Trojan

Should I remove “MSIL/TrojanDownloader.Agent_AGen.BHA”?

Malware Removal

The MSIL/TrojanDownloader.Agent_AGen.BHA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent_AGen.BHA virus can do?

  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Binary file triggered YARA rule

How to determine MSIL/TrojanDownloader.Agent_AGen.BHA?



File Info:

name: 4E1F65F5A6B35886D17B.mlw
path: /opt/CAPEv2/storage/binaries/5b1b094a1874f9b2fda0831bf897939c058d6aa8f73d4d4ec54ea29b3b0242c3
crc32: FC858715
md5: 4e1f65f5a6b35886d17b95eb2f838648
sha1: c6387fab18b62ed2f23daf09941c82cf3ca21b6c
sha256: 5b1b094a1874f9b2fda0831bf897939c058d6aa8f73d4d4ec54ea29b3b0242c3
sha512: f6c680eb37dacc33cfb96e093608cc0fe7c37d88514d691ac783fd52219caf770f5b82e8d17a3f35b3770624417560c6068b02befc3598fc2c3c3d9d2c1c94b7
ssdeep: 6144:xLJE08tYLBZGEQrdm4Vz0Rpppppppppppppppppppppppppppppq:DLQrdm4Vz0Rpppppppppppppppppppp4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16E34F782E9006274EE68AB346A33C93507127DBDAD79D42D24E97D4B3FBFAD36025413
sha3_384: 28ca0aeeed8fa4f6dbfccb1b85f4088ef87818fea054b4e6df48778e9bc752a4fe42b87306186f756da7ab1530ea14ad
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-05-01 06:25:43


Version Info:

0: [No Data]

MSIL/TrojanDownloader.Agent_AGen.BHA also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Agensla.i!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.4e1f65f5a6b35886
MalwarebytesTrojan.MalPack.MSIL
SangforTrojan.Msil.Agent.Vxob
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent_AGen.BHA
APEXMalicious
KasperskyUDS:Trojan-PSW.MSIL.Agensla.gen
AvastWin32:DropperX-gen [Drp]
SophosMal/Generic-S
WebrootW32.Trojan.Gen
GoogleDetected
VaristW32/MSIL_Kryptik.GOL.gen!Eldorado
Kingsoftmalware.kb.c.964
MicrosoftTrojan:Win32/Sonbokli.A!cl
ZoneAlarmUDS:Trojan-PSW.MSIL.Agensla.gen
Cylanceunsafe
RisingMalware.Obfus/MSIL@AI.87 (RDM.MSIL2:zi5IkfvSae8yp+3/5iN3/g)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.AKGE!tr
BitDefenderThetaGen:NN.ZemsilF.36804.om0@aGU@wU
AVGWin32:DropperX-gen [Drp]
DeepInstinctMALICIOUS

How to remove MSIL/TrojanDownloader.Agent_AGen.BHA?

MSIL/TrojanDownloader.Agent_AGen.BHA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment