What is “MSIL/GameTool_AGen.AU potentially unsafe”?

The MSIL/GameTool_AGen.AU potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/GameTool_AGen.AU potentially unsafe virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine MSIL/GameTool_AGen.AU potentially unsafe?


File Info:
name: D6B358248D679A73FA3E.mlw
path: /opt/CAPEv2/storage/binaries/895d8a95aba3a0b7961c7610a2d43dee7b61274e5b89e8174af22d8344736296
crc32: 6949C957
md5: d6b358248d679a73fa3e53bc3f163a14
sha1: 7e86cc9b9d4ae01f0488ef57c7f4e5b16765e60a
sha256: 895d8a95aba3a0b7961c7610a2d43dee7b61274e5b89e8174af22d8344736296
sha512: d1db27f86e2ea7bfaf036aae9df068d03d70dbfa84f4d189cf189156c282374590cb40d9b866ccac5b8a067a349cb76fb9bf9a5f6f68af5e7f2c0438c3e3c05a
ssdeep: 24576:4O633lvDdpTIzckagmVuCjQFeX4PmlLQiWKCvrDNNsto2oJku:e33hDdZ50m4CMoQbvMtxc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CA85BFB95DA5088BE347D53CB56DB07CD2ECED2261AD900F3C53FB24693A11202AD9DE
sha3_384: 9c2fa4d4b1334e0ca21654b6e217eba32846eca0dacbfa44c1a001c0e234872239f4ebf7a4041ad325224a0bbc41c621
ep_bytes: ff250020c00000000000000000000000
timestamp: 2023-05-10 11:32:55

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Start Game
FileVersion: 1.0.0.1
InternalName: START_GAME.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: START_GAME.exe
ProductName: 
ProductVersion: 1.0.0.1
Assembly Version: 1.0.0.1

MSIL/GameTool_AGen.AU potentially unsafe also known as:

Bkav	W32.Common.75B0AEA0
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.68397989
FireEye	Generic.mg.d6b358248d679a73
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
ALYac	Trojan.GenericKD.68397989
Cylance	unsafe
Sangfor	Trojan.Win32.Gametool.Vnjm
K7AntiVirus	Unwanted-Program ( 005a90531 )
K7GW	Unwanted-Program ( 005a90531 )
CrowdStrike	win/malicious_confidence_70% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GameTool_AGen.AU potentially unsafe
Cynet	Malicious (score: 100)
APEX	Malicious
BitDefender	Trojan.GenericKD.68397989
Sophos	Generic Reputation PUA (PUA)
VIPRE	Trojan.GenericKD.68397989
McAfee-GW-Edition	BehavesLike.Win32.Ursnif.tc
Trapmine	suspicious.low.ml.score
Emsisoft	Trojan.GenericKD.68397989 (B)
SentinelOne	Static AI – Suspicious PE
GData	Trojan.GenericKD.68397989
MAX	malware (ai score=83)
Antiy-AVL	RiskWare/MSIL.GameTool
Arcabit	Trojan.Generic.D413ABA5
McAfee	Artemis!D6B358248D67
Malwarebytes	RiskWare.GameTool
TrendMicro-HouseCall	TROJ_GEN.R002H09H223
Rising	PUA.GameTool!8.148 (CLOUD)
Yandex	Riskware.Agent!4Or4stnH7Xw
MaxSecure	Trojan.Malware.3411146.susgen
Fortinet	PossibleThreat.ZDS
DeepInstinct	MALICIOUS

How to remove MSIL/GameTool_AGen.AU potentially unsafe?

MSIL/GameTool_AGen.AU potentially unsafe removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X