Trojan

TrojanDropper:Win32/Salgorea.AI!MTB removal tips

Malware Removal

The TrojanDropper:Win32/Salgorea.AI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:Win32/Salgorea.AI!MTB virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDropper:Win32/Salgorea.AI!MTB?



File Info:

name: 5DAE11325D2102F70991.mlw
path: /opt/CAPEv2/storage/binaries/3eb2c19bc830a446cd0ac1cc69e5c121b16bed97574cd1b8b5a2d85cdf543054
crc32: 7A2F8401
md5: 5dae11325d2102f709910dc8a12e9706
sha1: e6968460153fbe224f5eb67c1695b53cc6dd886a
sha256: 3eb2c19bc830a446cd0ac1cc69e5c121b16bed97574cd1b8b5a2d85cdf543054
sha512: 18b75a9c898f3a1485236f51cea152f662c75921d26d9a7bdcca0274da472ff515e7ad664f82859f9909d906ba377b85dfeee49e42c59a78a7b0779c2a0566f5
ssdeep: 12288:aO4rfItL8HRtlPnYAO3f/YN/5YKkmEBAe9F7K9wlsDpVFd:aO4rQtGRtBnYAO3fi/5YKkmEBZF+9wlM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C6A4F12A7682C133D19302745BA7DBA6B63E75B54366A4C337D4023E2F606E1D37A387
sha3_384: 2341605ae5ee1bc1f54800225f01f32c1b47986ccc94d1676b141ead4a4fc7a77676473ad7d9d69aff7c4b9f460e424b
ep_bytes: e8585f0000e989feffff8bff558bec5d
timestamp: 2009-06-11 07:26:20


Version Info:

0: [No Data]

TrojanDropper:Win32/Salgorea.AI!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Generic.Dacic.304514EE.A.BD62936A
CAT-QuickHealTrojan.Cuegoe.18812
SkyhighBehavesLike.Win32.Generic.gc
McAfeeGenericRXGZ-QS!5DAE11325D21
MalwarebytesWapomi.Virus.FileInfector.DDS
ZillyaDropper.Agent.Win32.275184
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0043c2cb1 )
K7GWTrojan ( 0043c2cb1 )
Cybereasonmalicious.0153fb
ArcabitGeneric.Dacic.304514EE.A.BD62936A
BaiduWin32.Trojan-Dropper.Agent.ab
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDropper.Agent.QGO
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Packed.Lazy-10001745-0
KasperskyVHO:Backdoor.Win32.Convagent.gen
BitDefenderDropped:Generic.Dacic.304514EE.A.BD62936A
NANO-AntivirusTrojan.Win32.Agent.cwcxjt
AvastWin32:Agent-ARGM [Rtk]
TencentTrojan-Dropper.Win32.Agent.kv
EmsisoftDropped:Generic.Dacic.304514EE.A.BD62936A (B)
F-SecureHeuristic.HEUR/AGEN.1314560
DrWebTrojan.Siggen5.49748
VIPREDropped:Generic.Dacic.304514EE.A.BD62936A
SophosTroj/Agent-BBUW
IkarusTrojan-Dropper.Agent
JiangminTrojan.Generic.bgfzf
WebrootW32.Trojan.Gen
VaristW32/Agent.FSL.gen!Eldorado
AviraHEUR/AGEN.1314560
Antiy-AVLTrojan/Win32.Unknown
Kingsoftmalware.kb.a.1000
XcitiumApplication.Win32.Amonetize.NE@5te978
MicrosoftTrojanDropper:Win32/Salgorea.AI!MTB
ViRobotTrojan.Win32.Agent.438272.BJ
ZoneAlarmVHO:Backdoor.Win32.Convagent.gen
GDataWin32.Trojan.PSE.17PLPXL
GoogleDetected
AhnLab-V3Dropper/Win.QS.C5537163
Acronissuspicious
VBA32BScope.Backdoor.Salgorea
MAXmalware (ai score=88)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.[OceanLotus]Salgorea!1.C3DC (CLASSIC)
YandexTrojan.Agent!w2CSwcbAJzw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Upatre.0285!tr
BitDefenderThetaGen:NN.ZexaF.36680.D0Y@ayIqr1li
AVGWin32:Agent-ARGM [Rtk]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove TrojanDropper:Win32/Salgorea.AI!MTB?

TrojanDropper:Win32/Salgorea.AI!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment