Trojan

Should I remove “MSIL/TrojanDownloader.Agent.KAG”?

Malware Removal

The MSIL/TrojanDownloader.Agent.KAG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.KAG virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.KAG?



File Info:

name: 2E52F959B872516E6F74.mlw
path: /opt/CAPEv2/storage/binaries/be8b4d75156c5beebef91c0cd172cffacaa77f77df942c1d510f334eb9250349
crc32: 2434F07C
md5: 2e52f959b872516e6f74b140fb4ebff5
sha1: 1d54f5ba193653d0c7ab22effd0b7cc03048d7b1
sha256: be8b4d75156c5beebef91c0cd172cffacaa77f77df942c1d510f334eb9250349
sha512: fb3639f69c9ad2fbc908905967fd9451f35f8017515a1d0e2c468ea30916a1fb40a0f7418e870972eced5b8916b63eb2016682d6a9e7fc052a7533b6a082dbee
ssdeep: 1536:uJ5kCndVngkq2Y8FuQ8nZEMLMxXFGU6aB7DXXOWuga:uzkCndVne2iZ4Vv6aB7DXXOWuga
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T107835D33F31AD44BD45531FDD0B3EA993AB06B556D52C72AF022B1A99636303BC0EE19
sha3_384: ff7d7ffed143d0ce694ac65be2a76e12b1ff4de7bfa501334b0dee5f1221fe7cfbb35f029f01ec851e9413c2ada6ab27
ep_bytes: ff250020400000000000000000000000
timestamp: 2069-02-20 05:46:08


Version Info:

Translation: 0x0000 0x04b0
Comments: Microsoft SQL Server Management Studio - 18.10
CompanyName: Microsoft Corporation
FileDescription: Microsoft SQL Server Management Studio - 18.10
FileVersion: 15.0.18390.0
InternalName: Adywi.exe
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: Adywi.exe
ProductName: Microsoft SQL Server Management Studio - 18.10
ProductVersion: 15.0.18390.0
Assembly Version: 15.0.18390.0

MSIL/TrojanDownloader.Agent.KAG also known as:

LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47914762
FireEyeTrojan.GenericKD.47914762
ALYacTrojan.GenericKD.47914762
CylanceUnsafe
SangforTrojan.MSIL.AgentTesla.NCB
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:MSIL/Generic.aa939cbf
K7GWTrojan-Downloader ( 0058d11c1 )
K7AntiVirusTrojan-Downloader ( 0058d11c1 )
CyrenW32/MSIL_Agent.CQL.gen!Eldorado
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.KAG
TrendMicro-HouseCallTROJ_GEN.R03FC0DAJ22
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Multi.GenericML.xnet
BitDefenderTrojan.GenericKD.47914762
AvastWin32:DropperX-gen [Drp]
TencentMsil.Trojan-downloader.Agent.Htck
Ad-AwareTrojan.GenericKD.47914762
SophosMal/Generic-S
ZillyaDownloader.Agent.Win32.459690
TrendMicroTROJ_GEN.R03FC0DAJ22
McAfee-GW-EditionRDN/Generic Downloader.x
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.47914762 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.47914762
AviraTR/Downloader.MSIL.wsjlh
Antiy-AVLTrojan[Downloader]/MSIL.AgentTesla
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2DB1F0A
ZoneAlarmUDS:Trojan.Multi.GenericML.xnet
MicrosoftTrojanDownloader:MSIL/AgentTesla.NCB!MTB
AhnLab-V3Trojan/Win.Sabsik.C4918159
McAfeeRDN/Generic Downloader.x
MAXmalware (ai score=85)
APEXMalicious
IkarusTrojan-Downloader.MSIL.Agent
FortinetMSIL/Agent.KAG!tr.dldr
BitDefenderThetaGen:NN.ZemsilF.34264.fm0@aWatjkj
AVGWin32:DropperX-gen [Drp]
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/TrojanDownloader.Agent.KAG?

MSIL/TrojanDownloader.Agent.KAG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment