Trojan

Trojan:MSIL/FormBook.DPL!MTB malicious file

Malware Removal

The Trojan:MSIL/FormBook.DPL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/FormBook.DPL!MTB virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/FormBook.DPL!MTB?



File Info:

name: 73DE496368F6CC44DB82.mlw
path: /opt/CAPEv2/storage/binaries/58d1a34214bf6ab38aa676e884662ce8fded8f4b1a8410c4882cf106a3ceec22
crc32: D71F2D58
md5: 73de496368f6cc44db823bea289c22f1
sha1: 718c6a75cfb00ba452c9d269f734d0de2ec87ac4
sha256: 58d1a34214bf6ab38aa676e884662ce8fded8f4b1a8410c4882cf106a3ceec22
sha512: c2e1b9a1d9b47532a91412c6d851c87398da9d2873d76e0bf35d732c28544e0d97413e8d48e3c1d5010e79107e1e4bcfbd8bf8d68425d72214d031cb10764cea
ssdeep: 192:U0lBRAdcIyZ796j9+NHBnjfiLvasYbXlsAy:U0lBRytA796x+NHtAfn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19932B821A798C271D97A0636587352804377DE0ADA739A6F74AC720EAF333508E63F75
sha3_384: ac81c5e711c1aa292c35879c7e3589f32c43b7b2290e0566a65055a215117419622a52472b04ca08d9f7e53317b08455
ep_bytes: ff250020400000000000000000000000
timestamp: 2102-08-29 05:57:20


Version Info:

Translation: 0x0000 0x04b0
Comments: Ashampoo Snap 10 Setup                                      
CompanyName: Ashampoo GmbH & Co. KG                                      
FileDescription: Ashampoo Snap 10 Setup                                      
FileVersion: 10.0.8.0
InternalName: Fdsrcb.exe
LegalCopyright: Ashampoo GmbH & Co. KG                                                                              
LegalTrademarks: 
OriginalFilename: Fdsrcb.exe
ProductName: Ashampoo Snap 10                                            
ProductVersion: 10.0.8.0
Assembly Version: 10.0.8.0

Trojan:MSIL/FormBook.DPL!MTB also known as:

BkavW32.AIDetectNet.01
LionicTrojan.MSIL.Bladabindi.m!c
CynetMalicious (score: 100)
CAT-QuickHealBackdoor.MSIL
McAfeeArtemis!73DE496368F6
MalwarebytesTrojan.Downloader.MSIL.Generic
SangforBackdoor.MSIL.Bladabindi.gen
K7AntiVirusTrojan-Downloader ( 005903601 )
AlibabaTrojanDownloader:MSIL/AgentTesla.77c98c08
K7GWTrojan-Downloader ( 005903601 )
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.LFA
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderTrojan.GenericKD.39393059
ViRobotTrojan.Win32.Z.Agent.11264.EYF
MicroWorld-eScanTrojan.GenericKD.39393059
AvastWin32:DropperX-gen [Drp]
Ad-AwareTrojan.GenericKD.39393059
EmsisoftTrojan.GenericKD.39393059 (B)
ZillyaDownloader.Agent.Win32.465809
TrendMicroRansom.MSIL.TARGETCOMPANY.YXCDAT
McAfee-GW-EditionArtemis!Trojan
FireEyeTrojan.GenericKD.39393059
SophosTroj/Krypt-LK
IkarusTrojan-Downloader.MSIL.Agent
GDataTrojan.GenericKD.39393059
JiangminBackdoor.MSIL.fnwc
AviraTR/Dldr.Agent.daejv
ArcabitTrojan.Generic.D2591723
MicrosoftTrojan:MSIL/FormBook.DPL!MTB
AhnLab-V3Downloader/Win.MSIL.R481031
VBA32TScope.Trojan.MSIL
ALYacTrojan.GenericKD.39393059
MAXmalware (ai score=87)
CylanceUnsafe
TrendMicro-HouseCallRansom.MSIL.TARGETCOMPANY.YXCDAT
YandexTrojan.DL.Agent!XcMwXvztGP4
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.LDG!tr.dldr
BitDefenderThetaGen:NN.ZemsilCO.34638.am0@aG!ccOg
AVGWin32:DropperX-gen [Drp]
PandaTrj/RansomGen.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/FormBook.DPL!MTB?

Trojan:MSIL/FormBook.DPL!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment