Trojan

What is “MSIL/TrojanDropper.Agent.BVT”?

Malware Removal

The MSIL/TrojanDropper.Agent.BVT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MSIL/TrojanDropper.Agent.BVT virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the NjRATGolden malware family
  • Creates known Njrat/Bladabindi RAT registry keys
  • Yara detections observed in process dumps, payloads or dropped files

How to determine MSIL/TrojanDropper.Agent.BVT?


File Info:

name: C1B9C8B078D4DE5763A3.mlw
path: /opt/CAPEv2/storage/binaries/1559048fe01da6e2c6780aa8a3c40b64c38a236ae4b6528bc46b6191f1200660
crc32: F34000DF
md5: c1b9c8b078d4de5763a3100154a52c50
sha1: a0c761bc89da7f2a6b3113b122c4f8577214ce27
sha256: 1559048fe01da6e2c6780aa8a3c40b64c38a236ae4b6528bc46b6191f1200660
sha512: f0376439ed5d2f224d4c73317bba0b7ac9f66213a19941b4944c59df9f370ef36a42d868d64a58d5eef4e831217a00f39e7d65975727d84301d64eafc36229e7
ssdeep: 12288:mAAMW0Ofel678qti5PGVv0Y96Uy8CSxUMPPVveNtA/SpzFbZ:mzT7u5a96UydMPPNeNcCdZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T109F412BB6548EF72E57DD37841A1081817FAAC38C3A1DA753E967E7F31765438A02213
sha3_384: 1169631e435e3a6e3007f36a3f1b67e66c8930f97c0c0099ccd9613a8d98e010293cb2cb7d54a9237a3e185f19cb6e5d
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-07-21 17:56:27

Version Info:

Translation: 0x0000 0x04b0
Comments: Software
CompanyName: Software Company
FileDescription: Software
FileVersion: 1.0.0.0
InternalName: Software.exe
LegalCopyright: Copyright © Software 2015
OriginalFilename: Software.exe
ProductName: Software
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDropper.Agent.BVT also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Generic.mDc5
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader21.32958
MicroWorld-eScanGen:Variant.MSILPerseus.1267
FireEyeGeneric.mg.c1b9c8b078d4de57
ALYacGen:Variant.MSILPerseus.1267
MalwarebytesGeneric.Malware.AI.DDS
ZillyaDropper.Agent.Win32.575494
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
BitDefenderThetaGen:NN.ZemsilF.36804.Tq3@aeaubEb
VirITTrojan.Win32.MSIL8.BCRI
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.BVT
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojanDropper:MSIL/Redwer.902865b8
NANO-AntivirusTrojan.Win32.Agent.dzssyg
ViRobotTrojan.Win32.Z.Blocker.738846
SophosTroj/MSIL-EPJ
F-SecurePacked:W32/DonutCrypt.A
VIPREGen:Variant.MSILPerseus.1267
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.MSILPerseus.1267 (B)
IkarusTrojan.MSIL.Crypt
JiangminTrojan/Generic.biili
AviraTR/Skeeyah.dkle
Antiy-AVLTrojan[Ransom]/Win32.Blocker
KingsoftWin32.Trojan.Generic.a
ArcabitTrojan.MSILPerseus.D4F3
ZoneAlarmHEUR:Trojan.Win32.Generic
GoogleDetected
AhnLab-V3Trojan/Win32.Dynamer.R160304
MAXmalware (ai score=100)
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DB624
TencentMalware.Win32.Gencirc.14001448
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Agent.LF!tr
DeepInstinctMALICIOUS
alibabacloudTrojan[dropper]:MSIL/Mint.Porcupine

How to remove MSIL/TrojanDropper.Agent.BVT?

MSIL/TrojanDropper.Agent.BVT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment