Trojan

About “Trojan-PSW.MSIL.Reline.knm” infection

Malware Removal

The Trojan-PSW.MSIL.Reline.knm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.MSIL.Reline.knm virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-PSW.MSIL.Reline.knm?



File Info:

name: 1DD36829C9DBC6DC4691.mlw
path: /opt/CAPEv2/storage/binaries/74a36315e72618b30150c80b4dd4017309214b5cb7d33ffeb7c00d930ca45f24
crc32: 6625FD3F
md5: 1dd36829c9dbc6dc4691e89cedca62e3
sha1: bbf3ae2da73705fe7967775179876f323fba4e37
sha256: 74a36315e72618b30150c80b4dd4017309214b5cb7d33ffeb7c00d930ca45f24
sha512: 865b2dd85b78e839bcfaf991e117e7056712832eeed0373bbad5cb54ffa02cab286cc2e951275c8b818e1e8d53f38723a8319f16720e935f29bc595226eb50c2
ssdeep: 12288:OUIwos6IARycn59CH5NgFUsFE7Zlc+o0jVgIeJojXfbtr3mlDb:OZow59CZNtSE7LcpmgIwgzolDb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17BE42333E74CC90BCC00027FD5679B95780AFD7A968296E710E7352A2D783909A13E7B
sha3_384: d12d83c9398180138d18535b08988b094e2afa40993f7bb24dae569913eecb6b81c64146f07866ce7801e69c83e54edd
ep_bytes: 6801206900e801000000c3c38f7594b6
timestamp: 2021-12-08 19:38:04


Version Info:

ProductName: kGJ5Dz2R5sYx
ProductVersion: 6.2.2.2
FileDescription: kGJ5Dz2R5sYxb9uItYBR40suYYbRSOmPbLtEi1JjKswEdlLT8JsF3f
CompanyName: kGJ5Dz2
LegalCopyright: All Rights Reserved
Comments: kGJ5Dz2R5sYxb9uItYBR
Translation: 0x0409 0x0514

Trojan-PSW.MSIL.Reline.knm also known as:

BkavW32.AIDetect.malware2
LionicTrojan.MSIL.Reline.i!c
Elasticmalicious (high confidence)
CAT-QuickHealTrojanpws.Msil
ALYacTrojan.GenericKD.38234590
CylanceUnsafe
ZillyaTrojan.Asprotect.Win32.32
SangforInfostealer.MSIL.Reline.knm
CrowdStrikewin/malicious_confidence_70% (W)
AlibabaTrojanPSW:MSIL/Reline.db36ba0b
K7GWTrojan ( 0058ba5b1 )
K7AntiVirusTrojan ( 0058ba5b1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Asprotect.KN
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyTrojan-PSW.MSIL.Reline.knm
BitDefenderTrojan.GenericKD.38234590
ViRobotTrojan.Win32.Z.Reline.704512
MicroWorld-eScanTrojan.GenericKD.38234590
Ad-AwareTrojan.GenericKD.38234590
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0WLC21
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
FireEyeGeneric.mg.1dd36829c9dbc6dc
EmsisoftTrojan.GenericKD.38234590 (B)
IkarusTrojan.Win32.ASProtect
GDataTrojan.GenericKD.38234590
Antiy-AVLTrojan/Generic.ASMalwS.34F1762
GridinsoftRansom.Win32.Sabsik.ns
ArcabitTrojan.Generic.D24769DE
MicrosoftTrojan:Win32/Sabsik!ml
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=81)
VBA32BScope.TrojanPSW.Racealer
MalwarebytesSpyware.PasswordStealer
TrendMicro-HouseCallTROJ_GEN.R002C0WLC21
TencentMsil.Trojan-qqpass.Qqrob.Ecut
YandexTrojan.GenAsa!X8BvNG2jOjo
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34114.RG0aaG1Helli
AVGWin32:Malware-gen
Cybereasonmalicious.da7370
Paloaltogeneric.ml

How to remove Trojan-PSW.MSIL.Reline.knm?

Trojan-PSW.MSIL.Reline.knm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment