Trojan

What is “Trojan:MSIL/AgentTesla.DMA!MTB”?

Malware Removal

The Trojan:MSIL/AgentTesla.DMA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.DMA!MTB virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.DMA!MTB?



File Info:

name: BCD578E3E72E5032A19C.mlw
path: /opt/CAPEv2/storage/binaries/1355cec23e597ec14de3450c359f5f8ace322482edb1a1098c0fa7b407292187
crc32: 7F771973
md5: bcd578e3e72e5032a19c2c427f3cebfd
sha1: deb81494429ccc53b954f9d667480c4844b950df
sha256: 1355cec23e597ec14de3450c359f5f8ace322482edb1a1098c0fa7b407292187
sha512: a66705c5462b7e39f6b160d3a6b058c2edd3da2b93d9cbb5c8b4d79b6540b9fbba82ff9bc54691a419f2829126450eb5f9fbcb960e71c6d34520f3f899905b1f
ssdeep: 12288:/lwUUqxz6JukFx4zZfHY34lHA0e8PJZsMw8mQqVKxuQhzkMEbtD00:twYCukFxQHc4hzjJPw8MVKxuQhEC0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A2E4018433ECAB53E53997F44AB2A07103723D2E5631D68E2EC274DF2A71F0416A4E67
sha3_384: 67ec02473d18cfedd7e82184239dc76099b9bea341a7aab3dee55777104aca4f35fb3ddbcdd7d6bd7cec1cdb529e9edb
ep_bytes: ff250020400000000000000000000000
timestamp: 2052-09-03 19:11:47


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Hewlett-Packard
FileDescription: DBMS_App
FileVersion: 1.0.0.0
InternalName: BINDP.exe
LegalCopyright: Copyright © Hewlett-Packard 2020
LegalTrademarks: 
OriginalFilename: BINDP.exe
ProductName: DBMS_App
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.DMA!MTB also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeTrojan.GenericKD.38053843
ALYacTrojan.GenericKD.38053843
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3618044
SangforInfostealer.MSIL.Stealer.gen
K7AntiVirusTrojan ( 0058a8b11 )
AlibabaTrojanPSW:MSIL/AgentTesla.364e0905
K7GWTrojan ( 0058a8b11 )
CyrenW32/MSIL_Agent.CKD.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of MSIL/Kryptik.ADMD
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-PSW.MSIL.Stealer.gen
BitDefenderTrojan.GenericKD.38053843
MicroWorld-eScanTrojan.GenericKD.38053843
AvastWin32:PWSX-gen [Trj]
Ad-AwareTrojan.GenericKD.38053843
EmsisoftTrojan.GenericKD.38053843 (B)
ComodoTrojWare.Win32.UMal.rhfno@0
DrWebTrojan.Siggen15.44258
TrendMicroTrojan.MSIL.SABSIK.USMANKI21
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosMal/Generic-R + Troj/Krypt-ET
IkarusTrojan.MSIL.Agent
GDataTrojan.GenericKD.38053843
JiangminTrojan.PSW.MSIL.cwdk
WebrootW32.Trojan.Dropper
AviraHEUR/AGEN.1145153
GridinsoftTrojan.Win32.Downloader.sa
ViRobotTrojan.Win32.Z.Sabsik.709120.D
MicrosoftTrojan:MSIL/AgentTesla.DMA!MTB
AhnLab-V3Trojan/Win.PWSX-gen.C4775412
McAfeeAgentTesla-FDEJ!BCD578E3E72E
MAXmalware (ai score=89)
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Crypt.MSIL
TrendMicro-HouseCallTrojan.MSIL.SABSIK.USMANKI21
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/GenKryptik.FNQM!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan:MSIL/AgentTesla.DMA!MTB?

Trojan:MSIL/AgentTesla.DMA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment