MSIL/Agent.PHK [Threat Name] go to Threat

MSIL/Agent.PHK [Threat Variant Name]

Category trojan
Size 407552 B
Detection created Jun 17, 2014
Detection database version 9959
Aliases Luhe.MSIL.D (AVG)
  Trojan.MSIL.BitMiner.xl (Kaspersky)
Short description

MSIL/Agent.PHK is a trojan used for delivery of unsolicited advertisements.


When executed the trojan drops in folder %appdata%\Chrome the following file:

  • %variable%.exe (203264 B, MSIL/Agent.PHK)

A string with variable content is used instead of %variable% .

The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Chrome" = "%appdata%\­Chrome\­%variable%.exe"

This causes the trojan to be executed on every system start.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a URL address. The HTTP protocol is used.

It can show advertisements.

The trojan is able to update itself or execute an arbitrary file.

Trojan requires the .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.