Trojan:MSIL/FormBook.AFB!MTB information

The Trojan:MSIL/FormBook.AFB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/FormBook.AFB!MTB virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:MSIL/FormBook.AFB!MTB?


File Info:
name: 931652A2F0F7FE88FAC6.mlw
path: /opt/CAPEv2/storage/binaries/90fd2d9effa564122b968182039e7e0d5d40c2230f6d6ef2b12b682a11a8bb70
crc32: 89BF3041
md5: 931652a2f0f7fe88fac6cb084d9ba5e1
sha1: 9ab6405fe51337d00073203dfd19fb41bf18d261
sha256: 90fd2d9effa564122b968182039e7e0d5d40c2230f6d6ef2b12b682a11a8bb70
sha512: d439029c2073197bcc781659e4c9788c7783193bd89f379a9b36a9cc37f6ed279d591ed66a61c07a6071533e3b264bd676207089f15fed695f0813d8351ed8ed
ssdeep: 98304:cA+lS7lSXwcA+lS7lSXw5A+lS7lSXwOA+lS7lSXw:cA+lSewcA+lSew5A+lSewOA+lSew
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19366124475AAAE02C33A2FB3851341404BF4E936A925E7CB2EC675DB616EFD50F40B27
sha3_384: 88bea115a645b569f4cc1864e96f3dcdb372ea5a317d6dde06d7fd75fd8ccde40f3366578d7b46c73a3ad716eba09a4c
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-10-24 08:41:39

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: bvqw.exe
LegalCopyright:  
OriginalFilename: bvqw.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/FormBook.AFB!MTB also known as:

MicroWorld-eScan	Gen:Variant.MSILHeracles.120043
Skyhigh	BehavesLike.Win32.Generic.vc
McAfee	Artemis!3C74A61E07F2
Malwarebytes	Trojan.Crypt.MSIL.Generic
VIPRE	Gen:Variant.MSILHeracles.120043
BitDefender	Gen:Variant.MSILHeracles.120043
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZemsilF.36792.@p0@aGaiepe
VirIT	Trojan.Win32.GenusT.DTHS
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AJYH
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Malware.Xred-9917120-0
Kaspersky	HEUR:Trojan.MSIL.Taskun.gen
Rising	Trojan.Kryptik!8.8 (TFE:dGZlOgzF6xQIPsJO8A)
Emsisoft	Gen:Variant.MSILHeracles.120043 (B)
F-Secure	Trojan.TR/Kryptik.zcyjl
DrWeb	Trojan.PackedNET.2486
TrendMicro	TROJ_GEN.R002C0DJS23
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.931652a2f0f7fe88
Ikarus	Trojan.MSIL.Inject
Varist	W32/MSIL_Agent.GSR.gen!Eldorado
Avira	TR/Kryptik.zcyjl
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	malware.kb.c.996
Microsoft	Trojan:MSIL/FormBook.AFB!MTB
Arcabit	Trojan.MSILHeracles.D1D4EB
ZoneAlarm	HEUR:Trojan.MSIL.Taskun.gen
GData	Gen:Variant.MSILHeracles.120043
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5533214
VBA32	CIL.HeapOverride.Heur
ALYac	Gen:Variant.MSILHeracles.120043
MAX	malware (ai score=89)
DeepInstinct	MALICIOUS
TrendMicro-HouseCall	TROJ_GEN.R002C0DJS23
Tencent	Malware.Win32.Gencirc.115e26c4
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/GenKryptik.GNMN!tr
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.fe5133
Avast	Win32:PWSX-gen [Trj]

How to remove Trojan:MSIL/FormBook.AFB!MTB?

Trojan:MSIL/FormBook.AFB!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X