Trojan

What is “Trojan.MSIL.Revenge.cvk”?

Malware Removal

The Trojan.MSIL.Revenge.cvk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.MSIL.Revenge.cvk virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection
  • CAPE detected the RevengeRAT malware family
  • Anomalous binary characteristics

How to determine Trojan.MSIL.Revenge.cvk?



File Info:

name: DDC61D1AD9CDFDA03495.mlw
path: /opt/CAPEv2/storage/binaries/9b47e150a9259ae7a6df20f070dc9faf9d5a589347f8db8a9f64c64060cb7606
crc32: A48DC095
md5: ddc61d1ad9cdfda0349598deef5d789d
sha1: b4d730326b0464844c1d78cb025283d6f10e333e
sha256: 9b47e150a9259ae7a6df20f070dc9faf9d5a589347f8db8a9f64c64060cb7606
sha512: 860f6e35955609adfa0deddca3e21d0082f38161589c23bb39794d22f18b94d9233d543d31a4bcc09312e60bd2618fac4b0d2430e5ab9e72172f25da10e3bf8e
ssdeep: 12288:VCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaeTiznkmQiH:VCdxte/80jYLT3U1jfsWaGirkVVXZTQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A825AD2273DDC370CB669173BF69B7016EBF38614630B85B2F881D7DA950162162DBA3
sha3_384: e6fb3b719fd88fae89a36dace69dcf526803c2ab392526940732f3e2e8a43339fbce9dc62bcff85383284fec521d3b74
ep_bytes: e8b8d00000e97ffeffffcccccccccccc
timestamp: 2019-04-07 22:52:52


Version Info:

Translation: 0x0809 0x04b0

Trojan.MSIL.Revenge.cvk also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!e
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader27.43551
MicroWorld-eScanTrojan.GenericKD.41191100
FireEyeGeneric.mg.ddc61d1ad9cdfda0
ALYacTrojan.MSIL.Revetrat
CylanceUnsafe
K7AntiVirusTrojan ( 0054b7cd1 )
AlibabaTrojan:Win32/AutoitCrypt.180
K7GWTrojan ( 0054b7cd1 )
Cybereasonmalicious.ad9cdf
BitDefenderThetaAI:Packer.53FB24DC17
VirITTrojan.Win32.Dnldr27.CMLB
CyrenW32/Nymeria.YXQN-0327
ESET-NOD32a variant of Win32/Injector.Autoit.DUY
TrendMicro-HouseCallBackdoor.Win32.REVET.AB
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Revenge.cvk
BitDefenderTrojan.GenericKD.41191100
NANO-AntivirusTrojan.Win32.Revenge.fpbzwb
AvastWin32:Trojan-gen
TencentWin32.Trojan.Autoit.Auto
Ad-AwareTrojan.GenericKD.41191100
EmsisoftTrojan.GenericKD.41191100 (B)
ComodoMalware@#7qg5plowkwk2
TrendMicroBackdoor.Win32.REVET.AB
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.dh
SophosMal/Generic-R + Mal/AuItInj-A
IkarusTrojan.Autoit
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1245439
MicrosoftTrojan:Win32/Skeeyah.A!bit
ViRobotTrojan.Win32.Z.Autoit.987648
GDataTrojan.GenericKD.41191100
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/AutoInj.Exp
McAfeeArtemis!DDC61D1AD9CD
VBA32Trojan-Downloader.Autoit.gen
MalwarebytesBackdoor.RevengeRAT
APEXMalicious
RisingTrojan.Obfus/Autoit!1.BB81 (CLASSIC)
MAXmalware (ai score=100)
FortinetW32/Autoit.DWF!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.MSIL.Revenge.cvk?

Trojan.MSIL.Revenge.cvk removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment