Trojan

Trojan.MSIL.Injector.W (file analysis)

Malware Removal

The Trojan.MSIL.Injector.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.MSIL.Injector.W virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan.MSIL.Injector.W?



File Info:

name: D1A65D748FAE96BB7837.mlw
path: /opt/CAPEv2/storage/binaries/cf84e6ce7938ef295fbba9c19504a839778f46ee0f82114d21461c04238c1a4c
crc32: 48232A7F
md5: d1a65d748fae96bb7837e0b5488d9737
sha1: 2ffedd83c6640e0a059bae1012559e3a1029cb3f
sha256: cf84e6ce7938ef295fbba9c19504a839778f46ee0f82114d21461c04238c1a4c
sha512: 526b564d5291c372be7807fff9a4cd01383529e7aa5e2c2e5e18402227fd4f440acaec854fc765f121a1e17e67aac0b136e2736989862e40434f661cc9a6ed22
ssdeep: 3072:mIS/089tRlr9VgC6Y+3og1EkI4P74+nzLq/31:ml/dRjiC6YH0Y4Jzi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFC38C7831B18218C0926F369507D2B07265BCF0A22757F75FF49F018DE626A5E3EAD2
sha3_384: 6e1ca2c64e091f3b4e2afb9d015b13f2d6015e760c54d3349b7bb4e0e134c7cced44be51ea71280bf44f75222cb069b1
ep_bytes: ff250020400000000000000000000000
timestamp: 2012-09-20 08:39:34


Version Info:

Translation: 0x0000 0x04b0
Comments: Microsoft
CompanyName: Microsoft
FileDescription: AppCos
FileVersion: 4.5.1.5
InternalName: AppCos.exe
LegalCopyright: Copyright © Microsoft 2012
OriginalFilename: AppCos.exe
ProductName: AppCos
ProductVersion: 4.5.1.5
Assembly Version: 2.3.4.1

Trojan.MSIL.Injector.W also known as:

Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.715
CynetMalicious (score: 99)
FireEyeGeneric.mg.d1a65d748fae96bb
CAT-QuickHealPUA.GenericFC.S6060348
ALYacTrojan.MSIL.Injector.W
CylanceUnsafe
K7AntiVirusTrojan ( 004e7c0a1 )
AlibabaTrojanSpy:Win32/Kryptik.25f16d05
K7GWTrojan ( 004e7c0a1 )
Cybereasonmalicious.48fae9
BitDefenderThetaGen:NN.ZemsilF.34212.hq3@aeEN35k
VirITTrojan.Win32.Generic.BUET
CyrenW32/MSIL_Troj.BXH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.AW
TrendMicro-HouseCallTROJ_AGENT_050851.TOMB
ClamAVWin.Trojan.Agent-399145
KasperskyHEUR:Trojan-Spy.Win32.Generic
BitDefenderTrojan.MSIL.Injector.W
NANO-AntivirusTrojan.Win32.Win32.dbypjs
MicroWorld-eScanTrojan.MSIL.Injector.W
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10b9ab57
Ad-AwareTrojan.MSIL.Injector.W
EmsisoftTrojan.MSIL.Injector.W (B)
ComodoMalware@#950ki18pph3x
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_AGENT_050851.TOMB
McAfee-GW-EditionGenericRXGV-FJ!D1A65D748FAE
SophosMal/Generic-S
IkarusBackdoor.Win32.Xtrat
GDataTrojan.MSIL.Injector.W
JiangminBackdoor/Azbreg.qv
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Backdoor]/Win32.Poison
ArcabitTrojan.MSIL.Injector.W
ZoneAlarmHEUR:Trojan-Spy.Win32.Generic
MicrosoftBackdoor:Win32/Bladabindi!ml
SentinelOneStatic AI – Malicious PE
AhnLab-V3Trojan/Win32.Xorist.R37229
McAfeeGenericRXGV-FJ!D1A65D748FAE
VBA32Hoax.Xorist
MalwarebytesMalware.AI.2514576917
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:ak8DLvKYk4IH2tDYnXXXUg)
YandexTrojan.Agent!/riFORhfX68
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.4564552.susgen
FortinetMSIL/Kryptik.VS!tr
AVGWin32:TrojanX-gen [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.MSIL.Injector.W?

Trojan.MSIL.Injector.W removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment