Trojan:MSIL/AgentTesla.EXR!MTB malicious file

The Trojan:MSIL/AgentTesla.EXR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.EXR!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Trojan:MSIL/AgentTesla.EXR!MTB?


File Info:
name: F6DF51F6176AF38265FD.mlw
path: /opt/CAPEv2/storage/binaries/07a669badf12ee362884eca88c04ff18b102b9cf7b59653807fc451ad4e7b8fe
crc32: 0CFBAE5E
md5: f6df51f6176af38265fd8933b3f473a7
sha1: 2c7549beab772727065d025417e42ad6840294b9
sha256: 07a669badf12ee362884eca88c04ff18b102b9cf7b59653807fc451ad4e7b8fe
sha512: 70a3bcc97da3a3870cd10f484ccff365b1d58c582b8a1f49324fb4b3cc435e35ead5654c4a86de994c17dc4cc4ec85c7bc79ffa8e7f92197a0fddce35c5c796d
ssdeep: 1536:CdGbRAUboYeyp8pPKjGfcgWzOob/bR9eysNr:CdUVteyRjGfcg4Oob/bR9eysNr
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T184436E8C766476DFC86BC076DAA81C78AB60347B431F9247902351ADEA1DAA7CF150F3
sha3_384: 04c8dc6bf097da25e245214ccf8834086e0d66604fd01d0bde61206b535f8705d3cb9148ff1e2aa0d0ed232abd305094
ep_bytes: ff250020001000000000000000000000
timestamp: 2022-07-14 13:34:58

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: Egra.dll
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Egra.dll
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.EXR!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
AVG	Win32:InjectorX-gen [Trj]
DrWeb	Trojan.PackedNET.1449
MicroWorld-eScan	Trojan.GenericKD.50654385
FireEye	Trojan.GenericKD.50654385
Skyhigh	RDN/Generic.dx
McAfee	RDN/Generic.dx
Malwarebytes	Malware.AI.3867186496
VIPRE	Trojan.GenericKD.50654385
Sangfor	Trojan.Msil.Injector.Val6
K7AntiVirus	Trojan ( 00595bee1 )
Alibaba	Trojan:MSIL/AgentTesla.9112f89e
K7GW	Trojan ( 00595bee1 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	Trojan.Gen.2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Injector.WAV
APEX	Malicious
Avast	Win32:InjectorX-gen [Trj]
BitDefender	Trojan.GenericKD.50654385
Emsisoft	Trojan.GenericKD.50654385 (B)
F-Secure	Trojan.TR/Injector.sugpk
Zillya	Trojan.Injector.Win32.1559845
TrendMicro	TROJ_GEN.R002C0DAA24
Sophos	Mal/Generic-S
Avira	TR/Injector.sugpk
MAX	malware (ai score=80)
Antiy-AVL	Trojan/MSIL.Formbook
Microsoft	Trojan:MSIL/AgentTesla.EXR!MTB
Arcabit	Trojan.Generic.D304ECB1
GData	Trojan.GenericKD.50654385
Google	Detected
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.50654385
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DAA24
Tencent	Win32.Trojan.Inject.Rzfl
Yandex	Trojan.Injector!tqOUlqodJms
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.185836582.susgen
Fortinet	MSIL/WAV!tr
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/AgentTesla.EXR!MTB?

Trojan:MSIL/AgentTesla.EXR!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X