Malware

What is “VHO:Downloader.MSIL.DownloadSponsor”?

Malware Removal

The VHO:Downloader.MSIL.DownloadSponsor is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Downloader.MSIL.DownloadSponsor virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Binary file triggered YARA rule
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine VHO:Downloader.MSIL.DownloadSponsor?



File Info:

name: 0A1C885E797B67577E70.mlw
path: /opt/CAPEv2/storage/binaries/e2aad87cb94a029717215450fb90cad4dd039fe783632f3f8f437267dc2ea622
crc32: 9FA4E435
md5: 0a1c885e797b67577e70a99902fcd4c9
sha1: ff00750a5fffc63e7687e001cab66289a11725ad
sha256: e2aad87cb94a029717215450fb90cad4dd039fe783632f3f8f437267dc2ea622
sha512: b99534af3ae05f916a6885881d1700ac9db12a9f4ab79d4b4329c23afe8ff68cb8dae3e89e1ebb7308f8641aae85d1255e2673e10c017aef1fa540263d5b4343
ssdeep: 24576:ftb20pkaCqT5TBWgNjVY70VIN6zPJ9TtmFVTCNhXfwywjzsVTCXXXfV1ozRJ9Tta:cVg5tjVY7Ut5QywE5Mtyw25Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16A959D2167E98354E2BE877659B056005BF6BC12C666F35E3EEC24FD3F32350865A223
sha3_384: 1bda60615e6b8315e55aa7ff915693b13365a5128eb3bb8111d45702a404815de99bf9e2bff7093f8a7cfe0e94d6c6b5
ep_bytes: e86ace0000e97ffeffffcccc57568b74
timestamp: 2019-01-24 14:23:00


Version Info:

FileVersion: 2.9.9.7
Comments: CHIP Secured Installer
FileDescription: CHIP Secured Installer
ProductVersion: 2.9.9.7
LegalCopyright: Copyright © 2019 Chip Digital GmbH
CompanyName: CHIP Digital GmbH
InternalName: CHIP Secured Installer
ProductName: CHIP Secured Installer
OriginalFilename: CHIP Secured Installer
Translation: 0x0407 0x04b0

VHO:Downloader.MSIL.DownloadSponsor also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
ClamAVWin.Dropper.Miner-7086571-0
CAT-QuickHealDownloader.AutoIT.Agent.A
SkyhighBehavesLike.Win32.DLSponsor.th
McAfeeDLSponsor!au3
MalwarebytesGeneric.Malware.AI.DDS
SangforVirus.Win32.Save.a
SymantecPUA.DownloadSponsor
tehtrisGeneric.Malware
ESET-NOD32Win32/DownloadSponsor.C potentially unwanted
APEXMalicious
CynetMalicious (score: 100)
Kasperskynot-a-virus:VHO:Downloader.MSIL.DownloadSponsor.gen
NANO-AntivirusTrojan.Win32.DownloadSponsor.fmodcn
EmsisoftApplication.AdLoad (A)
DrWebAdware.Covus.33
TrendMicroPUA.MSIL.DownloadSponsor.SMDR
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.0a1c885e797b6757
SophosGeneric ML PUA (PUA)
IkarusPUA.DownloadSponsor
JiangminDownloader.MSIL.odh
WebrootW32.Adware.Gen
GoogleDetected
Antiy-AVLGrayWare[AdWare]/Win32.DownloadSponsor.c
Kingsoftmalware.kb.a.974
MicrosoftProgram:Win32/Wacapew.C!ml
ZoneAlarmnot-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
VaristW32/DownloadSponsor.B.gen!Eldorado
Cylanceunsafe
TrendMicro-HouseCallPUA.MSIL.DownloadSponsor.SMDR
RisingAdware.DownloadSponsor!1.BE33 (CLASSIC)
YandexPUA.Downloader!yvZmm7Bk2vM
SentinelOneStatic AI – Suspicious PE
MaxSecureDownloader.Agent.efha
FortinetRiskware/DownloadSponsor
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (W)

How to remove VHO:Downloader.MSIL.DownloadSponsor?

VHO:Downloader.MSIL.DownloadSponsor removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment