Trojan

MSIL/TrojanDropper.Agent.DKU information

Malware Removal

The MSIL/TrojanDropper.Agent.DKU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDropper.Agent.DKU virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine MSIL/TrojanDropper.Agent.DKU?



File Info:

name: 1855E9739B1C853D4521.mlw
path: /opt/CAPEv2/storage/binaries/caa5a727443dea2e2dedae942d8d3529343bad6e708a9b4639585059728faf19
crc32: 3D63D38B
md5: 1855e9739b1c853d4521100adcf3fb21
sha1: 8e66f303728c551346b238d962a0cb537b46b9b1
sha256: caa5a727443dea2e2dedae942d8d3529343bad6e708a9b4639585059728faf19
sha512: c9ae3f71cebe500ed4c20e705c91789fa16b35abd3501ae173be2049f2a5f7c8d116d9515d7681857780af249f4c8c480b1012863fa37cf8ce1a7fa538b23ad8
ssdeep: 49152:OeHy6AGVfT2NXS8Os0qEwAV0dOketREk/prE/lajzcBNrtTsMa:OeHyJGNCpSw0qEROYklgpQ/lajIXrtm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E165BDFE00C1A31F35B0EB4192424FFF349CA689B0FD55B1556E5109E3CA0ED6E9A8A
sha3_384: 7b2e62340c82373ccf5b94a151122955f629f31e618c9d5b15b33e72dae6b322522c1f1cf4f24d377187c3f919ad09cc
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-10-02 10:33:05


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: vs_community_1242960565.16331149305.exe
LegalCopyright:  
OriginalFilename: vs_community_1242960565.16331149305.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/TrojanDropper.Agent.DKU also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47095318
FireEyeGeneric.mg.1855e9739b1c853d
McAfeeGenericRXQG-IP!1855E9739B1C
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005267341 )
AlibabaTrojan:MSIL/GenMalicious.11bf48cf
K7GWTrojan ( 005267341 )
Cybereasonmalicious.3728c5
BitDefenderThetaGen:NN.ZemsilF.34182.4p0@auHjhff
CyrenW32/MSIL_Troj.EL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.DKU
APEXMalicious
AvastMSIL:GenMalicious-EED [Trj]
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Multi.GenericML.xnet
BitDefenderTrojan.GenericKD.47095318
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R011C0WJ621
McAfee-GW-EditionBehavesLike.Win32.Generic.wh
EmsisoftTrojan.GenericKD.47095318 (B)
Paloaltogeneric.ml
AviraHEUR/AGEN.1120344
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftBackdoor:Win32/Bladabindi!ml
ZoneAlarmUDS:Trojan.Multi.GenericML.xnet
GDataTrojan.GenericKD.47095318
ALYacTrojan.GenericKD.47095318
MAXmalware (ai score=89)
MalwarebytesTrojan.Crypt.MSIL
TrendMicro-HouseCallTROJ_GEN.R011C0WJ621
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:1XHNKKlUuzaNcOidCqMIog)
YandexTrojan.DR.Agent!q9dV7hw0e9g
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.DKU!tr
AVGMSIL:GenMalicious-EED [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/TrojanDropper.Agent.DKU?

MSIL/TrojanDropper.Agent.DKU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment