Trojan

About “Trojan:MSIL/AgentTesla.AMBO!MTB” infection

Malware Removal

The Trojan:MSIL/AgentTesla.AMBO!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.AMBO!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.AMBO!MTB?



File Info:

name: E3FF1E89D54C3469F11B.mlw
path: /opt/CAPEv2/storage/binaries/672ac1422873d7481b4d37c1c79b4818a96815cf271b0598ef01bdd9dabe3f74
crc32: 8C00DE27
md5: e3ff1e89d54c3469f11b3340c5d83f12
sha1: 1ce54890e5f1a9076c54464527d88cfbb8931b88
sha256: 672ac1422873d7481b4d37c1c79b4818a96815cf271b0598ef01bdd9dabe3f74
sha512: 5814c49ba4e912e71ba7d3d547eefe6cfe485899b8394fd45dad6616a743b55c3a75af9a3e499c936d4bf38b4b08440b7bc20b88ea020769a1b01b9207004c05
ssdeep: 6144:poKALTom4JkwXlGRL0Ybtyf0/47nlX2pMx48yJ15EVToyENhVUPE/f7/QMAezXEZ:pGoB1EL4fD7lX2pI44WNhVUPU/1AOzK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF94123072FE6B36E5B553F15826620443F5726F6231E62A2CC6B0DA9A92F414F11FB3
sha3_384: 4b0ee649547bfc1d444646946cc811f0e4ffb7d4e5fa7214ab1a707ee9bb837ba9ea9418e1f8b20cc4e2be2cbd3faab3
ep_bytes: ff25002040004145373759355a353735
timestamp: 2095-12-16 23:44:49


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Quanlisinhvien
FileVersion: 1.0.0.0
InternalName: nXw.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: nXw.exe
ProductName: Quanlisinhvien
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.AMBO!MTB also known as:

BkavW32.Common.E9FA97A4
LionicTrojan.Win32.Dacic.i!c
Elasticmalicious (high confidence)
DrWebTrojan.Inject4.59820
MicroWorld-eScanGeneric.Dacic.6FD2B071.A.16A2C26D
FireEyeGeneric.Dacic.6FD2B071.A.16A2C26D
SkyhighBehavesLike.Win32.Generic.gc
McAfeeArtemis!E3FF1E89D54C
Cylanceunsafe
ZillyaTrojan.Kryptik.Win32.4375081
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005ae46f1 )
AlibabaTrojanPSW:MSIL/AgentTesla.a12ab1a6
K7GWTrojan ( 005ae46f1 )
BitDefenderThetaGen:NN.ZemsilCO.36744.Am0@a8k635l
VirITTrojan.Win32.MSIL_Heur.A
SymantecScr.Malcode!gdn33
ESET-NOD32a variant of MSIL/Kryptik.AKFA
TrendMicro-HouseCallTROJ_GEN.R03BC0DKR23
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefenderGeneric.Dacic.6FD2B071.A.16A2C26D
NANO-AntivirusTrojan.Win32.Agensla.kedvab
AvastWin32:PWSX-gen [Trj]
TencentMalware.Win32.Gencirc.11b954e0
EmsisoftGeneric.Dacic.6FD2B071.A.16A2C26D (B)
F-SecureTrojan.TR/Dropper.MSIL.womwb
VIPREGeneric.Dacic.6FD2B071.A.16A2C26D
TrendMicroTROJ_GEN.R03BC0DKR23
Trapminemalicious.moderate.ml.score
SophosTroj/Krypt-ABH
IkarusTrojan.MSIL.Agent
GDataGeneric.Dacic.6FD2B071.A.16A2C26D
JiangminTrojan.PSW.MSIL.eruy
WebrootW32.Infostealer.Gen
GoogleDetected
AviraTR/Dropper.MSIL.womwb
MAXmalware (ai score=84)
KingsoftMSIL.Trojan-PSW.Agensla.gen
XcitiumMalware@#3tlb54yix8lv
ArcabitGeneric.Dacic.6FD2B071.A.16A2C26D
ViRobotTrojan.Win.Z.Kryptik.428544.A
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.gen
MicrosoftTrojan:MSIL/AgentTesla.AMBO!MTB
VaristW32/Agent.HTY.gen!Eldorado
AhnLab-V3Trojan/Win.PWSX-gen.C5546910
VBA32TScope.Trojan.MSIL
ALYacGeneric.Dacic.6FD2B071.A.16A2C26D
MalwarebytesTrojan.MalPack.PNG
PandaTrj/GdSda.A
APEXMalicious
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:fGfUoC9PF+O1CU8j6OvpXw)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.74499699.susgen
FortinetMSIL/Kryptik.AKEC!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/AgentTesla.AMBO!MTB?

Trojan:MSIL/AgentTesla.AMBO!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment