What is “Trojan:MSIL/Disstl!rfn”?

The Trojan:MSIL/Disstl!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Disstl!rfn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Trojan:MSIL/Disstl!rfn?


File Info:
name: 4CB7368CE949DF45E1C5.mlw
path: /opt/CAPEv2/storage/binaries/bb2c5165e6eaec3cc3e70478d4f94897acea962645aa533349635b39da8b3766
crc32: F42DB51F
md5: 4cb7368ce949df45e1c54aa90ea1525e
sha1: b84baa5daa12edf5ae1a65f1823222cca4b331d2
sha256: bb2c5165e6eaec3cc3e70478d4f94897acea962645aa533349635b39da8b3766
sha512: 15bf3d9c464b9789751a3cc3228cf18530d54edb3cd9f5db03278969ae4538862249861f5d3537ed00e04e0ff258af606d4a3641c71eed76faf95ba658fb9eae
ssdeep: 96:m8aoFynEI+ZOOeDWp2ajWOWJ8SLa58H1sbG0aCyJzvzNt:VaoQ3+p/WOO258H6bG0vyJz5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171F11B10E3E88B37EDBB4BB198B353019E3D7325BD53D76C65C4228A2D262984F52771
sha3_384: 645e02423cb096beb392e539a65cf5c1eaad3ca60f329ae8d4cf3908510008718bb57c1d13c5298dad3e64d172e8c1c9
ep_bytes: ff25002040000000000000000000
timestamp: 2021-11-22 23:29:27

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: PirateMonsterInjector
FileVersion: 1.0.0.0
InternalName: PirateMonsterInjector.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: PirateMonsterInjector.exe
ProductName: PirateMonsterInjector
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/Disstl!rfn also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.lLIL
MicroWorld-eScan	Gen:Variant.Bulz.936143
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Skyhigh	BehavesLike.Win32.Generic.zm
McAfee	Artemis!4CB7368CE949
Malwarebytes	Binder.Trojan.Dropper.DDS
Sangfor	Downloader.Msil.Tiny.Vx3d
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:Win32/Stealer.ae214bd9
K7GW	Trojan-Downloader ( 0057dcc31 )
K7AntiVirus	Trojan-Downloader ( 0057dcc31 )
Arcabit	Trojan.Bulz.DE48CF
BitDefenderTheta	Gen:NN.ZemsilF.36680.am0@aaAP3Ip
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Tiny.BAP
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Bladbindi-1
Kaspersky	Trojan-Spy.Win32.Stealer.akan
BitDefender	Gen:Variant.Bulz.936143
NANO-Antivirus	Trojan.Win32.Stealer.jnwncl
Avast	MSIL:GenMalicious-EH [Trj]
Tencent	Malware.Win32.Gencirc.13b635e2
Emsisoft	Trojan-Downloader.Tiny (A)
VIPRE	Gen:Variant.Bulz.936143
Sophos	Troj/Disteal-S
Ikarus	Trojan-Downloader.Win32.Tiny
Webroot	W32.Dropper.Gen
Varist	W32/MSIL_Troj.AZH.gen!Eldorado
Antiy-AVL	Trojan[Downloader]/MSIL.Tiny
Xcitium	TrojWare.MSIL.Injector.CFN@56lbek
Microsoft	Trojan:MSIL/Disstl!rfn
ZoneAlarm	Trojan-Spy.Win32.Stealer.akan
GData	Gen:Variant.Bulz.936143
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4644851
VBA32	TrojanSpy.Stealer
Cylance	unsafe
Yandex	TrojanSpy.Stealer!t+jRbn4JxmM
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.185152929.susgen
Fortinet	W32/Tiny.NTI!tr.dldr
AVG	MSIL:GenMalicious-EH [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Disstl!rfn?

Trojan:MSIL/Disstl!rfn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X