Trojan

Trojan:MSIL/AsyncRAT.ASBL!MTB (file analysis)

Malware Removal

The Trojan:MSIL/AsyncRAT.ASBL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AsyncRAT.ASBL!MTB virus can do?

  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Creates a copy of itself
  • The sample wrote data to the system hosts file.
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Trojan:MSIL/AsyncRAT.ASBL!MTB?



File Info:

name: 7789588B800E6A9B8FC5.mlw
path: /opt/CAPEv2/storage/binaries/dc772b55a8d6df6e240affecb36ad06b84aaa0bffa8b8ef8601141426dcea044
crc32: B2542BF4
md5: 7789588b800e6a9b8fc5c75c8305ef4b
sha1: 658a53f941a1dbdf0968cb35e3a62e738becab45
sha256: dc772b55a8d6df6e240affecb36ad06b84aaa0bffa8b8ef8601141426dcea044
sha512: 761ff194a0bd0e00f56a11af3f031c9a6f059ef4ac9986166aeeabf689c87fb9227bb27b8d3cb1535277894bcf49f7fdab1269aeb24a4b1397299c4f54424833
ssdeep: 49152:5KNPheNcSzN5+omerw7SDM1vJtSeBl8bSp4bNYVWc6ScYx+kIZ:wNPRSBMomWw7PNJtP41bcpuYwJZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13706D0C01342FBABC7E1A1FB286456F433168ACEE505B595D62CD750189A21F0EAFED3
sha3_384: 319fd018686e497777fb311f095a2a04f1979708f3dc91f772606786b96960de53b46d393b7f70fb808c9f6477abb34b
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-10-25 22:07:19


Version Info:

Translation: 0x0000 0x04b0
Comments: Adobe Photoshop CS4
CompanyName: Adobe Systems Inc.
FileDescription: Adobe Photoshop CS4
FileVersion: 11.0.1.0
InternalName: sss.exe
LegalCopyright: Copyright 2009 Adobe Systems Inc.
OriginalFilename: sss.exe
ProductName: Adobe Photoshop CS4
ProductVersion: 11.0.1.0
Assembly Version: 11.0.1.0

Trojan:MSIL/AsyncRAT.ASBL!MTB also known as:

MicroWorld-eScanGen:Variant.Marsilia.13437
FireEyeGeneric.mg.7789588b800e6a9b
CAT-QuickHealTrojan.Asyncrat
SkyhighBehavesLike.Win32.Generic.wh
ALYacGen:Variant.Marsilia.13437
SangforSuspicious.Win32.Save.a
BitDefenderGen:Variant.Marsilia.13437
Cybereasonmalicious.941a1d
VirITTrojan.Win32.MSIL_Heur.A
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.ABU
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.CFI.dkmtay
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:n+M4ZqDlvyChK2G9hjUSww)
SophosMal/Generic-S
F-SecureTrojan.TR/Dropper.MSIL.Gen
DrWebTrojan.PackedNET.193
VIPREGen:Variant.Marsilia.13437
TrendMicroTROJ_GEN.R014C0DJP23
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Marsilia.13437 (B)
IkarusTrojan.Msil
GoogleDetected
AviraTR/Dropper.MSIL.Gen
VaristW32/MSIL_Kryptik.AKC.gen!Eldorado
Antiy-AVLTrojan/MSIL.Injector
MicrosoftTrojan:MSIL/AsyncRAT.ASBL!MTB
ArcabitTrojan.Marsilia.D347D
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Marsilia.13437
McAfeeGenericRXKD-TI!7789588B800E
MAXmalware (ai score=84)
DeepInstinctMALICIOUS
VBA32TScope.Trojan.MSIL
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R014C0DJP23
SentinelOneStatic AI – Suspicious PE
FortinetMSIL/Injector.ABU!tr
BitDefenderThetaGen:NN.ZemsilF.36792.Qp0@aiDhogp
AVGMSIL:Crypt-IJ [Trj]
AvastMSIL:Crypt-IJ [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/AsyncRAT.ASBL!MTB?

Trojan:MSIL/AsyncRAT.ASBL!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment