Trojan

Trojan-PSW.MSIL.Reline.kox removal guide

Malware Removal

The Trojan-PSW.MSIL.Reline.kox is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.MSIL.Reline.kox virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-PSW.MSIL.Reline.kox?



File Info:

name: 8E61C1B3005FCD8FAB31.mlw
path: /opt/CAPEv2/storage/binaries/dc234e0be0ee33652ccd67188eed6f57c6210ca33b77091404b8923d5b186a1d
crc32: 4B03272F
md5: 8e61c1b3005fcd8fab31f6bf95893370
sha1: c27f39464eda434542b1a08075a0323818376715
sha256: dc234e0be0ee33652ccd67188eed6f57c6210ca33b77091404b8923d5b186a1d
sha512: f9df35b8431cfa8ebde5d6c2f47c27b751bd4fb9f57c7b0e11f4122e666ad2384ca36167d007ee59b86c14d0ba88a11b93b670fa4b6a23ab55cdde1dd03a366b
ssdeep: 12288:MWMpBo2nO2hrGqPIPsOyOoeF1/Ehob4FiHbYJxizGGVc+o0jVgIeJO2miwFgboYV:LMbo2nO2hrwPp/eobtENKcpmgIwOcNV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188E423F7F380CC02D156267699A397764F40FD0AA7E536A92087336F6E792C09C12D7A
sha3_384: cb29dd7533f3b2b46718c12fc0afef475ddad4309a90655fae4ec024d3d4fe6a36a53775575db11aaf0dce5f856ffba4
ep_bytes: 6801007100e801000000c3c3fb2e1749
timestamp: 2021-12-08 19:35:05


Version Info:

ProductName: FvgO4m49Wt3
ProductVersion: 1.7.8.7
FileDescription: FvgO4m49Wt3DUJDimYwBgeYz7psYI18Fv3YhXQfi5dKALuJVxu4GX
CompanyName: FvgO4m4
LegalCopyright: All Rights Reserved
Comments: FvgO4m49Wt3DUJDimYwBgeYz7psYI18Fv
Translation: 0x0409 0x0514

Trojan-PSW.MSIL.Reline.kox also known as:

BkavW32.UniknafeY.Trojan
LionicTrojan.Win32.Convagent.i!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.8e61c1b3005fcd8f
McAfeeArtemis!8E61C1B3005F
MalwarebytesSpyware.RedLineStealer
SangforInfostealer.MSIL.Reline.kox
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:MSIL/Reline.fda214be
K7GWTrojan ( 0058badd1 )
K7AntiVirusTrojan ( 0058badd1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Asprotect.KN
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-PSW.MSIL.Reline.kox
BitDefenderTrojan.GenericKD.38249969
MicroWorld-eScanTrojan.GenericKD.38249969
Ad-AwareTrojan.GenericKD.38249969
EmsisoftTrojan.GenericKD.38249969 (B)
TrendMicroTROJ_GEN.R03FC0WLE21
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosMal/Generic-S
IkarusTrojan.Win32.ASProtect
GDataTrojan.GenericKD.38249969
JiangminTrojan.PSW.MSIL.czpi
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D247A5F1
ViRobotTrojan.Win32.Z.Sabsik.704512.G
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
BitDefenderThetaGen:NN.ZexaF.34114.RG1aaykpglhi
ALYacTrojan.GenericKD.38249969
MAXmalware (ai score=84)
VBA32BScope.TrojanPSW.Racealer
TrendMicro-HouseCallTROJ_GEN.R03FC0WLE21
YandexTrojan.GenAsa!X8BvNG2jOjo
SentinelOneStatic AI – Suspicious PE
FortinetW32/PossibleThreat
Cybereasonmalicious.64eda4
PandaTrj/CI.A
MaxSecureTrojan.Malware.133533394.susgen

How to remove Trojan-PSW.MSIL.Reline.kox?

Trojan-PSW.MSIL.Reline.kox removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment