MSIL/Agent.VQA information

The MSIL/Agent.VQA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Agent.VQA virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Agent.VQA?


File Info:
name: EC219BB2AC8E0709D8F2.mlw
path: /opt/CAPEv2/storage/binaries/a37d4988d86c71508144905fd766d9e00237ad6f647ab7b284cfeb7b958a22c8
crc32: E2C2DF3D
md5: ec219bb2ac8e0709d8f23fc53a9a14b0
sha1: bd28adca5435e7b7153c0b44b3ae3fde47fc2b80
sha256: a37d4988d86c71508144905fd766d9e00237ad6f647ab7b284cfeb7b958a22c8
sha512: 8fce1b4ba8d2e09ef456243bea5ff2a191043620a4e573b66835d6a55b860c65312393329bbe2925031c681833d1257630d586b4f685e9577fd81049f2eb0dd2
ssdeep: 393216:Y2sHsvDWDUHEAnE5j5WvaP3evzNL3HcgmP:+Ma0rnC5uaf278RP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F0F6339C1F789289ED85DA3B0F00933FDFB453299E997D0B982005C3CD89937365EA66
sha3_384: 1a02aeb7feaa7ddc446f76124908c11dd1a9ee4de95bb9121984c0a0bbbf3f7e42be91e56100344da0150a9b0cc21c66
ep_bytes: ff250020400000000000000000000000
timestamp: 2051-11-01 20:02:22

Version Info:
Translation: 0x0000 0x04b0
Comments: Dgodig9 3dg,d,nsig jgsjdgngm tjdsgndgnskg dgsdgs.
CompanyName: Beta5ngfddj
FileDescription: djfkdj29tfsod
FileVersion: 8.8.8.1
InternalName: screenapp.exe
LegalCopyright: 694fkgkdf
LegalTrademarks: fvxk49vx
OriginalFilename: screenapp.exe
ProductName: kjfdsgfs
ProductVersion: 8.8.8.1
Assembly Version: 1.1.95.3

MSIL/Agent.VQA also known as:

Lionic	Trojan.MSIL.ClipBanker.7!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.40041116
FireEye	Generic.mg.ec219bb2ac8e0709
McAfee	Artemis!EC219BB2AC8E
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanBanker:MSIL/ClipBanker.dbd167eb
K7GW	Trojan ( 00596d531 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34592.@p3@a0dhH1c
VirIT	Trojan.Win32.Genus.LMO
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.VQA
TrendMicro-HouseCall	TROJ_GEN.R002H0CHC22
Kaspersky	HEUR:Trojan-Banker.MSIL.ClipBanker.gen
BitDefender	Trojan.GenericKD.40041116
Cynet	Malicious (score: 100)
Avast	Win32:BankerX-gen [Trj]
Ad-Aware	Trojan.GenericKD.40041116
Sophos	Generic ML PUA (PUA)
VIPRE	Trojan.GenericKD.40041116
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI – Malicious PE
Emsisoft	Trojan.GenericKD.40041116 (B)
APEX	Malicious
GData	Trojan.GenericKD.40041116
Avira	TR/Agent.roexc
Antiy-AVL	Trojan/Generic.ASMalwS.55C6
Arcabit	Trojan.Generic.D262FA9C
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win.Generic.C5222601
Acronis	suspicious
VBA32	Trojan.Generic
ALYac	Trojan.GenericKD.40041116
MAX	malware (ai score=89)
Malwarebytes	Trojan.Crypt
Rising	Trojan.Generic/MSIL@AI.98 (RDM.MSIL:MXHL9m0rfHPTJcsOZbAADA)
Fortinet	PossibleThreat
AVG	Win32:BankerX-gen [Trj]
Cybereason	malicious.a5435e

How to remove MSIL/Agent.VQA?

MSIL/Agent.VQA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X