TrojanDownloader:MSIL/Nanocrypt!MTB information

The TrojanDownloader:MSIL/Nanocrypt!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader:MSIL/Nanocrypt!MTB virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine TrojanDownloader:MSIL/Nanocrypt!MTB?


File Info:
name: 056D028FE83B55494921.mlw
path: /opt/CAPEv2/storage/binaries/d3e25cf3028b6f686b12af17a6b99e387528a4110fe7b41f48c44f560d98586c
crc32: 858B81D5
md5: 056d028fe83b554949216135ff9a1100
sha1: 493f8640960f04c303f58d8e0ffd45d1e1715aea
sha256: d3e25cf3028b6f686b12af17a6b99e387528a4110fe7b41f48c44f560d98586c
sha512: 0639ab26cc281234377fe663e7d028c11101359c29f30d7fd471f7dc5cb9e77008ab3212da4bc72b71053fc526e478a6c7a394a5ce48bbfcb31cb84de366100b
ssdeep: 768:tKDNuzkMbRl09r1cJITSMHkefxsbWqlybFb+t1F/xhL2GLU:tIYotjEeZsb3QbFb+PFrXU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE33080137A74712C64C55B681E3053913F6E3872A73D78A3D98968E0F537DA9E8AF88
sha3_384: adb22ca8769be036b04ab196af690bef397bacfd16b4ebdecb6b80a406c0a21fd101ce15b54d60ae78ee0a42c21b212e
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-11-18 22:01:32

Version Info:
Translation: 0x0000 0x04b0
FileDescription: testt
FileVersion: 1.0.0.0
InternalName: test.exe
LegalCopyright: Copyright ©  2020
OriginalFilename: test.exe
ProductName: aatest
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

TrojanDownloader:MSIL/Nanocrypt!MTB also known as:

Lionic	Trojan.Win32.Malicious.4!c
MicroWorld-eScan	Gen:Variant.Razy.836816
FireEye	Generic.mg.056d028fe83b5549
McAfee	Artemis!056D028FE83B
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.MSIL.Nanocrypt.MTB
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanDownloader:MSIL/Nanocrypt.518878d9
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.fe83b5
Cyren	W32/MSIL_Kryptik.DEB.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.MSIL.Bladabindi.gen
BitDefender	Gen:Variant.Razy.836816
Avast	Win32:Malware-gen
Ad-Aware	Gen:Variant.Razy.836816
Sophos	ML/PE-A
BitDefenderTheta	Gen:NN.ZemsilF.34212.dm0@aeGFACk
Zillya	Backdoor.Bladabindi.Win32.22313
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Razy.836816 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Razy.836816
Avira	HEUR/AGEN.1235844
MAX	malware (ai score=86)
ZoneAlarm	HEUR:Backdoor.MSIL.Bladabindi.gen
Microsoft	TrojanDownloader:MSIL/Nanocrypt!MTB
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Razy.836816
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:6i4RPBS57FCUFikMJU4O8Q)
Ikarus	Trojan-Downloader.MSIL.Nanocrypt
MaxSecure	Trojan.Malware.73686729.susgen
Fortinet	W32/Bladabindi!tr.bdr
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

How to remove TrojanDownloader:MSIL/Nanocrypt!MTB?

TrojanDownloader:MSIL/Nanocrypt!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X