Trojan

Trojan:MSIL/AgentTesla.AQD removal guide

Malware Removal

The Trojan:MSIL/AgentTesla.AQD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.AQD virus can do?

  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.AQD?



File Info:

name: EF45415959785C1714CB.mlw
path: /opt/CAPEv2/storage/binaries/cdc9f0de7a27065d879ae2e313083e9a0f637d2964fa9f616b26247e735be336
crc32: 5C89E24B
md5: ef45415959785c1714cb68d8929a6556
sha1: ec03f93356d25d4a218d4a564811e27e4b6d9d34
sha256: cdc9f0de7a27065d879ae2e313083e9a0f637d2964fa9f616b26247e735be336
sha512: a23af07fbff0862ad30a1ec6690cc474bff58139e53aa324310c414264cd5320091bfa8d996975f3d417c9f6643d53899ee7f29a696edb6f3efc12e006b1de2f
ssdeep: 12288:YSeQM/U057k21Roo/qq9dUfBGxwASgvdREOGBQoztrc5Tnu6:qr3oo/q8UJGegvdRvYKnu6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T180F4AEA470558A99FBAF93B121FCFFB022F330F3A5C8865686656184D7D8F850D806DE
sha3_384: 146753c111de87b7a64ee5cfeecc06ebca1f7e320652daf16ec97a2fd2a4c0e966912db3b6686ca4f3916be669530e6d
ep_bytes: ff250020400000000000000000000000
timestamp: 2100-08-04 14:06:53


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: FinalProject_2014356
FileVersion: 1.0.0.0
InternalName: HSrP.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks: 
OriginalFilename: HSrP.exe
ProductName: FinalProject_2014356
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.AQD also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.63579717
FireEyeGeneric.mg.ef45415959785c17
CAT-QuickHealTrojan.FormBook
ALYacTrojan.GenericKD.63579717
CylanceUnsafe
VIPRETrojan.GenericKD.63579717
SangforPhishing.Win32.Save.DotNet
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Kryptik.ali2000016
K7GWTrojan ( 00574c1b1 )
K7AntiVirusTrojan ( 00574c1b1 )
CyrenW32/MSIL_Agent.EHZ.gen!Eldorado
SymantecScr.Malcode!gdn30
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Kryptik.ZBF
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderTrojan.GenericKD.63579717
NANO-AntivirusTrojan.Win32.Bladabindi.jtiitw
AvastWin32:RATX-gen [Trj]
TencentMsil.Backdoor.Bladabindi.Mcnw
Ad-AwareTrojan.GenericKD.63579717
SophosMal/Generic-S + Troj/Krypt-SP
DrWebTrojan.Siggen19.6018
ZillyaTrojan.Kryptik.Win32.3953695
TrendMicroTROJ_GEN.R06CC0DKD22
McAfee-GW-EditionRDN/Generic BackDoor
EmsisoftTrojan.GenericKD.63579717 (B)
IkarusTrojan.MSIL.Inject
GDataTrojan.GenericKD.63579717
AviraHEUR/AGEN.1249295
MAXmalware (ai score=86)
Antiy-AVLTrojan/MSIL.Kryptik
ArcabitTrojan.Generic.D3CA2645
MicrosoftTrojan:MSIL/AgentTesla.AQD
GoogleDetected
AhnLab-V3Trojan/Win.RATX-gen.C5303810
McAfeeArtemis!EF4541595978
MalwarebytesBladabindi.Backdoor.Bot.DDS
TrendMicro-HouseCallTROJ_GEN.R06CC0DKD22
RisingBackdoor.Bladabindi!8.B1F (CLOUD)
YandexTrojan.Igent.bY3KRa.3
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.AGZO!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.356d25
PandaTrj/GdSda.A

How to remove Trojan:MSIL/AgentTesla.AQD?

Trojan:MSIL/AgentTesla.AQD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment