Trojan

MSIL/TrojanDownloader.Agent.KHR malicious file

Malware Removal

The MSIL/TrojanDownloader.Agent.KHR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.KHR virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.KHR?



File Info:

name: 94D7BD05B9648B5915B5.mlw
path: /opt/CAPEv2/storage/binaries/80eb38be334d51a2b904c9960179fc55eacc40853cf51b063826761a76d50ba3
crc32: BF0F7473
md5: 94d7bd05b9648b5915b57de0e10ce325
sha1: d6cdabb415ea7faf08a52f30f7437d7f61de700d
sha256: 80eb38be334d51a2b904c9960179fc55eacc40853cf51b063826761a76d50ba3
sha512: 4b2e593ad9596d25352ab6d76ada3c5473025584f969a4c24fc61c7b6ddf03eee1d02c7736fa5862fd504b005876d23557a957ef8dfefd1a172406b12985d688
ssdeep: 768:AIAs/t5ibyBdnmbJoIGcezZ3maHiYMwN8Agw3nZPHbzYK3:jAs/t5iby3n8oIQ2NAVZDzv
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T172C34EF4E771B919F010C97CF99982703AF8EF605F329542B469763A197E2BC2D224E4
sha3_384: e11db8ac4757c36022df584d732c3a9c0fb2a8810fd1ce3c6be57325269cd2596c6366d0819cb4c95edf27c881b3fcab
ep_bytes: ff250020400000000000000000000000
timestamp: 2058-12-22 04:40:42


Version Info:

Translation: 0x0000 0x04b0
Comments: Opera Internet Browser
CompanyName: Opera Software
FileDescription: Opera Internet Browser
FileVersion: 83.0.4254.27
InternalName: Yqgjnhif.exe
LegalCopyright: Copyright Opera Software 2022
LegalTrademarks: 
OriginalFilename: Yqgjnhif.exe
ProductName: Opera Internet Browser
ProductVersion: 83.0.4254.27
Assembly Version: 83.0.4254.27

MSIL/TrojanDownloader.Agent.KHR also known as:

LionicTrojan.MSIL.Noon.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38881983
FireEyeTrojan.GenericKD.38881983
CAT-QuickHealTrojanSpy.MSIL
McAfeeRDN/AgentTesla
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2659081
SangforTrojan.MSIL.Agent.KHR
K7AntiVirusTrojan-Downloader ( 0058de741 )
K7GWTrojan-Downloader ( 0058de741 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.PSWStealer.DFM
CyrenW32/MSIL_Kryptik.GLW.gen!Eldorado
SymantecMSIL.Downloader!gen7
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.KHR
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.MSIL.Noon.gen
BitDefenderTrojan.GenericKD.38881983
AvastWin32:DropperX-gen [Drp]
TencentMsil.Trojan-downloader.Agent.Huzf
Ad-AwareTrojan.GenericKD.38881983
SophosMal/Generic-S + Troj/TeslaA-CZC
ComodoMalware@#1p2phc606tib8
DrWebTrojan.DownLoader44.35940
TrendMicroTROJ_FRS.0NA103B522
McAfee-GW-EditionRDN/AgentTesla
EmsisoftTrojan.GenericKD.38881983 (B)
IkarusTrojan.Inject
GDataTrojan.GenericKD.38881983
AviraHEUR/AGEN.1232055
Antiy-AVLTrojan/Generic.ASMalwS.352313B
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:MSIL/AgentTesla.PK!MTB
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4952723
ALYacTrojan.GenericKD.38881983
MAXmalware (ai score=88)
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Downloader.MSIL.Generic
TrendMicro-HouseCallTROJ_FRS.0NA103B522
YandexTrojan.Igent.bXrnd7.12
FortinetMalicious_Behavior.SB
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.415ea7
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.300983.susgen

How to remove MSIL/TrojanDownloader.Agent.KHR?

MSIL/TrojanDownloader.Agent.KHR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment