What is “HackTool:MSIL/SmbAgent!atmn”?

The HackTool:MSIL/SmbAgent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:MSIL/SmbAgent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine HackTool:MSIL/SmbAgent!atmn?


File Info:
name: 17F8F41EF3B430CAADF1.mlw
path: /opt/CAPEv2/storage/binaries/076f572be90fc373426868f3bd11dfc89d28798c21a424db7c6edcca2dde39ce
crc32: 55206C65
md5: 17f8f41ef3b430caadf16026caa09155
sha1: 15e7462f546be170e438151057d21f3a48abd3f8
sha256: 076f572be90fc373426868f3bd11dfc89d28798c21a424db7c6edcca2dde39ce
sha512: dff7df7414319060aaec9fc9ad6dd6467e6dedfacbce165ddb0ce6b8a6f75ae9228c0825d8debeb7862dbe7bd4122d6d1203a217a439dbb6120c839029292877
ssdeep: 96:ZH+lj9YDhx/cHyTqc8AUbCC+Arz88stOOBOJob5w9YkFK:ZHQYb/ZuF2A88sqCka
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T150D1D58ABBD40E57E83A07746D73932A5B74F9429EA35B9F082012302E51B901F71BF0
sha3_384: 4991bfc529c8275198d5242690083a736155b81835c3408e85fe72329ad5a42eecfac40c3496a3a7983fbb6a938a5e24
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-02-21 14:11:42

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: l2rcjcs0.dll
LegalCopyright:  
OriginalFilename: l2rcjcs0.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

HackTool:MSIL/SmbAgent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Malware.WX.AB15848E
ClamAV	Win.Malware.Smbagent-9769162-0
CAT-QuickHeal	Trojan.GenericFC.S2479216
Skyhigh	BehavesLike.Win32.Agent.xt
McAfee	Agent-SMB.b!17F8F41EF3B4
Malwarebytes	Trojan.Crypt
VIPRE	Generic.Malware.WX.AB15848E
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/grayware_confidence_100% (W)
K7GW	Trojan ( 005962b21 )
K7AntiVirus	Trojan ( 005962b21 )
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/HackTool.Agent.BW potentially unsafe
APEX	Malicious
Kaspersky	HEUR:HackTool.MSIL.SMBScan.gen
BitDefender	Generic.Malware.WX.AB15848E
NANO-Antivirus	Trojan.Win32.Ric.ezglxv
Avast	Win32:HacktoolX-gen [Trj]
Tencent	HackTool.MSIL.SmbScan.ha
Emsisoft	Generic.Malware.WX.AB15848E (B)
DrWeb	Trojan.Siggen7.34567
FireEye	Generic.mg.17f8f41ef3b430ca
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	MSIL.Riskware.SMBScanner.A
Google	Detected
MAX	malware (ai score=89)
Antiy-AVL	HackTool/Win32.Agent.a
Kingsoft	malware.kb.c.997
Xcitium	TrojWare.MSIL.HackTool.Agent.ASD@8sg90t
Arcabit	Generic.Malware.WX.ABD3DE8E
ZoneAlarm	HEUR:HackTool.MSIL.SMBScan.gen
Microsoft	HackTool:MSIL/SmbAgent!atmn
Varist	W32/Hacktool.J.gen!Eldorado
AhnLab-V3	Unwanted/Win32.HackTool.R261573
ALYac	Generic.Malware.WX.AB15848E
Panda	Trj/GdSda.A
Ikarus	HackTool.MSIL.SMBScan
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/HackTool
AVG	Win32:HacktoolX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove HackTool:MSIL/SmbAgent!atmn?

HackTool:MSIL/SmbAgent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X