Trojan

MSIL/TrojanDownloader.Agent.KHN (file analysis)

Malware Removal

The MSIL/TrojanDownloader.Agent.KHN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.KHN virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.KHN?



File Info:

name: AD747E2E696C60DE9B2F.mlw
path: /opt/CAPEv2/storage/binaries/84a8beafd4dab22658ded27734766a8b10108af8f3c8803400e1e1f6d1107003
crc32: FB2CC618
md5: ad747e2e696c60de9b2fd5d86b33b6a5
sha1: 26af16211781bfd9e7b23c333e502b24dab11568
sha256: 84a8beafd4dab22658ded27734766a8b10108af8f3c8803400e1e1f6d1107003
sha512: 83c61144a88e55861fd0c711247959f56f700f3b29587bd35c770a9688c56df9a26422276a80cb6c948101aa29e0b4b9c899465f98f785266714c32e8d0b7471
ssdeep: 6144:k1Am6gWDka/aFWTo5lYWlkiU/S7S44n63BWevxPU:kem6gWDpaFWTo5lYWlkiU/S7S44n63Bi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5442771B2460B9FE56611B4C2487BC54E2009F05DB6FA11FE623DAA77187869E3CFB0
sha3_384: 2d1ce07091034ac04e0dec7262de0fb7b619ad9580a30923fa62e3f46d1bdf52fdbab22cb239c50a29ef8f0f96465963
ep_bytes: ff250020400000000000000000000000
timestamp: 2038-04-05 14:21:20


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: LoaderFor@Aureliun_v2
FileVersion: 1.0.0.0
InternalName: LoaderFor@Aureliun_v2.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: LoaderFor@Aureliun_v2.exe
ProductName: LoaderFor@Aureliun_v2
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.KHN also known as:

LionicTrojan.MSIL.PsDownload.a!c
DrWebBackDoor.Rat.408
MicroWorld-eScanIL:Trojan.MSILZilla.13822
FireEyeGeneric.mg.ad747e2e696c60de
McAfeeRDN/Generic Downloader.x
CylanceUnsafe
SangforTrojan.MSIL.PsDownload.gen
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDownloader:MSIL/PsDownload.e7088674
K7GWTrojan-Downloader ( 0058de7b1 )
K7AntiVirusTrojan-Downloader ( 0058de7b1 )
BitDefenderThetaGen:NN.ZemsilF.34212.qm0@aqEVztc
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.KHN
TrendMicro-HouseCallTROJ_FRS.0NA103B922
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.MSIL.PsDownload.gen
BitDefenderIL:Trojan.MSILZilla.13822
AvastWin32:DropperX-gen [Drp]
TencentMsil.Trojan-downloader.Agent.Lpbg
Ad-AwareIL:Trojan.MSILZilla.13822
SophosMal/Generic-S
ComodoMalware@#j2xwfpeqbk9c
TrendMicroTROJ_FRS.0NA103B922
McAfee-GW-EditionRDN/Generic Downloader.x
EmsisoftIL:Trojan.MSILZilla.13822 (B)
IkarusTrojan-Downloader.MSIL.Tiny
GDataIL:Trojan.MSILZilla.13822
WebrootW32.Trojan.Dropper
AviraHEUR/AGEN.1240931
Antiy-AVLTrojan/Generic.ASMalwS.351FFC4
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitIL:Trojan.MSILZilla.D35FE
ZoneAlarmHEUR:Trojan-Downloader.MSIL.PsDownload.gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4934425
VBA32TScope.Trojan.MSIL
ALYacBackdoor.RAT.DC
MAXmalware (ai score=80)
MalwarebytesTrojan.Downloader.MSIL.Generic
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:CneQ7TdD7BnObmf7mvdpRA)
YandexTrojan.DL.Agent!a4VGsbZ9Mo8
SentinelOneStatic AI – Malicious PE
FortinetPossibleThreat
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.11781b
PandaTrj/CI.A
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/TrojanDownloader.Agent.KHN?

MSIL/TrojanDownloader.Agent.KHN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment