MSIL/BadJoke_AGen.P malicious file

The MSIL/BadJoke_AGen.P is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/BadJoke_AGen.P virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous .NET characteristics
Binary compilation timestomping detected

How to determine MSIL/BadJoke_AGen.P?


File Info:
name: 0636786AEB326489AE6B.mlw
path: /opt/CAPEv2/storage/binaries/6e0a8b9fbbb1b6c8ff43d744a69e30daebcc50615cbf0ef40777de2474957cbf
crc32: 237DC78B
md5: 0636786aeb326489ae6bfb9408008d1a
sha1: 27aed92e1fe0f2feee133055e729cb89b48f9ad3
sha256: 6e0a8b9fbbb1b6c8ff43d744a69e30daebcc50615cbf0ef40777de2474957cbf
sha512: 459e22f6a0df5cb2e36134fcb08711c3638bf0870f213aa18f94d30d685721943711694a97ef079aaee9f02313d2de2b01935f61da80dbd52b0ca7bd3522e3e2
ssdeep: 6144:xmOk61VZESsk74DjBCL7WgoB1Nkpi7zQJAb9lU:xrkQZOfH6knQY92
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE341230EF948A61CCBF123708E15B04AF7CD5265C67C6BAE5C5952B8E333ED068725A
sha3_384: 41659e3f8a50dff9ca1005dc7725808ce1d56af89f2876c75c4fe75d6d732fa71fc77701efa3f83a19c3c8a46b7f9771
ep_bytes: ff250020400000000000
timestamp: 2097-06-27 08:02:11

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 0.0.0.0
InternalName: helpme.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: helpme.exe
ProductName: 
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/BadJoke_AGen.P also known as:

MicroWorld-eScan	Gen:Heur.MSIL.Krypt.46
FireEye	Gen:Heur.MSIL.Krypt.46
ALYac	Gen:Heur.MSIL.Krypt.46
Sangfor	Trojan.Msil.Agent.Vfad
Cybereason	malicious.aeb326
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of MSIL/BadJoke_AGen.P
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Win32.GenericML.xnet
BitDefender	Gen:Heur.MSIL.Krypt.46
Avast	Win32:TrojanX-gen [Trj]
VIPRE	Gen:Heur.MSIL.Krypt.46
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Emsisoft	Gen:Heur.MSIL.Krypt.46 (B)
Ikarus	Trojan.MSIL.BadJoke
GData	Gen:Heur.MSIL.Krypt.46
Antiy-AVL	GrayWare/Win32.Puwaders
Arcabit	Trojan.MSIL.Krypt.46
ZoneAlarm	UDS:Trojan.Win32.GenericML.xnet
Microsoft	Trojan:Win32/Wacatac.B!ml
McAfee	Artemis!0636786AEB32
MAX	malware (ai score=83)
TrendMicro-HouseCall	TROJ_GEN.R002H09DT23
SentinelOne	Static AI – Suspicious PE
BitDefenderTheta	Gen:NN.ZemsilF.36164.om0@aitUlgf
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

How to remove MSIL/BadJoke_AGen.P?

MSIL/BadJoke_AGen.P removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X