Trojan

MSIL/TrojanDropper.Agent.ESC removal

Malware Removal

The MSIL/TrojanDropper.Agent.ESC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDropper.Agent.ESC virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • A HTTP/S link was seen in a script or command line
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Attempts to modify desktop wallpaper
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • A script process created a new process
  • Attempts to modify browser security settings
  • Attempts to execute suspicious powershell command arguments

How to determine MSIL/TrojanDropper.Agent.ESC?



File Info:

name: 8348673C3EDCD8F3E909.mlw
path: /opt/CAPEv2/storage/binaries/9b6e2698188db18a7ff925d6aea1faa0832e37560fa8a7cbf342715f8daaedaf
crc32: 01F136FC
md5: 8348673c3edcd8f3e909e07e37e0c032
sha1: 5dea8f7133da154b7dd30d1d56ca1ebd88b7724e
sha256: 9b6e2698188db18a7ff925d6aea1faa0832e37560fa8a7cbf342715f8daaedaf
sha512: 60315a2fe0ee01dad1ea7b251e7bbda490de82e7ee56cb9973834b086a07d7f10c4dc91e9f2e0abb43d15c0b505d2151c0889e04a611a6eb0d4689794a2725ff
ssdeep: 49152:7a/KPtarzp3MFzvgd3aH09UJqOlNN26WICSRCYT11kVTdt0BihL67Sy5BpNTVcHz:7xMrzp3MqdazqgO6CekVnH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12446C642A2E944A4F1B32B75AD3629710A777D115E38C88FA98CBC1D1BF3681D530B6F
sha3_384: 6b620543bbfbb87813d866568cbb6f325437921c9da9cb66f144a42e121d2cb412212952b330884546f1fd3874168153
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-04-19 04:07:56


Version Info:

Translation: 0x0000 0x04b0
FileDescription: setup installer
FileVersion: 1.0.0.0
InternalName: setup installer.exe
LegalCopyright: Copyright ©  2020
OriginalFilename: setup installer.exe
ProductName: setup installer
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/TrojanDropper.Agent.ESC also known as:

DrWebTrojan.DownLoader33.49628
MicroWorld-eScanTrojan.GenericKD.50472639
FireEyeGeneric.mg.8348673c3edcd8f3
McAfeeArtemis!8348673C3EDC
SangforTrojan.MSIL.FrauDrop.gen
K7AntiVirusTrojan ( 005947701 )
AlibabaTrojanDropper:MSIL/FrauDrop.8b754bfb
K7GWTrojan ( 005947701 )
Cybereasonmalicious.133da1
BitDefenderThetaGen:NN.ZemsilCO.34742.@p0@amuYeUi
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.ESC
TrendMicro-HouseCallTROJ_GEN.R002H0CFI22
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Dropper.MSIL.FrauDrop.gen
BitDefenderTrojan.GenericKD.50472639
AvastWin32:DropperX-gen [Drp]
TencentMsil.Trojan-dropper.Agent.Dyge
Ad-AwareTrojan.GenericKD.50472639
EmsisoftTrojan.GenericKD.50472639 (B)
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraVBS/Dldr.Agent.VPIT
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataTrojan.GenericKD.50472639
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.50472639
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:rqRASXevgJpKs3EcTT9RfA)
FortinetPossibleThreat
AVGWin32:DropperX-gen [Drp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/TrojanDropper.Agent.ESC?

MSIL/TrojanDropper.Agent.ESC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment