What is “Ransom:MSIL/Invader.MA!MTB”?

The Ransom:MSIL/Invader.MA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:MSIL/Invader.MA!MTB virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Ransom:MSIL/Invader.MA!MTB?


File Info:
name: D1B2DF3069830BD012E2.mlw
path: /opt/CAPEv2/storage/binaries/f8e70e6322e7267a664bacd61a273aa04fa4f54728c5d1fa72a06aab9b93a944
crc32: C3E8BA07
md5: d1b2df3069830bd012e2582fb1fa9a84
sha1: 8ca8df33ab67e7e6ab5e2493402ab12210d2585e
sha256: f8e70e6322e7267a664bacd61a273aa04fa4f54728c5d1fa72a06aab9b93a944
sha512: f4efa16e7623d2915d9a68fb7aa9207289ae925c529a20767d75aa2fae7e22cf88314fbe7bce42fddcdcde359f24fd772433188a2683d343da39ed02d211cae4
ssdeep: 6144:dD/PqIkmYatb4jOYIX9Tgjc1eL5z4WP3Yj:Wm/tiOYIG4w4mi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17B54BFBEB2D84E51C4480575C8A3C82812F7FE8E71B3E70D7D45234A5D623D29E97ACA
sha3_384: 344a256bf0e86f25f89cc096595eb88846da51cd00c0f90c3c3e2c9af009aa21a3d651f512155b7310ef66bf956b946f
ep_bytes: ff250020400000000000000000000000
timestamp: 2089-06-23 08:31:51

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: enemy.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: enemy.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ransom:MSIL/Invader.MA!MTB also known as:

Bkav	W32.Common.F6437A10
Lionic	Trojan.Win32.VisionN.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.68755086
FireEye	Trojan.GenericKD.68755086
CAT-QuickHeal	TrojanRansom.MSIL
ALYac	Trojan.Ransom.Filecoder
Cylance	unsafe
Zillya	Trojan.GenCBL.Win32.14406
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 0058f74c1 )
K7AntiVirus	Trojan ( 0058f74c1 )
Arcabit	Trojan.Generic.D4191E8E
VirIT	Trojan.Win32.GenusT.DPSW
Cyren	W32/ABRisk.GZZI-0200
Symantec	Trojan.Nvcertleak!g1
ESET-NOD32	a variant of MSIL/Filecoder.AZV
APEX	Malicious
Kaspersky	HEUR:Trojan-Ransom.MSIL.Encoder.gen
BitDefender	Trojan.GenericKD.68755086
Avast	Win32:RansomX-gen [Ransom]
Emsisoft	Trojan.GenericKD.68755086 (B)
DrWeb	Trojan.Encoder.37838
VIPRE	Trojan.GenericKD.68755086
TrendMicro	Ransom.MSIL.NIJINSAN.THHAFBC
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
Jiangmin	Trojan.MSIL.aopmt
Webroot	W32.Trojan.MSIL.Encoder
Antiy-AVL	Trojan/Win32.GenCBL
Microsoft	Ransom:MSIL/Invader.MA!MTB
ViRobot	Trojan.Win.Z.Agent.293944
ZoneAlarm	HEUR:Trojan-Ransom.MSIL.Encoder.gen
GData	Trojan.GenericKD.68755086
Google	Detected
AhnLab-V3	Ransomware/Win.NIJINSAN.C5472355
McAfee	Artemis!D1B2DF306983
MAX	malware (ai score=82)
Malwarebytes	Ransom.Filecoder.MSIL
Panda	Trj/RansomGen.A
TrendMicro-HouseCall	Ransom.MSIL.NIJINSAN.THHAFBC
Rising	Ransom.Encoder!8.FFD4 (CLOUD)
Ikarus	Trojan.Win32.Generic
Fortinet	MSIL/Filecoder.AZV!tr.ransom
AVG	Win32:RansomX-gen [Ransom]
Cybereason	malicious.3ab67e
DeepInstinct	MALICIOUS

How to remove Ransom:MSIL/Invader.MA!MTB?

Ransom:MSIL/Invader.MA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X