Worm

Worm:MSIL/Knowlog.A (file analysis)

Malware Removal

The Worm:MSIL/Knowlog.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:MSIL/Knowlog.A virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX

Related domains:

automation.whatismyip.com

How to determine Worm:MSIL/Knowlog.A?


File Info:

crc32: DCD2836E
md5: b7cd02414d36b2ec624140faebf175a1
name: B7CD02414D36B2EC624140FAEBF175A1.mlw
sha1: 4e6deb0737e724831dda45489e2d3686ca643234
sha256: 0a979377dfb37d034c29911e74193f82918289e72ed62092edacd322d36fb416
sha512: 2d76261135072fff2f5db3d9fc7c705397886dc247d0e891c52469f7954f44b4951267cc63464dd4c5267cf8aef0d0d599655fe0eaa54840821d8644c56f0348
ssdeep: 6144:t6ByCLWztvZLgnr9tDRTEf9n6evNZ6KZoS:Q0CktlytTg96evNZ6KZoS
type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Worm:MSIL/Knowlog.A also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0051918e1 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop7.57551
CynetMalicious (score: 100)
ALYacGen:Variant.Symmi.86895
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7GWTrojan ( 0051918e1 )
Cybereasonmalicious.14d36b
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/PSW.Agent.NEX
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Trojan.Jaiko-7603839-0
KasperskyTrojan-Ransom.Win32.Blocker.kqeh
BitDefenderGen:Variant.Symmi.86895
NANO-AntivirusTrojan.Win32.Kryptik.ewvdar
MicroWorld-eScanGen:Variant.Symmi.86895
TencentWin32.Trojan.Blocker.Phqj
Ad-AwareGen:Variant.Symmi.86895
SophosMal/Generic-S
ComodoMalware@#7b3x5359lbla
BitDefenderThetaGen:NN.ZexaF.34684.mmGfamY5iep
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.b7cd02414d36b2ec
EmsisoftGen:Variant.Symmi.86895 (B)
SentinelOneStatic AI – Suspicious PE
JiangminWorm.Generic.dwh
AviraHEUR/AGEN.1115821
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Win32.SchoolBoy
MicrosoftWorm:MSIL/Knowlog.A
ArcabitTrojan.Symmi.D1536F
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmTrojan-Ransom.Win32.Blocker.kqeh
GDataGen:Variant.Symmi.86895
AhnLab-V3Malware/Win32.RL_Generic.R267931
Acronissuspicious
McAfeeArtemis!B7CD02414D36
MAXmalware (ai score=96)
VBA32Trojan.MulDrop
MalwarebytesMalware.AI.674547925
PandaTrj/CI.A
RisingWorm.Knowlog!8.261 (CLOUD)
YandexTrojan.Blocker!LJJ99hxC4zU
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.4030da!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Worm:MSIL/Knowlog.A?

Worm:MSIL/Knowlog.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment