HackTool:MSIL/SmbAgent!atmn malicious file

The HackTool:MSIL/SmbAgent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:MSIL/SmbAgent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine HackTool:MSIL/SmbAgent!atmn?


File Info:
name: E91282E3083B450DFA2C.mlw
path: /opt/CAPEv2/storage/binaries/e8f97c534042f3719b5d5439e4d3da70aaef1e9fb6db47f67538febe4955d943
crc32: 309FD894
md5: e91282e3083b450dfa2c986358fc2f7e
sha1: 3a33da9cfa57a8bb067b8992d69058ce610e4538
sha256: e8f97c534042f3719b5d5439e4d3da70aaef1e9fb6db47f67538febe4955d943
sha512: e9fa939c37726129d93a18fc59f5e2eb8f33943eb1988291da33138c63731b3200e262101568df84e2e548a7c34d8eaaab5ea8bac5038b91a38a65477c4d4678
ssdeep: 96:oH+lj9YDhx/cHyTqc8AUbCC+Arz88hK/jOBOJobGBw9Y58K:oHQYb/ZuF2A88hWhDBke
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T16ED1C74ABBD40E53E83A07746D73A32A5774F9429E939BAF092012342E51B901F62BF4
sha3_384: 56e6cf926bd1f78f93d7a591a51838bca2eed9bf1fa76ebff7dbac7ae6a8772de4a8a618f6c891d6e6695460f6a6a28f
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-11-17 03:30:29

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: ebetq36t.dll
LegalCopyright:  
OriginalFilename: ebetq36t.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

HackTool:MSIL/SmbAgent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.Siggen7.34567
MicroWorld-eScan	Generic.Malware.WX.7FF12FEF
CAT-QuickHeal	Trojan.GenericFC.S2479216
Skyhigh	BehavesLike.Win32.Agent.xt
McAfee	Agent-SMB.b!E91282E3083B
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005962b21 )
K7GW	Trojan ( 005962b21 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Generic.Malware.WX.7FF12FEF
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/HackTool.Agent.BW potentially unsafe
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Malware.Smbagent-9769162-0
Kaspersky	HEUR:HackTool.MSIL.SMBScan.gen
BitDefender	Generic.Malware.WX.7FF12FEF
NANO-Antivirus	Trojan.Win32.Ric.ezglxv
Avast	Win32:HacktoolX-gen [Trj]
Tencent	HackTool.MSIL.SmbScan.ha
Emsisoft	Generic.Malware.WX.7FF12FEF (B)
VIPRE	Generic.Malware.WX.7FF12FEF
Sophos	Generic Reputation PUA (PUA)
Ikarus	HackTool.MSIL.SMBScan
Varist	W32/Hacktool.J.gen!Eldorado
Antiy-AVL	HackTool/Win32.Agent.a
Kingsoft	malware.kb.c.994
Xcitium	TrojWare.MSIL.HackTool.Agent.ASD@8sg90t
Microsoft	HackTool:MSIL/SmbAgent!atmn
ZoneAlarm	HEUR:HackTool.MSIL.SMBScan.gen
GData	MSIL.Riskware.SMBScanner.A
Google	Detected
AhnLab-V3	Unwanted/Win32.HackTool.R261573
Malwarebytes	Trojan.Crypt
Panda	Trj/GdSda.A
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/HackTool
AVG	Win32:HacktoolX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove HackTool:MSIL/SmbAgent!atmn?

HackTool:MSIL/SmbAgent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X