Trojan

MSIL/TrojanDropper.Agent.DHL (file analysis)

Malware Removal

The MSIL/TrojanDropper.Agent.DHL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDropper.Agent.DHL virus can do?

  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine MSIL/TrojanDropper.Agent.DHL?



File Info:

name: 7C7CAFB221A5B47624B3.mlw
path: /opt/CAPEv2/storage/binaries/14cac26e48f2d8d99323f059803a43002368069597c9b53b8cd4c4b5fd7eca74
crc32: 1BF16517
md5: 7c7cafb221a5b47624b3a212b792d38e
sha1: 0169b12dc75ea56eefb3ec6daf98f783033ef9d3
sha256: 14cac26e48f2d8d99323f059803a43002368069597c9b53b8cd4c4b5fd7eca74
sha512: c9c7d010bab7c0d3eedd8c3b415478353d234a5476aec0aa9a03b3ae246a7a380923edd405d5adb85f666d8028516a33a454f5c2296abf890fbc1bb53c6ada5f
ssdeep: 1536:3mvUHCCzsVE84vatXlQzWGfZ/FOgonqoXD8FIMBoxlzlml9OlEA2WiM:Rix/u+lm/FOgwqoFyWj
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T190C3452C2E965135E576DE7E81E428CA9F5E736337079C4D10FA12CD8B26A01FEE502D
sha3_384: fa2698613f1b45d5fee436cc2b550f84a63f425ff649b0ce3e9503f28606c3744fc1368199ba9f693dc4a638b691db89
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-09-19 22:49:02


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: z.exe
LegalCopyright:  
OriginalFilename: z.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/TrojanDropper.Agent.DHL also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader10.26318
MicroWorld-eScanGen:Heur.MSIL.Krypt.12
FireEyeGeneric.mg.7c7cafb221a5b476
McAfeeArtemis!7C7CAFB221A5
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.221a5b
BitDefenderThetaAI:Packer.E46A359F1F
CyrenW32/Trojan.LNUU-6979
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.DHL
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.MSIL.Krypt.12
NANO-AntivirusTrojan.Win32.Zapchast.cibcpt
AvastWin32:Malware-gen
RisingMalware.Obfus/MSIL@AI.90 (RDM.MSIL:3LTiuGv4B1ngKLVSQ8XKnA)
EmsisoftGen:Heur.MSIL.Krypt.12 (B)
ComodoMalware@#3tz39uugjuq4y
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.ct
SophosMal/Generic-S + Troj/DotNet-M
IkarusVirTool.MSIL
AviraHEUR/AGEN.1221840
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.4B1079
KingsoftWin32.Troj.Zapchast.ak.(kcloud)
MicrosoftBackdoor:MSIL/Bladabindi.B
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Heur.MSIL.Krypt.12
CynetMalicious (score: 99)
VBA32Trojan.MSIL.Zapchast
ALYacGen:Heur.MSIL.Krypt.12
APEXMalicious
YandexTrojan.Zapchast!q8oGciHEVxw
SentinelOneStatic AI – Malicious PE
FortinetW32/Zapchast.AKYM!tr
AVGWin32:Malware-gen
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/TrojanDropper.Agent.DHL?

MSIL/TrojanDropper.Agent.DHL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment