Trojan

Trojan:MSIL/AgentTesla.LQB!MTB information

Malware Removal

The Trojan:MSIL/AgentTesla.LQB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.LQB!MTB virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Trojan:MSIL/AgentTesla.LQB!MTB?



File Info:

name: 3E5FE13FF0EBE99CF41D.mlw
path: /opt/CAPEv2/storage/binaries/bd858526289fe6d13799504bbb585e866f25ad6fec1dbd236f6091b329f3c14c
crc32: 4D3F917B
md5: 3e5fe13ff0ebe99cf41d080a3fa25fee
sha1: 1c757382df6e93529ea57c91a77767e1aeaf36cd
sha256: bd858526289fe6d13799504bbb585e866f25ad6fec1dbd236f6091b329f3c14c
sha512: 70703098d180eb0584409ecd8d4500189798cb2e0419d0bcd4e6dde40765f1e62c26162bea2c79037c8f19e1a6917c217e9a38cc94f93f3fa7a96095930405bd
ssdeep: 6144:VU+po0TG9Xw08yi/vwh0/l0OmxvRO6BpyEXpdIgdUFK75vbOMUzKhloQt:VoVg3vwh0/l0O4U6fdUz2hloC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19EB4722C3A159672FD0DD2B17DC50A44BB660B132248B99AA7CF35C6F74F8AE9C44CD8
sha3_384: 704f3b6ced7e9be2cb8fdd71a1442ccfa65c976ac5a0194f2390b63a167958c2aedc00059b7e17b9440945d98e8cc8d2
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-25 13:00:53


Version Info:

CompanyName: Telegram FZ-LLC
FileDescription: Telegram Desktop
FileVersion: 3.2.5.0
LegalCopyright: Copyright (C) 2014-2021
ProductName: Telegram Desktop
ProductVersion: 3.2.5.0
Translation: 0x0409 0x04b0

Trojan:MSIL/AgentTesla.LQB!MTB also known as:

Elasticmalicious (high confidence)
ALYacGen:Variant.Cerbu.112441
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderGen:Variant.Cerbu.112441
CyrenW32/Azorult.D.gen!Eldorado
ESET-NOD32a variant of MSIL/Kryptik.ACKH
APEXMalicious
KasperskyHEUR:Trojan-Spy.MSIL.Stealer.gen
MicroWorld-eScanGen:Variant.Cerbu.112441
Ad-AwareGen:Variant.Cerbu.112441
EmsisoftGen:Variant.Cerbu.112441 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
FireEyeGeneric.mg.3e5fe13ff0ebe99c
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Cerbu.112441
ArcabitTrojan.Cerbu.D1B739
MicrosoftTrojan:MSIL/AgentTesla.LQB!MTB
AhnLab-V3Trojan/Win.Agent.C4789858
McAfeeGenericRXQK-ZC!3E5FE13FF0EB
MAXmalware (ai score=87)
PandaTrj/GdSda.A
IkarusTrojan.MSIL.Injector
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Injector.VRI!tr
BitDefenderThetaGen:NN.ZemsilF.34294.Em0@aCL@vWdG
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.2df6e9
AvastWin32:PWSX-gen [Trj]

How to remove Trojan:MSIL/AgentTesla.LQB!MTB?

Trojan:MSIL/AgentTesla.LQB!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment