Trojan

About “Trojan:MSIL/AgentTesla.PSOR!MTB” infection

Malware Removal

The Trojan:MSIL/AgentTesla.PSOR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan:MSIL/AgentTesla.PSOR!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.PSOR!MTB?


File Info:

name: D2D61600CF5D12386318.mlw
path: /opt/CAPEv2/storage/binaries/00738ef73ef821d9e23ef68065a11963277166feb89e1b0812b96c8f1393eb40
crc32: 6500C71B
md5: d2d61600cf5d12386318bffc52346fa8
sha1: 5204a3237e2baa96b23375694f9a9e2c7aff53d2
sha256: 00738ef73ef821d9e23ef68065a11963277166feb89e1b0812b96c8f1393eb40
sha512: cbb2cb1fc32be0cd1347f7b04403708197bde67327e18b544b9286325525f3f0022bad8968b8d7527fed05f3d3fd5ad21009d7f9122c87deff76a3d2410eb339
ssdeep: 24576:pj5GoR5aks63iZrZssvQXdsZg5T+QY81I1t4qJb4e7:pjIo2kskkrimQXdsSI81I3L
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E645CE566082B9C9D64DB27A448399F401E13B397431DE5729C122DBBCEF7C4AE0EED2
sha3_384: 75deed7c147ada93e4f08f3705b9c4403aa88dcb5df326223104c3a648f55b32211fb2b0c159e217a61c1cc9a5c04530
ep_bytes: ff250020400000000000000000000000
timestamp: 2061-08-03 23:48:52

Version Info:

Translation: 0x0000 0x04b0
Comments:
CompanyName: HP Inc.
FileDescription: Pizza_Project
FileVersion: 1.0.0.0
InternalName: wZTz.exe
LegalCopyright: Copyright © HP Inc. 2019
LegalTrademarks:
OriginalFilename: wZTz.exe
ProductName: Pizza_Project
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.PSOR!MTB also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
MicroWorld-eScanIL:Trojan.MSILMamut.10854
FireEyeGeneric.mg.d2d61600cf5d1238
SkyhighGenericRXWC-DA!D2D61600CF5D
McAfeeGenericRXWC-DA!D2D61600CF5D
MalwarebytesCrypt.Trojan.MSIL.DDS
ZillyaTrojan.DInvoke.Win32.331
SangforSuspicious.Win32.Save.a
AlibabaTrojan:MSIL/DInvoke.b6b7e7c6
K7GWTrojan ( 005a5fe01 )
K7AntiVirusTrojan ( 005a5fe01 )
BitDefenderThetaGen:NN.ZemsilF.36802.mn0@a0EbJlg
SymantecScr.Malcode!gdn34
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Kryptik_AGen.ATX
APEXMalicious
AvastWin32:PWSX-gen [Trj]
ClamAVWin.Trojan.Autoit-7356348-0
KasperskyHEUR:Trojan.MSIL.DInvoke.gen
BitDefenderIL:Trojan.MSILMamut.10854
TencentMalware.Win32.Gencirc.13c31947
SophosTroj/Krypt-YS
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1372463
VIPREIL:Trojan.MSILMamut.10854
EmsisoftIL:Trojan.MSILMamut.10854 (B)
SentinelOneStatic AI – Malicious PE
VaristW32/MSIL_Kryptik.GVV.gen!Eldorado
AviraHEUR/AGEN.1372463
MAXmalware (ai score=82)
Antiy-AVLTrojan[Backdoor]/MSIL.Remcos
MicrosoftTrojan:MSIL/AgentTesla.PSOR!MTB
ArcabitIL:Trojan.MSILMamut.D2A66
ZoneAlarmHEUR:Trojan.MSIL.DInvoke.gen
GDataIL:Trojan.MSILMamut.10854
AhnLab-V3Trojan/Win.Generic.C5434028
ALYacIL:Trojan.MSILMamut.10854
Cylanceunsafe
PandaTrj/Chgt.AD
ZonerTrojan.Win32.156900
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:V5g/QifiminuoPEPAFqfoQ)
YandexTrojan.Igent.b0cM1O.1
IkarusTrojan.MSIL.Agent
MaxSecureTrojan.Malware.192454121.susgen
FortinetMSIL/Kryptik.ATX!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:MSIL/AgentTesla.PSOR!MTB?

Trojan:MSIL/AgentTesla.PSOR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment