Trojan

What is “Trojan-PSW.MSIL.Agensla.vnb”?

Malware Removal

The Trojan-PSW.MSIL.Agensla.vnb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.MSIL.Agensla.vnb virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the AgentTeslaV3 malware family

How to determine Trojan-PSW.MSIL.Agensla.vnb?



File Info:

name: 516158D28A482D9BAA7E.mlw
path: /opt/CAPEv2/storage/binaries/569c173e2cd8e827e91ed856dbd5bceb0be774e4746126548fd3bebfa8f442f6
crc32: F9A3723F
md5: 516158d28a482d9baa7e659cb284e174
sha1: 947506f6f3e24f27cf48194bdb1d9e4f4bf55fbe
sha256: 569c173e2cd8e827e91ed856dbd5bceb0be774e4746126548fd3bebfa8f442f6
sha512: d99002fe1c6a3bb9b6e4484b4243ade529fb7f786b99f0625c96de56347cb590fd3a1b49a88e2c7ca8c2152eaa7cd78ae24e062b1e4a3a49d207b7f143ac3fa8
ssdeep: 24576:6wGy9wjIEIDmFlpFFyEj1WELJxQEnyW6PaYTWJiBzh/n0+LJ+M:64gIEIDmpFFHXQEy/iYzBdf0f
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1C035234267E80176E0FE97B0A9F302035B727DE0573A97CF2B46909D0E63791BA35392
sha3_384: 72716f50ce0ffbc35c96a1af7d140db6b84e7669c1d317ed2ff4597f9bb2bcad9be86919cd2c2766e273be3ebb6fe4bb
ep_bytes: 4883ec28e84b0700004883c428e90600
timestamp: 2016-07-16 02:26:56


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.14393.0 (rs1_release.160715-1616)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.14393.0
Translation: 0x0409 0x04b0

Trojan-PSW.MSIL.Agensla.vnb also known as:

LionicTrojan.MSIL.Agensla.i!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.411
MicroWorld-eScanTrojan.GenericKD.47587325
FireEyeGeneric.mg.516158d28a482d9b
CAT-QuickHealTrojanPWS.Stealer
ALYacTrojan.GenericKD.47587325
CylanceUnsafe
K7AntiVirusTrojan ( 0058afa01 )
AlibabaTrojanPSW:Win32/Injector.c7c4ab56
K7GWTrojan ( 0058afa01 )
Cybereasonmalicious.6f3e24
CyrenW32/Injector.AQQ.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.EQSH
TrendMicro-HouseCallTrojanSpy.Win32.AGENSLA.USMANL721
Paloaltogeneric.ml
KasperskyTrojan-PSW.MSIL.Agensla.vnb
BitDefenderTrojan.GenericKD.47587325
AvastWin32:InjectorX-gen [Trj]
TencentMsil.Trojan-qqpass.Qqrob.Stkb
Ad-AwareTrojan.GenericKD.47587325
EmsisoftTrojan.GenericKD.47587325 (B)
TrendMicroTrojanSpy.Win32.AGENSLA.USMANL721
McAfee-GW-EditionBehavesLike.Win64.Dropper.tc
SophosMal/Generic-S
GDataMSIL.Trojan-Stealer.AgentTesla.GWNAYF
AviraHEUR/AGEN.1141486
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftTrojan:Win32/Injector.RPD!MTB
CynetMalicious (score: 99)
McAfeeArtemis!516158D28A48
MAXmalware (ai score=89)
MalwarebytesMalware.AI.4076396028
APEXMalicious
YandexTrojan.Igent.bW1DnK.12
FortinetW32/Kryptik.AQQ!tr
AVGWin32:InjectorX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan-PSW.MSIL.Agensla.vnb?

Trojan-PSW.MSIL.Agensla.vnb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment