What is “MSIL/Spy.AgentTesla.I”?

The MSIL/Spy.AgentTesla.I is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.AgentTesla.I virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary file triggered YARA rule

How to determine MSIL/Spy.AgentTesla.I?


File Info:
name: EAE04E28D32162790871.mlw
path: /opt/CAPEv2/storage/binaries/bbde0779d21bcd7914988ef4c6c683aa636f5e96786fb64c14e9383a0a772ca3
crc32: 673F440A
md5: eae04e28d321627908712bb23d1d4799
sha1: 6ef5812a0ba6874fa0bcb7a8135410afc87497da
sha256: bbde0779d21bcd7914988ef4c6c683aa636f5e96786fb64c14e9383a0a772ca3
sha512: d7880c7fe1a9d956a0078fe95a8d499582e9b2e8ff0086b9d0e7a979733d466e9b14cb1d13a68ede217314dbe2c8997276bba5db553537bd960e4579c72a9df6
ssdeep: 3072:DNnegau78r0esEATNjTaeoB4Z0pYrIdrRCaUWh:D5ega48rdsEATEdrLU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19934FF037E44EB15D6683D7783EF6C2453F2A0C70673860BAF49AEA52A412476D7E32D
sha3_384: c6ad13020b540648b627cf4762e82a4ef9a0a16c2d0bea2cb42300029c0c05ee56d8196a6b241e1f2d508d958c2d0166
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-08-31 17:50:49

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: db686948-f2a7-4c3d-b8fa-73a42b8f9b80.exe
LegalCopyright:  
OriginalFilename: db686948-f2a7-4c3d-b8fa-73a42b8f9b80.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Spy.AgentTesla.I also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Dacic.i!c
MicroWorld-eScan	Generic.Dacic.64A56CA5.A.9259F265
FireEye	Generic.mg.eae04e28d3216279
Skyhigh	BehavesLike.Win32.AgentTesla.dm
ALYac	Generic.Dacic.64A56CA5.A.9259F265
Cylance	unsafe
Zillya	Trojan.RedLine.Win32.8179
K7AntiVirus	Trojan ( 005ac7f11 )
K7GW	Trojan ( 005ac7f11 )
Cybereason	malicious.8d3216
VirIT	Trojan.Win32.GenusT.DQSZ
Symantec	Trojan.Whispergate
ESET-NOD32	a variant of MSIL/Spy.AgentTesla.I
APEX	Malicious
Alibaba	TrojanPSW:MSIL/Stealer.a70d1e84
Sophos	Troj/Tesla-CNT
F-Secure	Trojan.TR/Spy.Gen8
DrWeb	BackDoor.SpyBotNET.62
VIPRE	Generic.Dacic.64A56CA5.A.9259F265
Trapmine	suspicious.low.ml.score
Emsisoft	Generic.Dacic.64A56CA5.A.9259F265 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.PSW.MSIL.epqy
Avira	TR/Spy.Gen8
Antiy-AVL	Trojan[Spy]/MSIL.AgentTesla
Kingsoft	MSIL.Trojan-PSW.Stealer.gen
Xcitium	Malware@#x94akmec8pl4
Arcabit	Generic.Dacic.64A56CA5.A.9259F265
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Stealer.gen
Google	Detected
AhnLab-V3	Infostealer/Win.AgentTesla.R631699
MAX	malware (ai score=87)
Malwarebytes	Generic.Malware.AI.DDS
Tencent	Malware.Win32.Gencirc.13ee0f40
Ikarus	Trojan-Spy.MSIL.AgentTesla
DeepInstinct	MALICIOUS
alibabacloud	Trojan[spy]:MSIL/AgentTesla.F

How to remove MSIL/Spy.AgentTesla.I?

MSIL/Spy.AgentTesla.I removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X