Malware

Troj/MSIL-NWC (file analysis)

Malware Removal

The Troj/MSIL-NWC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/MSIL-NWC virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Network activity detected but not expressed in API logs
  • Checks the CPU name from registry, possibly for anti-virtualization

How to determine Troj/MSIL-NWC?



File Info:

crc32: 7F29DE9A
md5: 80abad664980992f868eff5580a69e20
name: elb.exe
sha1: 499780f6fa70d1c07eb3e2ef2e3392e6570cdf8b
sha256: 21ecf062b5e13395aa71ab9dc6942919483c9355eb3725641db262dd82551819
sha512: 7ebf7de2518bc3352d5717162439270e88735eb1a5130a8e11cb755c2be7392bb133d8d1a8fdac67f9d1f146cf51d68ed5ca5372d60ab75c327779f2ee3bf1e7
ssdeep: 6144:1XFnC4R1jBJuVdxbaC+0fpwlIPkGV6/FNW3b6oCTV:1VC4VJCxbagBPo/5oCTV
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: WkkgJWbauZaTEuMhPbaMUdDpFQsOwWM.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: WkkgJWbauZaTEuMhPbaMUdDpFQsOwWM.exe

Troj/MSIL-NWC also known as:

MicroWorld-eScanGen:Variant.Razy.577898
FireEyeGeneric.mg.80abad664980992f
Qihoo-360Generic/Trojan.PSW.a32
ALYacSpyware.AgentTesla
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.MSIL.Agensla.i!c
SangforMalware
K7AntiVirusTrojan ( 0056069a1 )
BitDefenderGen:Variant.Razy.577898
K7GWTrojan ( 0056069a1 )
Cybereasonmalicious.649809
TrendMicroBackdoor.MSIL.REMCOS.THCOBBO
BitDefenderThetaAI:Packer.730A9B3420
CyrenW32/MSIL_Troj.RC.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Autorun.Spy.Agent.DF
TrendMicro-HouseCallTrojanSpy.Win32.NEGASTEAL.SMTH
AvastWin32:FileinfectorX-gen [Trj]
ClamAVWin.Packed.Razy-7426372-0
GDataGen:Variant.Razy.577898
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.a
AlibabaTrojan:Win32/thief.ali2000020
NANO-AntivirusTrojan.Win32.Agensla.hdhxxt
ViRobotTrojan.Win32.Z.Razy.297984.H
RisingSpyware.AgentTesla!1.B864 (CLOUD)
Ad-AwareGen:Variant.Razy.577898
SophosTroj/MSIL-NWC
F-SecureTrojan.TR/Spy.Gen8
DrWebTrojan.PWS.AgenslaNET.1
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
SentinelOneDFI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftTrojan-Spy.Agent (A)
APEXMalicious
F-ProtW32/MSIL_Troj.RC.gen!Eldorado
AviraTR/Spy.Gen8
Antiy-AVLTrojan[PSW]/MSIL.Agensla
Endgamemalicious (high confidence)
ArcabitTrojan.Razy.D8D16A
AhnLab-V3Trojan/Win32.AgentTesla.C3450450
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.a
MicrosoftBackdoor:MSIL/Remcos!MTB
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=100)
MalwarebytesSpyware.PasswordStealer
PandaTrj/GdSda.A
TencentWin32.Trojan.Spy.Dzjv
YandexWorm.Autorun!t8PwzWqzg00
IkarusWorm.MSIL.Autorun
eGambitUnsafe.AI_Score_100%
FortinetMSIL/Agent.AES!tr.spy
AVGWin32:FileinfectorX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Troj/MSIL-NWC?

Troj/MSIL-NWC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment