MSIL/TrojanDownloader.Agent.PHW malicious file

The MSIL/TrojanDownloader.Agent.PHW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDownloader.Agent.PHW virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Agent.PHW?


File Info:
name: 7C6B5D42673F1637AF11.mlw
path: /opt/CAPEv2/storage/binaries/657b71b90135fcefac161313d75483aee5dee8c2d39203ec014b8d785ca843ca
crc32: 0D4AF7FE
md5: 7c6b5d42673f1637af11eb5740285fa4
sha1: 815392afb5cad3ea7f82b8d1120e39d872a101ba
sha256: 657b71b90135fcefac161313d75483aee5dee8c2d39203ec014b8d785ca843ca
sha512: 6936ce9a4c57b07976e5e2f24a483d62d22cdafb1e37a749d051f72edca1bf28e52014a47f2145d1cab88b0ba9c45c317b32237840ca899d63a2a07d6597cb6e
ssdeep: 196608:DkYPTj81eFaBO5kFj0zA/YXqIA+XSlyORmlM1wRDN2f/xcEWCq5xI:D5rVFL5kp/mMUlOwRDcEXx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D8B633FEF63E63C4CD2175729DB4A91D401920DE6B82F039EC1B42773A89D2394A9772
sha3_384: f3a432399ca11368238dd72d0a04d301644b5518d7510bddde38578e084ef9db7068f0f4bf82db518d73fc0ad2e55b08
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-06-15 03:22:29

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: statemobile.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: statemobile.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDownloader.Agent.PHW also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.7c6b5d42673f1637
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
Alibaba	Trojan:MSIL/Inject.563b191c
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilF.36250.@p0@aKUMk0
Cyren	W32/ABRisk.NXXN-6547
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.PHW
APEX	Malicious
Kaspersky	HEUR:Trojan-PSW.MSIL.Stealerc.gen
Avast	Win32:PWSX-gen [Trj]
F-Secure	Trojan.TR/Dropper.Gen
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Agent.WPZIJ4
Google	Detected
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/MSIL.GenKryptik
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Stealerc.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!7C6B5D42673F
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002H0AFH23
Ikarus	Trojan.MSIL.Inject
Fortinet	MSIL/GenKryptik.GKRQ!tr
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.fb5cad
DeepInstinct	MALICIOUS

How to remove MSIL/TrojanDownloader.Agent.PHW?

MSIL/TrojanDownloader.Agent.PHW removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X