Trojan

Should I remove “MSIL/TrojanDropper.Agent.EHN”?

Malware Removal

The MSIL/TrojanDropper.Agent.EHN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDropper.Agent.EHN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Binary compilation timestomping detected

How to determine MSIL/TrojanDropper.Agent.EHN?



File Info:

name: E14ED8B9E77AFD737C26.mlw
path: /opt/CAPEv2/storage/binaries/356b8bfa0773b4a025a04bad83126140046de48e951b5742df66336a6eab83e7
crc32: 1CAD71EA
md5: e14ed8b9e77afd737c26cdb611a101bf
sha1: 4541c7516887dc2ddbc6a2f25d2032ff08fa7c6b
sha256: 356b8bfa0773b4a025a04bad83126140046de48e951b5742df66336a6eab83e7
sha512: 870b22d79a2269fd629fc08c9935fc9bc4a669cca80ad56a9651127ab4f68af7dfc56b600a22f6fad7f5d95ab60d2ffaef9b77c864d561748b9105fe1cb9f390
ssdeep: 3072:QvVMCcHVc2hghUICpwi8oYJOMMvMMMZV:QvWHVc262WoRMMvMMMZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA14C50AA1C11161D571C2B0C510B1A2B3346EE74B32FEDB6F58BA0B5EB1CD349F57AA
sha3_384: 0113a8051b8db9d68c6fc2bac0f26f14d46fe9c738a0a39435454a346070fae38a7eaffb54ab05c7c11471433f903c22
ep_bytes: ff250020400000000000000000000000
timestamp: 2051-10-27 03:09:42


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Filosofia
FileVersion: 1.0.0.0
InternalName: Filosofia.exe
LegalCopyright: Copyright ©  2019
LegalTrademarks: 
OriginalFilename: Filosofia.exe
ProductName: Filosofia
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDropper.Agent.EHN also known as:

LionicTrojan.Win32.Malicious.4!c
DrWebTrojan.PWS.Siggen2.35304
FireEyeGeneric.mg.e14ed8b9e77afd73
CylanceUnsafe
ZillyaDropper.Agent.Win32.406468
K7AntiVirusTrojan ( 00556f3e1 )
AlibabaTrojan:MSIL/Generic.d6248a2a
K7GWTrojan ( 00556f3e1 )
Cybereasonmalicious.9e77af
BitDefenderThetaGen:NN.ZemsilF.34062.mm0@aO58gs
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.EHN
TrendMicro-HouseCallTROJ_GEN.R002H0CL821
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Ahek
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
Paloaltogeneric.ml
eGambitUnsafe.AI_Score_97%
AviraHEUR/AGEN.1141014
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.C3544600
McAfeeArtemis!E14ED8B9E77A
VBA32Trojan.Downloader
MalwarebytesMalware.AI.2360730119
APEXMalicious
YandexTrojan.DR.Agent!Uh4NcvxI/Z8
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.EHN!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/TrojanDropper.Agent.EHN?

MSIL/TrojanDropper.Agent.EHN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment