About “MSIL/Agent.CNY” infection

The MSIL/Agent.CNY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Agent.CNY virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Agent.CNY?


File Info:
name: 93F8F357CB02F88CBF2B.mlw
path: /opt/CAPEv2/storage/binaries/26e61a975daa187f5940aae068b8064bc4e8ffaa929f95c9dea73f49e27ddbad
crc32: AB2389EB
md5: 93f8f357cb02f88cbf2b9e1284fd37b9
sha1: d68f0e57c0c405a6aec719524b2618c4f49a3bad
sha256: 26e61a975daa187f5940aae068b8064bc4e8ffaa929f95c9dea73f49e27ddbad
sha512: 2b5c11929a3224447acbe61e3f4926ae48810115fe045626dd88873599e7e9b42392e2d5fb3c723c193fff10c39154cec6bd15d753b4d057f8b03702c972cfa8
ssdeep: 49152:w+axysYC6syUkoPaPS2AJNyxUP+MkJyCjA:1tClVkoOSfJNAUWZyC8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15775239893EE4759F2FA6E707964A06184F0BA46EC13D34DF2C0A58C5FB3B05E635E12
sha3_384: 982c0517772aff0f2c268cb22e4a9139eac8dbd2ea4e2810165c29809af17382b0d24a5cc0f3d590ecfb2b65b9dd11ff
ep_bytes: ff250020400000000000000000000000
timestamp: 2038-01-29 01:20:37

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: SiMay.RemoteService.Loader
FileVersion: 1.0.0.0
InternalName: SiMayService.Loader.exe
LegalCopyright: Copyright ©  2019
LegalTrademarks: 
OriginalFilename: SiMayService.Loader.exe
ProductName: SiMay.RemoteService.Loader
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Agent.CNY also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.MSILHeracles.39813
CAT-QuickHeal	Trojan.GenericFC.S20327192
McAfee	GenericRXMY-KH!93F8F357CB02
Malwarebytes	Malware.AI.3593043922
VIPRE	Gen:Variant.MSILHeracles.39813
K7AntiVirus	Trojan ( 00560e131 )
K7GW	Trojan ( 00560e131 )
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W32/MSIL_Agent.DQM.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.CNY
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.SiMay.gen
BitDefender	Gen:Variant.MSILHeracles.39813
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Malware.Win32.Gencirc.11a2cbe2
Emsisoft	Gen:Variant.MSILHeracles.39813 (B)
F-Secure	Heuristic.HEUR/AGEN.1357738
DrWeb	Trojan.Siggen17.37265
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.93f8f357cb02f88c
SentinelOne	Static AI – Suspicious PE
GData	MSIL.Backdoor.SiMay.B
Google	Detected
Avira	HEUR/AGEN.1357738
MAX	malware (ai score=84)
Antiy-AVL	Trojan[Backdoor]/MSIL.SiMay
Arcabit	Trojan.MSILHeracles.D9B85
ZoneAlarm	HEUR:Backdoor.MSIL.SiMay.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.RL_Generic.C4299469
ALYac	Gen:Variant.MSILHeracles.39813
Panda	Trj/GdSda.A
Rising	Backdoor.SiMay!8.12641 (TFE:dGZlOgzAOzGKeQNSVg)
Ikarus	Trojan.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.7cb02f
DeepInstinct	MALICIOUS

How to remove MSIL/Agent.CNY?

MSIL/Agent.CNY removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X