About “MSIL/TrojanDropper.Agent.CGX” infection

The MSIL/TrojanDropper.Agent.CGX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/TrojanDropper.Agent.CGX virus can do?

Sample contains Overlay data
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine MSIL/TrojanDropper.Agent.CGX?


File Info:
name: 89146AF2156707589192.mlw
path: /opt/CAPEv2/storage/binaries/a3c8e09514d16d230090e92494aa8d4bc8c98e9ef97f14ca983b1749b9ebb55a
crc32: AA6E2101
md5: 89146af21567075891923ad11abb9fe2
sha1: 0ad171678e5ed92a5bfe0c87201cd86f674b90b3
sha256: a3c8e09514d16d230090e92494aa8d4bc8c98e9ef97f14ca983b1749b9ebb55a
sha512: f701acdbf95a6ecfd116a0ef157960185260fd982b7d70aff1fc150c18e47a88a47b93e6648b9cb0911761be00bd1b558e1aa79901f8de35dd5563100e66814e
ssdeep: 6144:h9zJRjTUz61WjmvglgQJ/XX5GqSx1dErhgtetF:/PjO6aK42dAMetF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AD1412A34F5BC697C5D856F89C22FF30CE60EF08548673DB86D5D4814589C6B2AB22CB
sha3_384: 66763ecbe9ad1e4cfd4129feaa9d07a29ddb264ce2fc9afb06b8aa512e9e5e2c964f49f10bc58a510ec83d440ff9001e
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-12-20 20:11:03

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: crypt burhan.Exe
LegalCopyright:  
OriginalFilename: crypt burhan.Exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/TrojanDropper.Agent.CGX also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Generic.m48a
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.MSILKrypt.4
ClamAV	Win.Packed.Msilkrypt-9856795-0
FireEye	Generic.mg.89146af215670758
McAfee	GenericRXEH-KC!89146AF21567
Cylance	Unsafe
VIPRE	Gen:Variant.MSILKrypt.4
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
Cybereason	malicious.215670
VirIT	Trojan.Win32.MSIL5.BVQU
Symantec	SecurityRisk.Dropper
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDropper.Agent.CGX
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.MSIL.Dnoper.gen
BitDefender	Gen:Variant.MSILKrypt.4
NANO-Antivirus	Trojan.Win32.Agent.dztznw
Avast	Win32:MalwareX-gen [Trj]
Tencent	Msil.Trojan.Dnoper.Fflw
Ad-Aware	Gen:Variant.MSILKrypt.4
Emsisoft	Gen:Variant.MSILKrypt.4 (B)
Comodo	Malware@#1f736d82dq1j5
DrWeb	Trojan.MulDrop9.5084
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Trapmine	malicious.moderate.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.MSILKrypt.4
Avira	TR/Dropper.Gen
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Generic.ASMalwS.328B
Microsoft	PWS:Win32/Zbot!ZA
Google	Detected
AhnLab-V3	Trojan/Win32.Disfa.R126753
Acronis	suspicious
ALYac	Gen:Variant.MSILKrypt.4
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:jcWEx7DHyWaXQy1z9DTEqA)
Ikarus	Trojan-Dropper.MSIL.Agent
Fortinet	MSIL/Agent.CGX!tr
BitDefenderTheta	Gen:NN.ZemsilF.34646.mm3@aenXgym
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove MSIL/TrojanDropper.Agent.CGX?

MSIL/TrojanDropper.Agent.CGX removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X