Categories: Trojan

About “Trojan.Agent.VSH” infection

The Trojan.Agent.VSH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Agent.VSH virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
A process created a hidden window
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Created a process from a suspicious location
Spoofs its process name and/or associated pathname to appear as a legitimate process
Detects Bochs through the presence of a registry key

How to determine Trojan.Agent.VSH?


File Info:
name: 63EAE056F8B59540858B.mlwpath: /opt/CAPEv2/storage/binaries/f220ae80c842fe14e273aacff0e7918d55eabeee832871c48ddcfd7314bc0dadcrc32: E9B39374md5: 63eae056f8b59540858bb2153e2e7c68sha1: 17b5e3d1e5154ede09e62ccf4bb5f1861d57e845sha256: f220ae80c842fe14e273aacff0e7918d55eabeee832871c48ddcfd7314bc0dadsha512: 9dad6efbb6d1f54f11ebda194fc52b82684a831aa714a604b7aa6034e05d356553d0b604a6d3c6709c8e1ffbdd94748622ce467de0b788d66e6329968e0cad30ssdeep: 12288:2hEGlbRvADcfKGYaRK4vkyhMtOQccm3AMWZtXsp8se8caCM7CsFbNBwgHv/XluH6:2hE6LetV2COpHluEnGgc2xVOwtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D2859DA6D2D8C249C541707C5E26B80E63F977FA91C6F482DE378A073D15BE8D82D0E6sha3_384: 72534583014e8997ccdd4fb4c51873a08506cd707b97939dc745e275196604a4c920e9c4b4db5e313f1f15c0e75c3f91ep_bytes: ff250020400000000000000000000000timestamp: 2015-03-23 08:18:21
Version Info:
FileDescription: Lights StandaloneTranslation: 0x0000 0x04b0

Trojan.Agent.VSH also known as:

Lionic	Trojan.Win32.Heye.i!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen1.29435
MicroWorld-eScan	IL:Trojan.MSILZilla.7441
FireEye	Generic.mg.63eae056f8b59540
McAfee	Artemis!63EAE056F8B5
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
K7GW	Trojan ( 00587d311 )
K7AntiVirus	Trojan ( 00587d311 )
BitDefenderTheta	Gen:NN.ZemsilF.34182.Vn1@a8yZ9rd
Symantec	W32.Golroted
ESET-NOD32	a variant of MSIL/Injector.IRY
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	IL:Trojan.MSILZilla.7441
NANO-Antivirus	Trojan.Win32.Heye.dptrpt
Avast	MSIL:GenMalicious-ESW [Trj]
Ad-Aware	IL:Trojan.MSILZilla.7441
Emsisoft	IL:Trojan.MSILZilla.7441 (B)
F-Secure	Heuristic.HEUR/AGEN.1124747
McAfee-GW-Edition	Artemis!Trojan
Sophos	ML/PE-A + Mal/Generic-L
Ikarus	Trojan.MSIL.Injector
GData	IL:Trojan.MSILZilla.7441
Webroot	Trojan.Dropper.Gen
Avira	HEUR/AGEN.1124747
Antiy-AVL	Trojan[PSW]/Win32.Heye
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	VirTool:MSIL/Obfuscator.AX
AhnLab-V3	Trojan/Win32.ZBot.R139159
ALYac	IL:Trojan.MSILZilla.7441
MAX	malware (ai score=80)
Malwarebytes	Trojan.Agent.VSH
APEX	Malicious
Tencent	Win32.Trojan-qqpass.Qqrob.Wqdm
Yandex	Trojan.PWS.Heye!FC7orZhdhCc
SentinelOne	Static AI – Suspicious PE
Fortinet	MSIL/Injector.IYP!tr
AVG	MSIL:GenMalicious-ESW [Trj]
Cybereason	malicious.6f8b59
Panda	Trj/CI.A