What is “Trojan:MSIL/Guildma.psyK!MTB”?

The Trojan:MSIL/Guildma.psyK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Guildma.psyK!MTB virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Guildma.psyK!MTB?


File Info:
name: D2934D63DF6D2A6A5A68.mlw
path: /opt/CAPEv2/storage/binaries/104873c8acba628e5b0a9a8b74535a26be288d36d2662891d2fab08280b451ac
crc32: 26EFA17B
md5: d2934d63df6d2a6a5a6839a0f4a22c94
sha1: 14e2647804452e2ca316a3465721a94ffc58e888
sha256: 104873c8acba628e5b0a9a8b74535a26be288d36d2662891d2fab08280b451ac
sha512: 83e4635c482b055990e94f8a37a5c8c7980db690f43b1834325c171033289eb590f6ae914bbc90948c47eee4054882a13242dbfbcd6695f014a664ba61f2aa0f
ssdeep: 12288:EkwvAKhWpyRahyO7MWNAyr8Wk96X0KwjQV4opOBY:ELov5hy4NHgYDwjQwBY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DDC402D3E90453EDD8BC983992420EA24B6F7C3FC15AE472A4D0771750A34A6D37BA63
sha3_384: 3b4343ba3558c32e0c77579073a5fb760681fbb5afc72fec923881aae2f15d60da5c7c7bed4c6a44585b36af2b088844
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-04-14 12:20:26

Version Info:
Translation: 0x0000 0x04b0
Comments: RPX 1.3.4400.61
FileDescription:  
FileVersion: 0.0.0.0
InternalName: 222.exe
LegalCopyright:  
OriginalFilename: 222.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Guildma.psyK!MTB also known as:

Lionic	Trojan.Win32.Generic.lGhu
Cynet	Malicious (score: 100)
FireEye	Generic.mg.d2934d63df6d2a6a
McAfee	GenericRXKK-JJ!D2934D63DF6D
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 0056f0581 )
K7AntiVirus	Trojan ( 00528cb81 )
BitDefenderTheta	Gen:NN.ZemsilF.36132.Im0@a8KKkOk
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.OBK
APEX	Malicious
ClamAV	Win.Packed.Bladabindi-7086597-0
Kaspersky	Trojan.MSIL.Disfa.bqh
BitDefender	Gen:Heur.Mint.Packer.8
NANO-Antivirus	Trojan.Win32.Agent.cwyklp
MicroWorld-eScan	Gen:Heur.Mint.Packer.8
Avast	MSIL:Agent-BXF [Trj]
Tencent	Msil.Trojan.Disfa.Gjgl
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	BackDoor.Bladabindi.3459
VIPRE	Gen:Heur.Mint.Packer.8
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Heur.Mint.Packer.8 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.Mint.Packer.8
Avira	TR/Dropper.Gen
Antiy-AVL	GrayWare/MSIL.Injector.AWA
Xcitium	TrojWare.MSIL.Bladabindi.KX@52g0y5
Arcabit	Trojan.Mint.Packer.8
ZoneAlarm	Trojan.MSIL.Disfa.bqh
Microsoft	Trojan:MSIL/Guildma.psyK!MTB
Google	Detected
Acronis	suspicious
VBA32	Trojan.MSIL.Bladabindi.Heur
ALYac	Gen:Heur.Mint.Packer.8
MAX	malware (ai score=88)
Malwarebytes	Backdoor.Agent.PGen
Panda	Generic Malware
Rising	Malware.Obfus/MSIL@AI.92 (RDM.MSIL2:SlB6xGK+xFdThGyW4GziJQ)
Yandex	Trojan.Agent!TmjsW+sjVUU
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.PPV!tr
AVG	MSIL:Agent-BXF [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Guildma.psyK!MTB?

Trojan:MSIL/Guildma.psyK!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X