Malware

MSIL:Agent-TA [Trj] malicious file

Malware Removal

The MSIL:Agent-TA [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL:Agent-TA [Trj] virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine MSIL:Agent-TA [Trj]?



File Info:

name: 62369CE34FCA61F426E8.mlw
path: /opt/CAPEv2/storage/binaries/775dd6471c74c5c627d572d9330b4e9c9388dd265bc7fc4ea468ac9766143c83
crc32: 8D7C26B3
md5: 62369ce34fca61f426e866773fdb0a7e
sha1: ed5888301e6b4981af3cd81b29254ef1834c5bc0
sha256: 775dd6471c74c5c627d572d9330b4e9c9388dd265bc7fc4ea468ac9766143c83
sha512: 9d06421dbbc919af87c0a76c9f3c2b210ac396eab3fa523ef59916e879badd1fb25ecf5da8e060d3dd4e8e9ccad3c4d9068dd355fa67e64f4473556f965760ea
ssdeep: 3072:GFDvvzQAIaTcrIbID1qqRtQzO7OSxFDvvzQAIaTcrIbID1qi:ED3zApD1sCDD3zApD1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17225B70CA7608437D420B6FDD85282B8A936FDE3A906426724347F6BE5B1E113DEFD25
sha3_384: 3e1f0ba9597b5ee2f4baa1d0fd2a60edb671770f4d14fe89f671433e7970edefce88ac6ad356a496cd90a78f36da4e81
ep_bytes: ff250020400000000000000000000000
timestamp: 2010-07-30 14:40:36


Version Info:

CompanyName: Ali
FileDescription: X-A@DaHaYa.CoM
FileVersion: 1.0.0.0
InternalName: LoVer hEx.exe
LegalCopyright: Copyright © user 2010
OriginalFilename: LoVer hEx.exe
ProductName: LoVer hEx
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0
Translation: 0x0000 0x04b0

MSIL:Agent-TA [Trj] also known as:

BkavW32.Common.2CC0AA38
LionicTrojan.Win32.Presenoker.4!c
SkyhighArtemis!Trojan
McAfeeArtemis!62369CE34FCA
SangforPUP.Win32.Presenoker.V61d
APEXMalicious
AvastMSIL:Agent-TA [Trj]
Antiy-AVLGrayWare/Win32.Presenoker
Kingsoftmalware.kb.c.831
XcitiumMalware@#3gtaohmclhl76
MicrosoftPUA:Win32/Presenoker
Cylanceunsafe
RisingPUA.Presenoker!8.F608 (CLOUD)
MaxSecureTrojan.Malware.74251538.susgen
AVGMSIL:Agent-TA [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_60% (D)

How to remove MSIL:Agent-TA [Trj]?

MSIL:Agent-TA [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment