Trojan

Trojan:MSIL/Toauta removal guide

Malware Removal

The Trojan:MSIL/Toauta is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/Toauta virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Exhibits behavior characteristic of CodeLux Keylogger
  • Creates a copy of itself
  • Deletes executed files from disk
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan:MSIL/Toauta?



File Info:

name: 796766358D3507A57EDA.mlw
path: /opt/CAPEv2/storage/binaries/240d7ae37788c5a0b2323d1582713c6f3c34ed9d7429f3e93c48c9c720fa31ca
crc32: D7B284DC
md5: 796766358d3507a57edaecd8fa7e2443
sha1: 291fb76a5248135a604dcc7921386741230bd99f
sha256: 240d7ae37788c5a0b2323d1582713c6f3c34ed9d7429f3e93c48c9c720fa31ca
sha512: 1911f196b88aab9b2add1ba357fb598ef12eb518acfd9af59287369d230c759fdcfbfeff6819119caa0061603e47a22dec40de6b2e28e037259209bc5a7e2bb2
ssdeep: 24576:3/oKAnaHdxeQJ2WFkeTQSQHhrJj3ocmd9NmqSQC/jP7pGs:voKAIn/FfTQXhrJj3obNRS/jdGs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1405523710FB9E6F7C2311DF39216E9210D568F8AB4395A3731C2FC5A8F24D42A726A0D
sha3_384: 59a2aa1996f70ae55826adf6ad862a5a04ac91db93c7f42f3009ecab8b19df94a22510e72153166d5c04698af5ffcd40
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-20 19:07:19


Version Info:

Translation: 0x0000 0x04b0
Comments: Google Chrome
CompanyName: Google LLC
FileDescription: Google Chrome
FileVersion: 104.0.0
InternalName: Chrome.exe
LegalCopyright: Copyright 2022 Google LLC. All rights reserved.
OriginalFilename: Chrome.exe
ProductName: Google Chrome
ProductVersion: 104.0.0
Assembly Version: 104.0.0.0

Trojan:MSIL/Toauta also known as:

BkavW32.AIDetectNet.01
CynetMalicious (score: 99)
FireEyeGeneric.mg.796766358d3507a5
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.58d350
BaiduMSIL.Trojan.Injector.s
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.ESI
APEXMalicious
ClamAVWin.Packed.Gamarue-7770090-0
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderIL:Trojan.MSILZilla.9255
NANO-AntivirusTrojan.Win32.Comet.dfkpgi
MicroWorld-eScanIL:Trojan.MSILZilla.9255
AvastMSIL:GenMalicious-DZ [Trj]
Ad-AwareIL:Trojan.MSILZilla.9255
EmsisoftIL:Trojan.MSILZilla.9255 (B)
ComodoTrojWare.MSIL.Toauta.ESI@7fqy0b
DrWebTrojan.Packed.28396
VIPREIL:Trojan.MSILZilla.9255
TrendMicroTrojanSpy.MSIL.LOKI.SM
Trapminemalicious.moderate.ml.score
SophosTroj/dnSauce-Y
IkarusTrojan.MSIL.Injector
GDataIL:Trojan.MSILZilla.9255
AviraHEUR/AGEN.1234920
ArcabitIL:Trojan.MSILZilla.D2427
ZoneAlarmHEUR:Trojan.MSIL.Generic
MicrosoftTrojan:MSIL/Toauta
GoogleDetected
AhnLab-V3Trojan/Win32.ZBot.R164113
Acronissuspicious
ALYacIL:Trojan.MSILZilla.9255
MAXmalware (ai score=89)
MalwarebytesBackdoor.Agent.TMPGen
TrendMicro-HouseCallTrojanSpy.MSIL.LOKI.SM
RisingTrojan.FakeChrome!1.9C7B (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.ESI!tr
BitDefenderThetaGen:NN.ZemsilF.34606.pn1@ayWlPzm
AVGMSIL:GenMalicious-DZ [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:MSIL/Toauta?

Trojan:MSIL/Toauta removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment