Malware

MSIL/Agent.DEF malicious file

Malware Removal

The MSIL/Agent.DEF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Agent.DEF virus can do?

  • Dynamic (imported) function loading detected
  • Possible date expiration check, exits too soon after checking local time
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine MSIL/Agent.DEF?



File Info:

name: F2F1D6E07837FF108488.mlw
path: /opt/CAPEv2/storage/binaries/23fea56f1047d1500d7ef0b426c6d71bfc9df6d1f73a69c170ebee9ae4a4940e
crc32: 366CE453
md5: f2f1d6e07837ff108488415be777d6bb
sha1: e39e88bc3ff74829e22c612316fba1d085c0088e
sha256: 23fea56f1047d1500d7ef0b426c6d71bfc9df6d1f73a69c170ebee9ae4a4940e
sha512: b6b9769fd78ecd2238f0c08039a953b945e743629af0aa9fca2234fa1a7d11e6466c011e60f1ff7c626e06553213a4a75b3adb0734bc21d7de8f6222bb5842e8
ssdeep: 1536:d8xw8V/oq1udbxzyrN1hSlIKBi8Nx52Wb7oPE7WBD29YEb0lbhHAtRlOG9A+:Ct1u761I7b2WXo/D2GEIlbZ0zK+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ABD3C54BB3C84B02D454A6B5C0EF292413F1ADC73B33D6853E4877AD19427A7FE49A4A
sha3_384: 87b57d721234d42b9c23470673dc6f605664e9296c0d113ccfce4ea2ffc8e13bcd9b693ab95ca5a4740db7e485f90021
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-05-02 07:24:30


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft Corporation
FileDescription: Windows Update
FileVersion: 1.0.0.0
InternalName: WindowsUpdate.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: WindowsUpdate.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Agent.DEF also known as:

LionicTrojan.MSIL.Crysan.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36899477
FireEyeGeneric.mg.f2f1d6e07837ff10
ALYacTrojan.GenericKD.36899477
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2088079
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004d65011 )
AlibabaBackdoor:MSIL/Crysan.c9181da3
K7GWTrojan ( 004d65011 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/MSIL_Kryptik.CYI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.DEF
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.Crysan.gen
BitDefenderTrojan.GenericKD.36899477
AvastWin32:DropperX-gen [Drp]
TencentMsil.Backdoor.Crysan.Eeqr
Ad-AwareTrojan.GenericKD.36899477
EmsisoftTrojan.GenericKD.36899477 (B)
DrWebBackDoor.AsyncRATNET.2
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R06CC0DE221
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusTrojan.MSIL.Agent
GDataTrojan.GenericKD.36899477
JiangminBackdoor.MSIL.erwo
WebrootW32.Adware.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=85)
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:MSIL/Ursu.KP
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Bladabindi.C4385341
McAfeeArtemis!F2F1D6E07837
VBA32TScope.Trojan.MSIL
MalwarebytesBackdoor.Dropper
TrendMicro-HouseCallTROJ_GEN.R06CC0DE221
YandexTrojan.Agent!58Nfc2tvgs4
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_98%
FortinetW32/Crysan.DHI!tr.bdr
BitDefenderThetaGen:NN.ZemsilF.34084.im0@aGaygn
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.07837f
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.74418669.susgen

How to remove MSIL/Agent.DEF?

MSIL/Agent.DEF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment