About “Trojan:MSIL/AgentTesla.RPI!MTB” infection

The Trojan:MSIL/AgentTesla.RPI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.RPI!MTB virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/AgentTesla.RPI!MTB?


File Info:
name: 88D0CD07721A16B12CAA.mlw
path: /opt/CAPEv2/storage/binaries/f39a8c33402dc35f6e767c6651e04b9ad6aca4cd24806bd90df642f6e0b0b4d7
crc32: 40AB6355
md5: 88d0cd07721a16b12caa38101d79f765
sha1: 518c7624787701b26828bc6e9018764a90ba3f1d
sha256: f39a8c33402dc35f6e767c6651e04b9ad6aca4cd24806bd90df642f6e0b0b4d7
sha512: baf90b027e16cdcec88b6e535869bd0ffdc33f083b6c3453980378c3873c149e547de7142696bdf2c195ddc5e640443b6363619f0b07b46851a209083f1b64bc
ssdeep: 3072:rjckCQGWkJlmj0brMJl93hAIw+na9hmdGEiZe:RxrklEvNba9hn
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1EF247D27031BEAF8CE55B2B703AAC59D6BF009A102EBC505DF9268E11D01F77E7875A4
sha3_384: 35aaa6acb41ab933a1deb428ed93e3c11501bfba72bd215c31de0a0caa2a7c501f157282773f57fc11e8f812f0282747
ep_bytes: ff250020001000000000000000000000
timestamp: 2021-06-16 21:36:09

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: kfdq_Tnfrpoe.dll
LegalCopyright:  
OriginalFilename: kfdq_Tnfrpoe.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/AgentTesla.RPI!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.Kryptik.4!c
MicroWorld-eScan	Gen:Variant.MSILPerseus.238059
Skyhigh	BehavesLike.Win32.Generic.dm
McAfee	RDN/Generic.dx
Cylance	unsafe
Zillya	Trojan.Agent.Win32.3026583
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:MSIL/Kryptik.9e4c7507
K7GW	Trojan ( 00597b331 )
K7AntiVirus	Trojan ( 00597b331 )
Arcabit	Trojan.MSILPerseus.D3A1EB
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.VRS
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Agent-9967677-1
Kaspersky	HEUR:Trojan.MSIL.Kryptik.gen
BitDefender	Gen:Variant.MSILPerseus.238059
NANO-Antivirus	Trojan.Win32.Kryptik.jsnvyd
Avast	Win32:MalwareX-gen [Trj]
Tencent	Msil.Trojan.Kryptik.Lcnw
Emsisoft	Gen:Variant.MSILPerseus.238059 (B)
F-Secure	Heuristic.HEUR/AGEN.1301100
VIPRE	Gen:Variant.MSILPerseus.238059
TrendMicro	Trojan.MSIL.HISTUFF.AA
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Agent
Varist	W32/MSIL_Agent.CKH.gen!Eldorado
Avira	HEUR/AGEN.1301100
Antiy-AVL	Trojan/MSIL.Kryptik
Microsoft	Trojan:MSIL/AgentTesla.RPI!MTB
ZoneAlarm	HEUR:Trojan.MSIL.Kryptik.gen
GData	Gen:Variant.MSILPerseus.238059
Google	Detected
AhnLab-V3	Trojan/Win.HISTUFF.C5293241
Malwarebytes	Trojan.Crypt.MSIL.Generic
TrendMicro-HouseCall	Trojan.MSIL.HISTUFF.AA
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.VRS!tr
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/AgentTesla.RPI!MTB?

Trojan:MSIL/AgentTesla.RPI!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X