Trojan

How to remove “Trojan:MSIL/AgentTesla.NSC!MTB”?

Malware Removal

The Trojan:MSIL/AgentTesla.NSC!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.NSC!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • A potential decoy document was displayed to the user
  • Created a process from a suspicious location
  • Creates a hidden or system file
  • Attempts to modify proxy settings

How to determine Trojan:MSIL/AgentTesla.NSC!MTB?



File Info:

name: E04E6FE5549163C29855.mlw
path: /opt/CAPEv2/storage/binaries/a12f09424e2f323e8ac9d7e82771c4de502e22b9c1a3d49c2ac0c500531c02da
crc32: 88BE5A2F
md5: e04e6fe5549163c2985512dc5d416f22
sha1: e22cb31bf921bf64065946a39cd0a63995b55543
sha256: a12f09424e2f323e8ac9d7e82771c4de502e22b9c1a3d49c2ac0c500531c02da
sha512: 0cb1f224815954e48bc75a6d4a2a09df1ef6254c0187cca333e956570a41a272f987247c5ba206505b7e9181af76714d31614aad41d29b30196ea70290759780
ssdeep: 49152:MlzG3mAMimUMffrEIfAOn6fBwz60Q8ecqiiA2np2RONKGIURCCq:KS37MTnTwOn2+BYiVSng+RU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AFC5DF58A9FFA4ABF316D5301CCE2F46E93E6D84B55251EE30B8755E48D03A06A0E33D
sha3_384: a3022e433fadb3818e6a304d42fa093e5f05f5a23badb1972cbf3c49ee2a6e773b119958397978dbe239321f9a120b2a
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-04-26 02:14:41


Version Info:

Translation: 0x0000 0x04b0
CompanyName:  c@yee.to
FileDescription: All rights reserved.
FileVersion: 5.5
InternalName: demonstration.exe
LegalCopyright: © 2021 spamis.fun
OriginalFilename: demonstration.exe
ProductName: Spamis.fun-5.5.jar
ProductVersion: 5.5
Assembly Version: 5.5.0.0

Trojan:MSIL/AgentTesla.NSC!MTB also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.490172
ALYacGen:Variant.Razy.490172
CylanceUnsafe
SangforSuspicious.Win32.Save.a
BitDefenderGen:Variant.Razy.490172
Cybereasonmalicious.554916
CyrenW32/MSIL_Kryptik.CRY.gen!Eldorado
SymantecScr.Malcode!gdn33
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.FKI
APEXMalicious
KasperskyHEUR:Backdoor.MSIL.Zlugin.gen
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL:dUdcvjjXUXe5UBV5ufHeUQ)
Ad-AwareGen:Variant.Razy.490172
SophosTroj/Reflekt-B
ComodoTrojWare.MSIL.Boilod.MFC@7j93d6
F-SecureTrojan.TR/Dropper.MSIL.Gen
DrWebBackDoor.Orcus.7
McAfee-GW-EditionPacked-PM!E04E6FE55491
FireEyeGeneric.mg.e04e6fe5549163c2
EmsisoftGen:Variant.Razy.490172 (B)
IkarusTrojan.MSIL.Krypt
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=86)
MicrosoftTrojan:MSIL/AgentTesla.NSC!MTB
ArcabitTrojan.Razy.D77ABC
GDataGen:Variant.Razy.490172
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Bladabindi.C927664
Acronissuspicious
McAfeePacked-PM!E04E6FE55491
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/CoinMiner.DTL!tr
BitDefenderThetaGen:NN.ZemsilF.34606.Jo0@aidGysm
AVGWin64:CrypterX-gen [Trj]
AvastWin64:CrypterX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan:MSIL/AgentTesla.NSC!MTB?

Trojan:MSIL/AgentTesla.NSC!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment