Trojan.MSIL.Buts (file analysis)

The Trojan.MSIL.Buts is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.MSIL.Buts virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Trojan.MSIL.Buts?


File Info:
name: 6F782D6F2462C4E3D89C.mlw
path: /opt/CAPEv2/storage/binaries/446c3a92354e01738bd2ae47e4aa42a9c09747d83f605537e8b2292f4feaa8bf
crc32: A53B39F1
md5: 6f782d6f2462c4e3d89c12a122a906e3
sha1: 232fb7dd45bcd0d749a52e4e105a11b7f568bd24
sha256: 446c3a92354e01738bd2ae47e4aa42a9c09747d83f605537e8b2292f4feaa8bf
sha512: 8f86c46c965818a21ce39adb03b1fcd4b415b42d51ef2b5b74102c1aa4a1897154da1f122a87539ffe9268b08ac0dd9997d90f00f8820f2576bec6899e103b64
ssdeep: 96:hO/GDZwm6krYlb0W5JpSm6DW32lzNtz2lzNt:hUWZwm6cW0WDpuDWmfsf
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T19B12C501C3C84737E9364B729DB367805379FB12EEA79BAE69C5124BAE172500933B71
sha3_384: bc89399d492f0497e21dd0b3bd23fa194b5d25223772e40117f93b3788e60e38fb85d7b20dd8cc419a1102f4d832e325
ep_bytes: ff25002040004d5a9000030000000400
timestamp: 2092-12-27 16:43:18

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: stub
FileVersion: 1.0.0.0
InternalName: stub.exe
LegalCopyright: Copyright ©  2023
LegalTrademarks: 
OriginalFilename: stub.exe
ProductName: stub
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan.MSIL.Buts also known as:

Bkav	W32.Common.CA6C1B65
Lionic	Trojan.Win32.Crypt.4!c
MicroWorld-eScan	Trojan.GenericKD.68717046
FireEye	Trojan.GenericKD.68717046
McAfee	Artemis!6F782D6F2462
Cylance	unsafe
Sangfor	Trojan.Msil.Agent.Vibi
K7AntiVirus	Trojan ( 0050dee91 )
K7GW	Trojan ( 0050dee91 )
Cybereason	malicious.f2462c
BitDefenderTheta	Gen:NN.ZemsilF.36662.am0@aCkciuc
Cyren	W32/ABRisk.VYYD-3443
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.MSIL.Crypt.gen
BitDefender	Trojan.GenericKD.68717046
Avast	Win32:MalwareX-gen [Trj]
Emsisoft	Trojan.GenericKD.68717046 (B)
F-Secure	Trojan.TR/Kryptik.vblqy
VIPRE	Trojan.GenericKD.68717046
TrendMicro	TROJ_GEN.R002C0WHN23
McAfee-GW-Edition	Artemis
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.68717046
Webroot	W32.Trojan.Dropper
Avira	TR/Kryptik.vblqy
Antiy-AVL	Trojan/MSIL.Crypt
Arcabit	Trojan.Generic.D41889F6
ZoneAlarm	HEUR:Trojan.MSIL.Crypt.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
Acronis	suspicious
VBA32	Trojan.MSIL.Buts.gen
ALYac	Trojan.GenericKD.68717046
MAX	malware (ai score=84)
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0WHN23
Rising	Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:3tYHfJ/5BVUlXcwL6cu6Mg)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.CDA!tr
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Trojan.MSIL.Buts?

Trojan.MSIL.Buts removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X