What is “Trojan:MSIL/AgentTesla.RPI!MTB”?

The Trojan:MSIL/AgentTesla.RPI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.RPI!MTB virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/AgentTesla.RPI!MTB?


File Info:
name: 4532C3C6258EEDD9E490.mlw
path: /opt/CAPEv2/storage/binaries/b1f190d79a9a81e11e65b47f2f14c39b7f2607d325d843481d82f9ba7456b46a
crc32: CDA6EEF7
md5: 4532c3c6258eedd9e4902023f40dd1c8
sha1: abb58eee3fc5881ba874d6b7f62d8959ef196f4a
sha256: b1f190d79a9a81e11e65b47f2f14c39b7f2607d325d843481d82f9ba7456b46a
sha512: dba729b96fc5586598b696e6453d77691b2844a2cdf84e49e5b7385f2a0c6c781b8be0ebaad53407468d3a3cc85927cea50160ae39a608bfd75bb4832d57ab79
ssdeep: 6144:PkLleMmGbpbhMxlbRQwRMOxRYLS3WRQA:KmGbpbhqHpA
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T15E34EC66179B3F78DB89B9B602BB364B6F78129202E54412B7E37C711811B35F78E0D8
sha3_384: 4d818dcf8c012acdde96180f20057fe9a5baef8d3d51d4df912c560d2ec50c2d007665f9b90d1a454a004a291b7a0d2a
ep_bytes: ff250020001000000000000000000000
timestamp: 2017-08-31 23:27:35

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: KCQS_WowerWEB.dll
LegalCopyright:  
OriginalFilename: KCQS_WowerWEB.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/AgentTesla.RPI!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.Kryptik.4!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.dm
McAfee	Artemis!4532C3C6258E
Cylance	unsafe
VIPRE	Gen:Variant.Tedy.178938
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058ea051 )
Alibaba	Trojan:MSIL/Kryptik.65bc3b60
K7GW	Trojan ( 0058ea051 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Tedy.D2BAFA
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.VRS
APEX	Malicious
ClamAV	Win.Trojan.Agent-9967677-1
Kaspersky	HEUR:Trojan.MSIL.Kryptik.gen
BitDefender	Gen:Variant.Tedy.178938
MicroWorld-eScan	Gen:Variant.Tedy.178938
Avast	Win32:MalwareX-gen [Trj]
Tencent	Msil.Trojan.Kryptik.Zolw
Emsisoft	Gen:Variant.Tedy.178938 (B)
F-Secure	Heuristic.HEUR/AGEN.1301100
Zillya	Trojan.AgentAGen.Win32.3825
TrendMicro	TrojanSpy.MSIL.NEGASTEAL.SMRJAHSPH
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Agent
Jiangmin	Trojan.MSIL.ancwl
Google	Detected
Avira	HEUR/AGEN.1301100
Antiy-AVL	Trojan/MSIL.Kryptik
Microsoft	Trojan:MSIL/AgentTesla.RPI!MTB
ZoneAlarm	HEUR:Trojan.MSIL.Kryptik.gen
GData	Gen:Variant.Tedy.178938
Varist	W32/MSIL_Agent.CKH.gen!Eldorado
Yandex	Trojan.Kryptik!6DaamqDUb1Y
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.73851277.susgen
Fortinet	MSIL/Agent.VRS!tr
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/AgentTesla.RPI!MTB?

Trojan:MSIL/AgentTesla.RPI!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X