Trojan

Trojan.MSIL.Disfa.fvfp (file analysis)

Malware Removal

The Trojan.MSIL.Disfa.fvfp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.MSIL.Disfa.fvfp virus can do?

  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Trojan.MSIL.Disfa.fvfp?



File Info:

name: ECA742E2FDEA8DABDF42.mlw
path: /opt/CAPEv2/storage/binaries/ae4901248899d210a3fad7f123221b2ea51da4aaa6d12166d86976c64ce0b0fa
crc32: 729F0DB2
md5: eca742e2fdea8dabdf42be9d1752ea69
sha1: 2ea30512e0625d20f215b8d5d6278eb7dd77022e
sha256: ae4901248899d210a3fad7f123221b2ea51da4aaa6d12166d86976c64ce0b0fa
sha512: a3f6442b84c27cf2b7974532c7c7dcf202edc3f8f2eccde82f6cd554340e642dfe805fe27a65731d2935080f150d0d133fdab334226803b636c11bb28472ba58
ssdeep: 1536:miIdl9d/bqiUDDDd4B4TjAplsSvJMSsU:miYxOicNXTjglRMSsU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17053BF83529A5A13E2AA4FF98DF2D77212F0D0660863EB57BCD5030E1BC17D24726ED6
sha3_384: e4ed4d32102f6e508cd054cae21393b7d77b68beb51d11c6ab0b8e01dcf4c1d481608b8dc489edf07f79b6c3800fefc9
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-04-26 10:25:00


Version Info:

Translation: 0x0000 0x04b0
Comments: YouCam6
CompanyName: SmartAssembly 6
FileDescription: WCF
FileVersion: 333.202.166.245
InternalName: WCF.exe
LegalCopyright: Copyright © YouCam6 2015
LegalTrademarks: SmartAssembly 6
OriginalFilename: WCF.exe
ProductName: WCF
ProductVersion: 333.202.166.245
Assembly Version: 23.365.123.203

Trojan.MSIL.Disfa.fvfp also known as:

BkavW32.AIDetectMalware.CS
AVGWin32:Malware-gen
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Androm.3
FireEyeGeneric.mg.eca742e2fdea8dab
SkyhighBehavesLike.Win32.Generic.kh
McAfeeArtemis!ECA742E2FDEA
VIPREGen:Heur.MSIL.Androm.3
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.ILHeur.IU
SymantecBackdoor.Ratenjay
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Kryptik.CLF
APEXMalicious
KasperskyTrojan.MSIL.Disfa.fvfp
BitDefenderGen:Heur.MSIL.Androm.3
NANO-AntivirusTrojan.Win32.Disfa.drbhhy
AvastWin32:Malware-gen
TencentMsil.Trojan.Disfa.Vimw
EmsisoftGen:Heur.MSIL.Androm.3 (B)
F-SecureHeuristic.HEUR/AGEN.1306838
DrWebTrojan.DownLoader13.3545
ZillyaTrojan.Disfa.Win32.27598
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.MSIL.Krypt
JiangminTrojan/MSIL.fjbi
AviraHEUR/AGEN.1306838
Antiy-AVLTrojan/MSIL.Disfa
Kingsoftmalware.kb.c.1000
MicrosoftBackdoor:MSIL/Bladabindi
XcitiumMalware@#ysygc9q8scyr
ArcabitTrojan.MSIL.Androm.3
ZoneAlarmTrojan.MSIL.Disfa.fvfp
GDataGen:Heur.MSIL.Androm.3
GoogleDetected
BitDefenderThetaGen:NN.ZemsilF.36802.dm0@a84cHlf
MAXmalware (ai score=88)
Cylanceunsafe
PandaTrj/CI.A
RisingMalware.Obfus/MSIL@AI.98 (RDM.MSIL2:/YwS2vKAgyLlFR2mdL6UdQ)
YandexTrojan.Disfa!UzvVRxTjSc4
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.10E10E!tr
DeepInstinctMALICIOUS

How to remove Trojan.MSIL.Disfa.fvfp?

Trojan.MSIL.Disfa.fvfp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment