Spy

What is “MSIL/Spy.Agent.ETF”?

Malware Removal

The MSIL/Spy.Agent.ETF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Spy.Agent.ETF virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine MSIL/Spy.Agent.ETF?



File Info:

name: BED77552B42CAEF76E2C.mlw
path: /opt/CAPEv2/storage/binaries/e74d7a030e5740dd698c51f8fd9e0c6cd175be40f16240237bfab554cb1f4913
crc32: F41ED299
md5: bed77552b42caef76e2c33749e3936d0
sha1: 6ab1f52f0234542cbc513e9e53368abd7e795204
sha256: e74d7a030e5740dd698c51f8fd9e0c6cd175be40f16240237bfab554cb1f4913
sha512: ae2b1b0721240e44eed521cdb6addf01055dc0184500b63fdbacb28b1be3447ab24ab01edcae891ed507289896701ff90538fda6f7a5a42c7ddfe89e1c9d493c
ssdeep: 24576:mry2uXzmDYWAG5X12RZoWU1XLTX95NX8p0AKg33IBdYldzNEvQmyO1bTPwiPEr0A:munrWAG5X8RZoZLKK04BduRK1b8i80N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T129E51213A1A14FA0C868157894DF5B62726CBF1A1A16C78F5338FA3FBF722F49D24542
sha3_384: 779dbc5840c013132658f6b9bc3e47b94916de5d4a0095d3fbf8268ab5864ff1e61184872b849b54c2ed2c4b2be05470
ep_bytes: e828050000e988feffff3b0d58254300
timestamp: 2021-06-11 09:16:54


Version Info:

0: [No Data]

MSIL/Spy.Agent.ETF also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanTrojan.MSIL.Basic.8.Gen
FireEyeGeneric.mg.bed77552b42caef7
ALYacTrojan.MSIL.Basic.8.Gen
Cybereasonmalicious.2b42ca
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Spy.Agent.ETF
APEXMalicious
CynetMalicious (score: 100)
BitDefenderTrojan.MSIL.Basic.8.Gen
AvastFileRepMalware [Cryp]
F-SecureTrojan:W32/GenInflated.B
BaiduArchive.Bomb
VIPRETrojan.MSIL.Basic.8.Gen
EmsisoftTrojan.MSIL.Basic.8.Gen (B)
IkarusTrojan.MSIL.Crypt
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.MSIL.Basic.8.Gen
ZoneAlarmHEUR:Trojan.MSIL.Dnoper.gen
GDataTrojan.MSIL.Basic.8.Gen
MAXmalware (ai score=83)
SentinelOneStatic AI – Suspicious PE
AVGFileRepMalware [Cryp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudVirTool:Win/SignThief.A(dyn)

How to remove MSIL/Spy.Agent.ETF?

MSIL/Spy.Agent.ETF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment