDFD3B0B71.mlw
path: /opt/CAPEv2/storage/binaries/827e9f64d3e0b079a67ec2f8a85c1ac06dd7c5e3dddb0cecdde61ef211f2e641
crc32: 2A673B8E
md5: 6fe4133180edfd3b0b719910008d88a3
sha1: d820137e82b55ecdc22f2d9d258f8d3af80cc9a3
sha256: 827e9f64d3e0b079a67ec2f8a85c1ac06dd7c5e3dddb0cecdde61ef211f2e641
sha512: 3adfe8d32c6dc157831df9f206ceefdfaf8f4a4a4ac0bea31bdf812f1dbe1576bf3cd22c6e48ffd9e503dcceb72e48da5f025d3e79fc990ebe41e9246f223688
ssdeep: 196608:C8fgSfCTg68z0yYCmJuf1X0dssYzXZjL:C8f2g68z8sAI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T178A63322F0075D81C5A32631C60DB7543EFA6E209BDB5D596900BBA6DABB3C0FAD07D1
sha3_384: 21663720854e8b03aa841a0d4b2e1d26dc9a5654d3ffd97b452bff2e45fcde3727d0d123eb0d4e4e667d6f9f2c6aae68
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-01-01 19:29:43

Version Info:

FileDescription: Awvs 12.x 通杀破解补丁 Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: Awvs 12.x 通杀破解补丁
LegalCopyright: 版权所有 (C) 2018
OriginalFilename: Awvs 12.x 通杀破解补丁.EXE
ProductName: Awvs 12.x 通杀破解补丁 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Ser.MSILHeracles.270 (B) also known as:

LionicTrojan.Win32.RRAT.4!c
MicroWorld-eScanGen:Variant.Ser.MSILHeracles.270
FireEyeGeneric.mg.6fe4133180edfd3b
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacTrojan.MSIL.Agent
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:Win32/Bladabindi.058c324c
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_70% (W)
SymantecTrojan.Dropper!g4
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.EHR
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.RRAT.ru
BitDefenderGen:Variant.Ser.MSILHeracles.270
NANO-AntivirusTrojan.Win32.MSILPerseus.gtooay
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Ser.MSILHeracles.270
EmsisoftGen:Variant.Ser.MSILHeracles.270 (B)
ComodoMalware@#2pxs8w2j36pj2
DrWebTrojan.DownLoader32.45816
ZillyaDropper.Agent.Win32.412218
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
IkarusTrojan.MSIL.CoinMiner
GDataGen:Variant.Ser.MSILHeracles.270
JiangminTrojan.MSIL.pdlv
WebrootW32.RRAT.ru
AviraTR/Dldr.Agent.ytsfa
MAXmalware (ai score=84)
MicrosoftTrojan:MSIL/Bladabindi
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4804162
Acronissuspicious
McAfeeArtemis!6FE4133180ED
VBA32Trojan.Tiggre
TencentWin32.Trojan.Rrat.Wurk
YandexTrojan.RRAT!QkDqjUNBeSA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.74242025.susgen
FortinetMSIL/Agent.FYL!tr.dldr
BitDefenderThetaGen:NN.ZemsilF.34666.@t0@aCh0!gpb
AVGWin32:Malware-gen
Cybereasonmalicious.180edf
PandaTrj/GdSda.A

How to remove Ser.MSILHeracles.270 (B)?

Ser.MSILHeracles.270 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment