Troj/MSIL-EBL removal instruction

The Troj/MSIL-EBL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Troj/MSIL-EBL virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Troj/MSIL-EBL?


File Info:
name: 5E801BCD7D699FB99B82.mlw
path: /opt/CAPEv2/storage/binaries/6be8cf6d15192cfb81aab3dc313b470eaeb96c178c65be24560568de499003b6
crc32: 18CB79A0
md5: 5e801bcd7d699fb99b82ad7faed6990e
sha1: 37a516aece3151929775f80c6ee05434641f598b
sha256: 6be8cf6d15192cfb81aab3dc313b470eaeb96c178c65be24560568de499003b6
sha512: efcb66b66de1f800d98d699cc093d7b2d342a26b90db41c3d7ebe8ded0c3e9f8503adb58af449cac7954250dea129022b3f8a67827f4a71434f67eb24608ae6a
ssdeep: 98304:YNEgJxq6YjToC22yCJ6uBCsO1UoNJfP3cxL6s7n:YNEyxXYXP22jPHU3fP3C62n
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14D3623BE23943798C42E88746133FE4AB3B6955F06E5C0EDB6C736C07B67611DA02B46
sha3_384: 519a66b4ae9b845eeb20a24ea0c9fdbf7adf388cceb5dcb102c6e49e2f7f76dde81fee1a82a95d6e50e308297e9fc660
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-08-30 21:57:25

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: Crypter.exe
LegalCopyright:  
OriginalFilename: Crypter.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Troj/MSIL-EBL also known as:

Bkav	W32.AIDetectMalware.CS
MicroWorld-eScan	IL:Trojan.MSILZilla.12453
FireEye	Generic.mg.5e801bcd7d699fb9
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	IL:Trojan.MSILZilla.12453
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:MSIL/Nagoot.f7db9297
K7GW	Trojan ( 005208071 )
BitDefenderTheta	Gen:NN.ZemsilF.36802.@p0@aqVvBic
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Injector.IKV
APEX	Malicious
ClamAV	Win.Dropper.Nanocore-10027416-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	IL:Trojan.MSILZilla.12453
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.Generic.Ckjl
Sophos	Troj/MSIL-EBL
Baidu	MSIL.Trojan.Injector.l
F-Secure	Trojan.TR/Inject.sbbeiko
DrWeb	Trojan.DownLoader12.46082
VIPRE	IL:Trojan.MSILZilla.12453
Trapmine	suspicious.low.ml.score
Emsisoft	IL:Trojan.MSILZilla.12453 (B)
SentinelOne	Static AI – Malicious PE
Varist	W32/Nagoot.A.gen!Eldorado
Avira	TR/Inject.sbbeiko
Microsoft	Trojan:MSIL/Nagoot.A
Xcitium	TrojWare.MSIL.Injector.JLU@7dud9s
Arcabit	IL:Trojan.MSILZilla.D30A5
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	IL:Trojan.MSILZilla.12453
Google	Detected
AhnLab-V3	Backdoor/Win32.Agent.C112640
McAfee	GenericRXAG-IX!5E801BCD7D69
MAX	malware (ai score=81)
Cylance	unsafe
Panda	Trj/CI.A
Rising	Trojan.Injector!8.C4 (CLOUD)
Ikarus	Trojan.MSIL.Nagoot
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Injector.IFP!tr
AVG	Win32:CrypterX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Troj/MSIL-EBL?

Troj/MSIL-EBL removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X