Trojan

Trojan:MSIL/AgentTesla.MAAR!MTB (file analysis)

Malware Removal

The Trojan:MSIL/AgentTesla.MAAR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.MAAR!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.MAAR!MTB?



File Info:

name: 65E7146025323736E63A.mlw
path: /opt/CAPEv2/storage/binaries/39b849f9f03f5eceb4f0ec1bb9ddfaa13c7fd1369871676ee9a60cc45a7997a4
crc32: 1583D167
md5: 65e7146025323736e63adfc2f1f85d7a
sha1: d8e56544ceba0a7bc3aa12d0f878d949a42bf275
sha256: 39b849f9f03f5eceb4f0ec1bb9ddfaa13c7fd1369871676ee9a60cc45a7997a4
sha512: 5f56e550e0742272a53cf0266be547f2d943c89ac6e1eb750a2f519580f1e9d4322e8e6e4495938e3ad6872b8888636a6f39b643bb053b706bcb42db360255a9
ssdeep: 24576:STOyqGUL8HSdx2zSUvaZFH9y/ikc+t5a8i:STNqGo8HSqSIaDHOni
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A605E058337B5F65D4396BFA4980563087F8AA1A383FD28A5ED2B4DA9D50F210F80F53
sha3_384: cf4b343c9998907119a1b3f186bc520b8e7e418ccc4f0d1b16b9df91dbe917d24194e39ebace8ebcecac2b4bd3820356
ep_bytes: ff250020400000000000000000000000
timestamp: 2049-05-05 05:22:40


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: QLXEMAY
FileVersion: 1.0.0.0
InternalName: lQBdVzb.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: lQBdVzb.exe
ProductName: QLXEMAY
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.MAAR!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Taskun.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PackedNET.2085
MicroWorld-eScanTrojan.GenericKD.67425325
ALYacTrojan.GenericKD.67425325
MalwarebytesTrojan.MalPack.PNG.Generic
VIPRETrojan.GenericKD.67425325
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005a6bc21 )
AlibabaTrojan:MSIL/Taskun.c52732b0
K7GWTrojan ( 005a6bc21 )
CyrenW32/MSIL_Agent.FNM.gen!Eldorado
SymantecScr.Malcode!gdn34
ESET-NOD32a variant of MSIL/GenKryptik.GKMO
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.MSIL.Taskun.gen
BitDefenderTrojan.GenericKD.67425325
AvastWin32:PWSX-gen [Trj]
TencentMalware.Win32.Gencirc.13cd3bcb
EmsisoftTrojan.GenericKD.67425325 (B)
F-SecureTrojan.TR/AD.Swotter.irpmw
TrendMicroTROJ_GEN.R002C0DFA23
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminesuspicious.low.ml.score
FireEyeTrojan.GenericKD.67425325
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
AviraTR/AD.Swotter.irpmw
MAXmalware (ai score=85)
Antiy-AVLTrojan/MSIL.Taskun
MicrosoftTrojan:MSIL/AgentTesla.MAAR!MTB
ArcabitTrojan.Generic.D404D42D
ZoneAlarmHEUR:Trojan.MSIL.Taskun.gen
GDataTrojan.GenericKD.67425325
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5438687
McAfeeArtemis!65E714602532
Cylanceunsafe
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002C0DFA23
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:gPcvQOUb8jGCWW8ULWEoBg)
IkarusTrojan.MSIL.Inject
MaxSecureTrojan.Malware.74644571.susgen
FortinetMSIL/GenericKD.66824822!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/AgentTesla.MAAR!MTB?

Trojan:MSIL/AgentTesla.MAAR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment