Malware

VirTool:MSIL/Defdiz.A!MTB (file analysis)

Malware Removal

The VirTool:MSIL/Defdiz.A!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What VirTool:MSIL/Defdiz.A!MTB virus can do?

  • Authenticode signature is invalid
  • CAPE detected the BlackNET malware family
  • Binary file triggered YARA rule

How to determine VirTool:MSIL/Defdiz.A!MTB?


File Info:

name: 3917F35AED62A03ADFFB.mlw
path: /opt/CAPEv2/storage/binaries/bf0dae2bf317f6fd26f8815792aa685671842fa9393cef61c394b37ff552595d
crc32: EF05C38E
md5: 3917f35aed62a03adffbe0f22ff0d446
sha1: 7e2b3ffff8220e0b2b603e97343bfafcc7ea1079
sha256: bf0dae2bf317f6fd26f8815792aa685671842fa9393cef61c394b37ff552595d
sha512: 3918e1f4b67f0195cff25a1326431ddf04ee173b50553e6ee4a0072879402388e16c5fcd6d9f2e6117e3b09b90496808776ba1fed5b92c6e69ab808949081911
ssdeep: 3072:OxkNWNo7HCdkVTYB+eztx3be/EKyNFna4FwX5F:sePHd5YB+eztlboZ8wX5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16E24F9A1A3995CD4F07D89B85E3F0340FB74A8D6C8D5D76F0B82E05C09F62A3B40669E
sha3_384: af79c041cb4bab960c9edafa84d0c39fa39c23d8b789d2986668a431da7e9983801bf79bd1ebe77785eb89ada84ad856
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-12-10 17:51:43

Version Info:

Translation: 0x0000 0x04b0
Comments: Host Process for Windows Services
CompanyName: Microsoft Corporation
FileDescription: Windows Update Assistant
FileVersion: 10.0.18362.1
InternalName: svchost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: svchost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.18362.1
Assembly Version: 10.0.18362.1

VirTool:MSIL/Defdiz.A!MTB also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Blacknet.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.Loki.22870
FireEyeGeneric.mg.3917f35aed62a03a
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
SkyhighBehavesLike.Win32.Generic.dm
ALYacGen:Variant.Ransom.Loki.22870
Cylanceunsafe
ZillyaWorm.Agent.Win32.198903
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0056a86a1 )
AlibabaBackdoor:MSIL/Blacknet.20babccd
K7GWTrojan ( 0056a86a1 )
Cybereasonmalicious.aed62a
BitDefenderThetaAI:Packer.03C934081F
VirITTrojan.Win32.MSIL_Heur.B
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.VC
APEXMalicious
TrendMicro-HouseCallBackdoor.MSIL.BLACKNET.SMDA
AvastWin32:BotX-gen [Trj]
ClamAVWin.Trojan.Razy-9778111-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.Loki.22870
TencentTrojan.Win32.Bladabindi.16000442
EmsisoftGen:Variant.Ransom.Loki.22870 (B)
F-SecureTrojan.TR/Spy.Gen
DrWebTrojan.DownLoader34.7684
VIPREGen:Variant.Ransom.Loki.22870
TrendMicroBackdoor.MSIL.BLACKNET.SMDA
SophosATK/Blacknet-A
IkarusWorm.MSIL.Agent
MAXmalware (ai score=100)
JiangminTrojan.Generic.gnsfr
GoogleDetected
AviraTR/Spy.Gen
VaristW32/MSIL_Bladabindi.FN.gen!Eldorado
Antiy-AVLTrojan/MSIL.Agent
Kingsoftmalware.kb.c.999
MicrosoftVirTool:MSIL/Defdiz.A!MTB
XcitiumMalware@#1g3f9gg89rsye
ArcabitTrojan.Ransom.Loki.D5956
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataMSIL.Backdoor.BlackNet.B
AhnLab-V3Trojan/Win32.Wacatac.C4199561
McAfeeBackDoor-FEBU!3917F35AED62
VBA32Backdoor.MSIL.XWorm.gen
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/GdSda.A
RisingTrojan.AntiVM!1.CF63 (CLASSIC)
YandexTrojan.Agent!juzWhs2gFWQ
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetMSIL/Agent.VC!tr
AVGWin32:BotX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudBackdoor:MSIL/Bladabindi.E

How to remove VirTool:MSIL/Defdiz.A!MTB?

VirTool:MSIL/Defdiz.A!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment