Categories: Malware

MSIL/Agent.VHY information

The MSIL/Agent.VHY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Agent.VHY virus can do?

Sample contains Overlay data
Uses Windows utilities for basic functionality
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Deletes executed files from disk
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine MSIL/Agent.VHY?


File Info:
name: F121C74EFDAFCC118A52.mlwpath: /opt/CAPEv2/storage/binaries/8e20a62cbec7e57e56cac06dcacd8479ca989ea4852f60a28b09b3b8cfda1406crc32: 3F9A3D9Amd5: f121c74efdafcc118a52ae3eecf5297csha1: 9ccba5da6e3ebc5ab2d406ea446bb113938560f1sha256: 8e20a62cbec7e57e56cac06dcacd8479ca989ea4852f60a28b09b3b8cfda1406sha512: e9235621cabc3dd5a046243396d7727361596ba1a3af3f8b28f0dd53b1a94e87edd86f5225c0efe6a0ef9d99a7fc13c1eb2a07422848e6bd759f5742776e9175ssdeep: 24576:7xRXQlFED4/MQnvOZFANYC0iP0nYjvL+PvZCW1s5ob/NGNW:7WE2vO60iP0uKPs084ENtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1AF35236119930CA5F867B0FC36CB9195233C26143AA926ADC25C172DFE0BD96FE3461Fsha3_384: 54883fcb38403990534581b4c21c25e112784e2c749cc0cbf18f36bf1780f55e469d7ec292f574734680fb61d4c80263ep_bytes: 60be005046008dbe00c0f9ff57eb0b90timestamp: 2020-04-20 08:27:23
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: Spy_WFFileVersion: 1.0.0.0InternalName: svchost_wf.exeLegalCopyright: Copyright ©  2016LegalTrademarks: OriginalFilename: svchost_wf.exeProductName: Spy_WFProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

MSIL/Agent.VHY also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Sysn.b!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.f121c74efdafcc11
Skyhigh	GenericRXMK-BN!3AEEFCF75562
McAfee	GenericRXMK-BN!3AEEFCF75562
Cylance	unsafe
VIPRE	Trojan.GenericKD.70627930
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004b933f1 )
Alibaba	TrojanDropper:Win32/Upatre.b58a84db
K7GW	Trojan ( 004b933f1 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.36608.fnNfau!ZiXab
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.VHY
APEX	Malicious
ClamAV	Win.Malware.Bulz-10016535-0
Kaspersky	Trojan-Dropper.Win32.Sysn.datb
BitDefender	Trojan.GenericKD.70627930
MicroWorld-eScan	Trojan.GenericKD.70627930
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.13f8aa68
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1331371
Zillya	Tool.KMSAuto.Win32.1750
Emsisoft	Trojan.GenericKD.70627930 (B)
Ikarus	Trojan-Downloader.Upatre
Jiangmin	Trojan.Agent.cocc
Google	Detected
Avira	HEUR/AGEN.1331371
Antiy-AVL	Trojan/Win32.SGeneric
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Generic.D435B25A
ZoneAlarm	Trojan-Dropper.Win32.Sysn.datb
GData	Win32.Trojan.PSE.FIS61Q
AhnLab-V3	Trojan/Win.CoinMiner.R514101
ALYac	Trojan.GenericKD.70627930
MAX	malware (ai score=87)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0PKU23
Rising	Dropper.Sysn!8.3D8 (CLOUD)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.858453!tr
AVG	Win32:Malware-gen
Cybereason	malicious.a6e3eb
DeepInstinct	MALICIOUS