About “MSIL/TrojanDownloader.Agent.KGJ” infection

The MSIL/TrojanDownloader.Agent.KGJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.KGJ virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.KGJ?


File Info:
name: A78C97164361780FA5A5.mlw
path: /opt/CAPEv2/storage/binaries/b1ae5cb5756b2e567a5a866cd7698096def83fe2b8b1c6c0c1140f817036a53b
crc32: D49A725F
md5: a78c97164361780fa5a5d4a6fd48cdc1
sha1: 093b48da95cdbb5f3dde7846da141e21af8dbc93
sha256: b1ae5cb5756b2e567a5a866cd7698096def83fe2b8b1c6c0c1140f817036a53b
sha512: fd38066ebb767aed304ccc8b7658683905ea9d516cf947775d0a5bf9ed0f347f516ecb6048f4383c4c36fadea5b6f0b0fdbc3a51ba2f778e7a587693a849609f
ssdeep: 192:UcOZKl2H6YLDL/YLS2IcWekL3LKLHuWpJI+fCr9wT:BOAYLDLgLfIcWekL3LKLlH9fCr9w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T132F1D811A7FC8776C9760E325CF392410B75F2169D57DA2E9488111BAE633138AA3BF0
sha3_384: 5b79559242bfe557d5193bd21cc8c0dc4b272e3a535ef5945b01597d188d4f519c7922b993ee2f0ee17e41ba17405c0e
ep_bytes: ff250020400000000000000000000000
timestamp: 2069-09-13 05:17:20

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: WindowsFormsApp1
FileVersion: 1.0.0.0
InternalName: WindowsFormsApp1.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: WindowsFormsApp1.exe
ProductName: WindowsFormsApp1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.KGJ also known as:

FireEye	Generic.mg.a78c97164361780f
McAfee	Artemis!A78C97164361
Zillya	Downloader.Agent.Win32.461016
Sangfor	Infostealer.MSIL.Disco.gen
K7AntiVirus	Trojan-Downloader ( 0058de7c1 )
K7GW	Trojan-Downloader ( 0058de7c1 )
CrowdStrike	win/malicious_confidence_60% (W)
Cyren	W32/Trojan.IRPN-5705
Symantec	MSIL.Downloader!gen6
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.KGJ
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	HEUR:Trojan-PSW.MSIL.Disco.gen
Tencent	Msil.Trojan-downloader.Agent.Lnei
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Generic.xt
Paloalto	generic.ml
GData	Win32.Trojan.Agent.MB9FT2
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Disco.gen
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Malwarebytes	Trojan.Downloader.MSIL.Generic
TrendMicro-HouseCall	TROJ_GEN.R002H0DB122
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:BOE/m9/BdiZ71K9IWt6qGg)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Tiny.WU!tr.dldr
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A

How to remove MSIL/TrojanDownloader.Agent.KGJ?

MSIL/TrojanDownloader.Agent.KGJ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X