Trojan:MSIL/AgentTesla.PSYM!MTB malicious file

The Trojan:MSIL/AgentTesla.PSYM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.PSYM!MTB virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.PSYM!MTB?


File Info:
name: FC13AC4A0369E38A5F1B.mlw
path: /opt/CAPEv2/storage/binaries/90e59afb8394c0ad8c859d0eea277831fffe519d07ea5becdec0b23054217d7f
crc32: F4B5993C
md5: fc13ac4a0369e38a5f1b781968b911ec
sha1: be755666aba3d8eec109c0620129104ff62c6c02
sha256: 90e59afb8394c0ad8c859d0eea277831fffe519d07ea5becdec0b23054217d7f
sha512: 352c1d3f94cceec48a979450e5215badc492d17409661d1f03eb9c817ff046c211bc3194a2bf411563abad69a8135ba464d50ff31ed8d53d7b615a2b06df0b71
ssdeep: 12288:b7x/aOrPjgCyy1vRXeC6sSgi9UC+MgzfpZLMrXiyF:Px/RPjlRXg0C+MgbDbyF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BCA42355E229A2E7E3761E301BE224E51B3795067D18E83E7A48539D63CC587F3EE230
sha3_384: 7ced0c0c7eb719b015e79fb6d32ff7fe2f521835b7ac1bd2c75be0b1fcb1c31d344470e21de25b046c6376349716ffbf
ep_bytes: 134ee6fd0095147af14ed2ae2b9fa005
timestamp: 2067-03-01 07:42:42

Version Info:
0: [No Data]

Trojan:MSIL/AgentTesla.PSYM!MTB also known as:

MicroWorld-eScan	Gen:Variant.MSILHeracles.116291
ALYac	Gen:Variant.MSILHeracles.116291
Malwarebytes	MachineLearning/Anomalous.95%
VIPRE	Gen:Variant.MSILHeracles.116291
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AJUR
BitDefender	Gen:Variant.MSILHeracles.116291
Avast	FileRepMalware [Misc]
Emsisoft	Gen:Variant.MSILHeracles.116291 (B)
DrWeb	Trojan.PackedNET.2418
Trapmine	suspicious.low.ml.score
FireEye	Gen:Variant.MSILHeracles.116291
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.MSILHeracles.116291
MAX	malware (ai score=89)
Kingsoft	malware.kb.c.903
Arcabit	Trojan.MSILHeracles.D1C643
Microsoft	Trojan:MSIL/AgentTesla.PSYM!MTB
Cynet	Malicious (score: 100)
Cylance	unsafe
Ikarus	Trojan.MSIL.Agent
BitDefenderTheta	Gen:NN.ZemsilF.36738.CmX@aSSLagf
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Trojan:MSIL/AgentTesla.PSYM!MTB?

Trojan:MSIL/AgentTesla.PSYM!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X