MSIL/TrojanDownloader.Agent.HEF malicious file

The MSIL/TrojanDownloader.Agent.HEF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.HEF virus can do?

Presents an Authenticode digital signature
Dynamic (imported) function loading detected
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine MSIL/TrojanDownloader.Agent.HEF?


File Info:
name: FF57185F1100A1851B53.mlw
path: /opt/CAPEv2/storage/binaries/e497e85a396ba79422abc733cc97ff59ffd99d3c15db92959924d3e15f3b6729
crc32: B6471FF9
md5: ff57185f1100a1851b53f95ac2201cb4
sha1: 0513d80af2363b9857c21f2bff6d9b47c85c3804
sha256: e497e85a396ba79422abc733cc97ff59ffd99d3c15db92959924d3e15f3b6729
sha512: a5e8d11a6c022020295c79b4f6c15a0909d1676e69f78cf238462aeeb99f4b0934d66c37ace0fb4a7d584feceecbf937e9c97293b1725ed8f8a199c1599d6cec
ssdeep: 6144:UmA1seGrBR0HeYXJgUpL8SNFDu/O63hGSb/DB5pr0+UTsWkef1XwxQ1dXbAph8cK:CqEemp5bu9TlLfUTdwq13v
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13BA4F1253A9CBE1CD0982F780431052DAF7E71DE750399CB1ACC46DE6EFA7304992B96
sha3_384: 31373a14a2c59bf716584cb0cba79e0111dfdef69b0748e948005e5a5c13464ae482b1b15be506658e076bbeb45be00d
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-05-16 12:42:09

Version Info:
Translation: 0x0000 0x04b0
Comments:  
CompanyName:  
FileDescription:  
FileVersion: 1.0.7.9
InternalName: IG Stories Downloader.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks:  
OriginalFilename: IG Stories Downloader.exe
ProductName:  
ProductVersion: 1.0.7.9
Assembly Version: 1.0.7.9

MSIL/TrojanDownloader.Agent.HEF also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Variant.Bulz.285394
FireEye	Generic.mg.ff57185f1100a185
ALYac	Gen:Variant.Bulz.285394
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 005753d21 )
K7GW	Trojan-Downloader ( 005753d21 )
Cybereason	malicious.f1100a
Cyren	W32/Trojan.GLG.gen!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.HEF
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Agentb.gen
BitDefender	Gen:Variant.Bulz.285394
SUPERAntiSpyware	Trojan.Agent/Gen-Bsymem
Avast	Win32:DangerousSig [Trj]
Tencent	Malware.Win32.Gencirc.11bcb09d
Ad-Aware	Gen:Variant.Bulz.285394
Emsisoft	Application.Downloader (A)
Zillya	Downloader.Agent.Win32.424628
McAfee-GW-Edition	GenericRXLJ-PZ!FF57185F1100
Sophos	Mal/Generic-S + Troj/DwnLd-AEK
GData	Gen:Variant.Bulz.285394
Jiangmin	Downloader.MSIL.pdr
Avira	TR/Downloader.Gen
MAX	malware (ai score=89)
Arcabit	Trojan.Bulz.D45AD2
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
McAfee	GenericRXLJ-PZ!FF57185F1100
Malwarebytes	Trojan.Downloader
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.74225041.susgen
Fortinet	MSIL/Ursu.4143!tr
AVG	Win32:DangerousSig [Trj]

How to remove MSIL/TrojanDownloader.Agent.HEF?

MSIL/TrojanDownloader.Agent.HEF removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X