Trojan

MSIL/TrojanDownloader.Agent.JOJ (file analysis)

Malware Removal

The MSIL/TrojanDownloader.Agent.JOJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.JOJ virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs
  • Binary compilation timestomping detected

Related domains:

wpad.local-net

How to determine MSIL/TrojanDownloader.Agent.JOJ?



File Info:

name: A4A1DD8B01DBFD152216.mlw
path: /opt/CAPEv2/storage/binaries/7c45b0193f119836d53929c4a8faceb3487f16206cd97bda863fc805d5b20bc4
crc32: 2B96F5C9
md5: a4a1dd8b01dbfd152216948dd8527d40
sha1: 10c4cd998d9fdcfea79466e21e6c54f71809e0a1
sha256: 7c45b0193f119836d53929c4a8faceb3487f16206cd97bda863fc805d5b20bc4
sha512: fecee7edd98eb77aba429f70227cff15cab44c917f40f764ee540e87b89e628021aa9b270745743d276dfd7f979ec5bd86d7a0f9374a3c6e0ecb45dda67b0424
ssdeep: 6144:nJ4al0wkmPncOf8DP97necd7AE55biv1oRk5W3ssFWq6C0Ri3QvNl8bZ5bKH5Jjk:nJ4al05Ecrb97nec6MbivC22FeSx
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T198A4591AA352AC40FA1CABF89B775FB11790FE72AD51D307E3787639943A3690984313
sha3_384: 3e050d9ad9b3e3295b8ed8ee307b5b5d15bc65d06e4881360f3dc8d561cd9267d46f3a92e986acbb5a6898911df2387e
ep_bytes: ff250020400000000000000000000000
timestamp: 2068-05-22 09:47:26


Version Info:

Translation: 0x0000 0x04b0
Comments: Web Publishing Wizard executable
CompanyName: Microsoft Corporation
FileDescription: Web Publishing Wizard executable
FileVersion: 6.1.33.0
InternalName: BAUBCOMDOWPAGWJH.exe
LegalCopyright: Copyright © 1995-1997 Microsoft Corporation
LegalTrademarks: 
OriginalFilename: BAUBCOMDOWPAGWJH.exe
ProductName: Microsoft® Internet Services
ProductVersion: 6.1.33.0
Assembly Version: 6.1.33.0

MSIL/TrojanDownloader.Agent.JOJ also known as:

LionicTrojan.MSIL.Seraph.a!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.a4a1dd8b01dbfd15
ALYacTrojan.Keylogger.Snake
CylanceUnsafe
K7AntiVirusTrojan-Downloader ( 0058adc01 )
AlibabaTrojanDownloader:MSIL/Seraph.74a75e62
K7GWTrojan-Downloader ( 0058adc01 )
Cybereasonmalicious.98d9fd
CyrenW32/Trojan.CSCN-8356
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.JOJ
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Generic-7113183-0
KasperskyHEUR:Trojan-Downloader.MSIL.Seraph.gen
BitDefenderTrojan.GenericKD.38109773
MicroWorld-eScanTrojan.GenericKD.38109773
AvastWin32:PWSX-gen [Trj]
Ad-AwareTrojan.GenericKD.38109773
SophosMal/Generic-S
ComodoTrojWare.Win32.UMal.tuxki@0
DrWebTrojan.DownLoader44.5216
TrendMicroTROJ_GEN.R002C0WKQ21
McAfee-GW-EditionRDN/Generic Downloader.x
EmsisoftTrojan.GenericKD.38109773 (B)
IkarusTrojan-Downloader.MSIL.Agent
GDataTrojan.GenericKD.38109773
JiangminTrojanDownloader.MSIL.aftp
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:MSIL/SnakeKeylogger.MK1!MTB
AhnLab-V3Trojan/Win.PWSX-gen.C4788129
McAfeeRDN/Generic Downloader.x
MAXmalware (ai score=80)
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.MCrypt.MSIL.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0WKQ21
TencentMsil.Trojan-downloader.Agent.Lmub
YandexTrojan.DL.Agent!B9XMKzi6zgc
SentinelOneStatic AI – Malicious PE
eGambitTrojan.Generic
FortinetMSIL/Agent.JOJ!tr.dldr
BitDefenderThetaGen:NN.ZemsilF.34062.Dm1@amy2JBp
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/TrojanDownloader.Agent.JOJ?

MSIL/TrojanDownloader.Agent.JOJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment