Trojan

Trojan-Dropper.MSIL.Addrop.csx (file analysis)

Malware Removal

The Trojan-Dropper.MSIL.Addrop.csx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Dropper.MSIL.Addrop.csx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Trojan-Dropper.MSIL.Addrop.csx?



File Info:

name: 91B6F8D1E89F560F2469.mlw
path: /opt/CAPEv2/storage/binaries/006115d132a11a734c6914fc9a36ed4a7da432702f1dcf88e3e8bc6f6be8d244
crc32: BF387A46
md5: 91b6f8d1e89f560f2469f78ee45bd7ff
sha1: df6e5d7b1bf85b229feed4c26e79480cc50dc28d
sha256: 006115d132a11a734c6914fc9a36ed4a7da432702f1dcf88e3e8bc6f6be8d244
sha512: b4f0f8883dbe5635dc44ad5282d9e7f36c2a572311f4537fb08f8b2d86712f20ce00a7a750592e04f5c42f38d2868a26c47703d2ca3c2130b63174a3e0d448bf
ssdeep: 12288:JyIFi2Kurqo7RWJpoj/XTRVxArs2sBMBQheqytq8/QH/Anbj/:JyIM2Kqqo7R4m/jRVysWNqn4nbj/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T101E4896392FD24F7F0A287B84517562B8F1A7F306A73890D653938FA2B36F84410BE55
sha3_384: ca03889929e884c0d71730503b62b998b80b67675f6677aa4a65ad9822483df56ce360359cd9c6ec3e20ff9abebe0132
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: GPA Setup                                                   
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: GPA                                                         
ProductVersion: 2.0.2                                             
Translation: 0x0000 0x04b0

Trojan-Dropper.MSIL.Addrop.csx also known as:

BkavW32.AIDetect.malware2
LionicTrojan.MSIL.Addrop.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.40932281
FireEyeTrojan.GenericKD.40932281
ALYacTrojan.GenericKD.40932281
CylanceUnsafe
VIPRETrojan.GenericKD.40932281
SangforTrojan.Win32.Skeeyah.A
CrowdStrikewin/grayware_confidence_90% (W)
AlibabaTrojanDropper:Win32/Addrop.579d3075
K7GWTrojan-Downloader ( 00519ebe1 )
K7AntiVirusTrojan-Downloader ( 00519ebe1 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.DRY
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Score-6842785-0
KasperskyTrojan-Dropper.MSIL.Addrop.csx
BitDefenderTrojan.GenericKD.40932281
AvastWin32:Trojan-gen
TencentMsil.Trojan-dropper.Addrop.Htby
Ad-AwareTrojan.GenericKD.40932281
SophosMal/Generic-S
ComodoMalware@#iqhnate0nz15
DrWebAdware.WizzMonetize.1
ZillyaTrojan.Agent.Win32.1037025
TrendMicroTROJ_GEN.R002C0DFR22
McAfee-GW-EditionBehavesLike.Win32.Dropper.jc
EmsisoftTrojan.GenericKD.40932281 (B)
IkarusTrojan-Downloader.Win32.Agent
GDataTrojan.GenericKD.40932281
JiangminAdWare.MSIL.lfrt
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1219018
MAXmalware (ai score=100)
ViRobotTrojan.Win32.Z.Qhost.693765
MicrosoftTrojan:Win32/Skeeyah.A!bit
CynetMalicious (score: 99)
AhnLab-V3PUP/Win32.Agent.R276298
McAfeeArtemis!91B6F8D1E89F
VBA32TrojanDropper.MSIL.Addrop
MalwarebytesAdware.Csdimonetize
TrendMicro-HouseCallTROJ_GEN.R002C0DFR22
RisingTrojan.Injector!1.DF63 (CLASSIC)
YandexTrojan.DR.Addrop!/Pqza/h+4Ls
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.74052310.susgen
FortinetW32/Addrop.CSX!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.1e89f5
PandaTrj/CI.A

How to remove Trojan-Dropper.MSIL.Addrop.csx?

Trojan-Dropper.MSIL.Addrop.csx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment