Trojan

MSIL/TrojanDropper.Agent.EDP removal guide

Malware Removal

The MSIL/TrojanDropper.Agent.EDP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDropper.Agent.EDP virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine MSIL/TrojanDropper.Agent.EDP?



File Info:

name: 927F4DCC90BBD6B88AA5.mlw
path: /opt/CAPEv2/storage/binaries/65c8e8b264589270ff07ed764a25e16316394447fde1a23147bf3224e0fbbb91
crc32: CD4539D5
md5: 927f4dcc90bbd6b88aa50f1902224aaa
sha1: 5b6a879fb2737fa923bcf59c58ac34557f5eb640
sha256: 65c8e8b264589270ff07ed764a25e16316394447fde1a23147bf3224e0fbbb91
sha512: b5eacc2bdbfbeae223fbc7e0c074cc4da813f93dc5b1e7d1bc7b2cc5d712ff0343b292d372290a848a9ff00eb0c17e274c61e64e50371f1a5c002fcadfe82bc7
ssdeep: 3072:dclu1UlU5QRzEyavAA/XxoJOrFNSefzAQk7rju1UlU5:dclumltZEyavAIX+Ecuml
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T123E30880E3C15FABC44D24B41073092053B6FDAED562EB472BADF17326E73879B6A116
sha3_384: 8074857e3c04e4c2413ffa898e3bf2c5998d511bef3d88e7253f4306d5ce443ad4a29b07b795c757aad16f9fad537a3b
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-05-06 20:51:49


Version Info:

Translation: 0x0000 0x04b0
Comments: Plays media using mciSendString.
FileDescription: ApiVideo
FileVersion: 1.0.6670.3109
InternalName: ApiVideo.exe
LegalCopyright:  
OriginalFilename: ApiVideo.exe
ProductName: ApiVideo
ProductVersion: 1.0.6670.3109
Assembly Version: 1.0.6670.3109

MSIL/TrojanDropper.Agent.EDP also known as:

LionicTrojan.Win32.Generic.4!c
DrWebTrojan.MulDropNET.18
MicroWorld-eScanTrojan.GenericKD.36536756
FireEyeTrojan.GenericKD.36536756
ALYacTrojan.GenericKD.36536756
CylanceUnsafe
ZillyaTrojan.Generic.Win32.54977
SangforTrojan.Win32.Generic.ky
AlibabaTrojan:MSIL/Generic.9d3d0e32
Cybereasonmalicious.c90bbd
BitDefenderThetaGen:NN.ZemsilCO.34084.jm0@a8a25Hm
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.EDP
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.36536756
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.36536756
SophosMal/Generic-S
ComodoMalware@#3gjhe99qtq9hk
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis
EmsisoftTrojan.GenericKD.36536756 (B)
SentinelOneStatic AI – Suspicious PE
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.2602425
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataTrojan.GenericKD.36536756
McAfeeArtemis!927F4DCC90BB
VBA32TScope.Trojan.MSIL
APEXMalicious
TencentWin32.Trojan.Generic.Hryt
YandexTrojan.Agent!DMVz/Oz2po8
IkarusTrojan.SuspectCRC
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (W)

How to remove MSIL/TrojanDropper.Agent.EDP?

MSIL/TrojanDropper.Agent.EDP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment