Malware

MSIL/Agent.UCB information

Malware Removal

The MSIL/Agent.UCB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Agent.UCB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine MSIL/Agent.UCB?



File Info:

name: 7BBEDE87B86007617C59.mlw
path: /opt/CAPEv2/storage/binaries/8fecc13158d8a17d05b5b840590d9222b640922c2bc961ac3ea40f58da63309c
crc32: A9FF94A0
md5: 7bbede87b86007617c599fbb8b5823ad
sha1: 8bff5d331c8a3d3ffbf343fd1ee431859ca8d798
sha256: 8fecc13158d8a17d05b5b840590d9222b640922c2bc961ac3ea40f58da63309c
sha512: 47654108098f1c84fa7a91d4fff9a72d757aa578055c7102e468c290c292077fc2b2abcf38de6c439578eddc032e10ea3cc63aa582dd4ed097f09748e4d97702
ssdeep: 1536:WofJ8i39vlWqiqKzoTGWwQUxl8AgA0qgw4+pjd7mJp5JBOKhJ1qB1vBG:lfVJlWqEcqFQU78AgAngw4+pjd7mJp5H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DA635C0CB3D44629DEEE46B9FC77022642B1E186BA23D75F4C9E50A92E737C04751BE2
sha3_384: a39f09b03764b7916280a7767f8c6965916587e7297a2ccf5420c8651214fabff48f339d8e5bbc14faa15477b9d7bbeb
ep_bytes: ff250020400000000000000000000000
timestamp: 2011-12-09 19:31:50


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Home
FileDescription: WindowsFormsApplication4
FileVersion: 1.0.0.0
InternalName: WindowsFormsApplication4.exe
LegalCopyright: Copyright © Home 2011
OriginalFilename: WindowsFormsApplication4.exe
ProductName: WindowsFormsApplication4
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Agent.UCB also known as:

MicroWorld-eScanGen:Variant.Bulz.399415
FireEyeGen:Variant.Bulz.399415
ALYacGen:Variant.Bulz.399415
CylanceUnsafe
SangforTrojan.MSIL.Agent.job
K7AntiVirusTrojan ( 00581f921 )
AlibabaTrojan:MSIL/Generic.ab8d1eea
K7GWTrojan ( 00581f921 )
Cybereasonmalicious.7b8600
CyrenW32/MSIL_Agent.DJC.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Agent.UCB
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Agent.job
BitDefenderGen:Variant.Bulz.399415
AvastWin32:Malware-gen
TencentMsil.Trojan.Agent.Akzm
Ad-AwareGen:Variant.Bulz.399415
TACHYONTrojan/W32.DN-Agent.69120.BL
SophosMal/Generic-S
F-SecureTrojan.TR/MSIL.Agent.job
DrWebTrojan.DownLoader6.42044
ZillyaTrojan.Agent.Win32.207788
TrendMicroTROJ_GEN.R002C0WFH22
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Bulz.399415 (B)
IkarusTrojan.MSIL.Agent
GDataGen:Variant.Bulz.399415
JiangminTrojan.MSIL.lwdq
AviraTR/MSIL.Agent.job
ArcabitTrojan.Bulz.D61837
ZoneAlarmTrojan.MSIL.Agent.job
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.RL_Agent.C3980348
McAfeeRDN/Generic.dx
MAXmalware (ai score=81)
MalwarebytesMalware.AI.3767711768
TrendMicro-HouseCallTROJ_GEN.R002C0WFH22
YandexTrojan.Agent!oHO3QyXIJoo
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.770480.susgen
FortinetMSIL/Agent.UCB!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove MSIL/Agent.UCB?

MSIL/Agent.UCB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment