What is “MSIL/TrojanDownloader.Agent.OXE”?

The MSIL/TrojanDownloader.Agent.OXE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.OXE virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Agent.OXE?


File Info:
name: 862D7DE3B4282050BF48.mlw
path: /opt/CAPEv2/storage/binaries/00f0c088adf61565b6519fe222d6769641fac4394c89ae9fcf40c1573e439f5e
crc32: E47AE98E
md5: 862d7de3b4282050bf483ff7ad228558
sha1: 010eb03b4acd6c633eb355f1d5ef944d0a5558aa
sha256: 00f0c088adf61565b6519fe222d6769641fac4394c89ae9fcf40c1573e439f5e
sha512: 4f6c60d5b706d8c32a5edf1ef8283f15fee9ddca670a8f55561c68d6b23a8cd2f8f04b51922bf3de30d0efce32bf28d050b2342917285a585137f2106cf5a354
ssdeep: 96:CWylNK5UlffffdlbXYZnXy2e9oRCo+45L3T/Nh1pjf0lzb0Z/CQT6nqpKvFnU:CtlNrlffffXMBXq9yp5L3T/7vQN0ZAa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F812E911E36E1737D9690B7B9C6327E10337A31BAC23E61FC895110DAE6138D4A92BE0
sha3_384: 35d9a4f6dd45e0bc1d79f5f88df3c0df4966acfab736a64e46e52f7c701f39b6d58280277be7d0836ccd3d593b7a6c14
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-05-22 10:39:43

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: exel Document copy.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: exel Document copy.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.OXE also known as:

tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.67167789
FireEye	Trojan.GenericKD.67167789
ALYac	Trojan.GenericKD.67167789
Malwarebytes	Trojan.Downloader.MSIL.Generic
VIPRE	Trojan.GenericKD.67167789
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 0059c9381 )
Alibaba	TrojanPSW:MSIL/Disco.54e95441
K7GW	Trojan-Downloader ( 0059c9381 )
CrowdStrike	win/malicious_confidence_90% (W)
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	MSIL.Downloader!gen7
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.OXE
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-PSW.MSIL.Disco.gen
BitDefender	Trojan.GenericKD.67167789
Avast	Win32:PWSX-gen [Trj]
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:dUwG7gDgt4xqhlxSpE2Dmw)
Emsisoft	Trojan.GenericKD.67167789 (B)
F-Secure	Heuristic.HEUR/AGEN.1323353
DrWeb	Trojan.DownloaderNET.637
McAfee-GW-Edition	BehavesLike.Win32.Generic.zm
Trapmine	malicious.high.ml.score
SentinelOne	Static AI – Malicious PE
GData	Trojan.GenericKD.67167789
Avira	HEUR/AGEN.1323353
Arcabit	Trojan.Generic.D400E62D
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Disco.gen
Microsoft	Trojan:Win32/Woreflint.A!cl
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5432268
McAfee	Artemis!862D7DE3B428
MAX	malware (ai score=86)
VBA32	Downloader.MSIL.gen.rexp
Cylance	unsafe
Ikarus	Trojan.MSIL.Crypt
Fortinet	MSIL/Agent_AGen.ASU!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilF.36196.am0@aKXztUo
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove MSIL/TrojanDownloader.Agent.OXE?

MSIL/TrojanDownloader.Agent.OXE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X