Trojan:MSIL/Heracles.GCD!MTB malicious file

The Trojan:MSIL/Heracles.GCD!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Heracles.GCD!MTB virus can do?

Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Heracles.GCD!MTB?


File Info:
name: 346067DD1C87C5592572.mlw
path: /opt/CAPEv2/storage/binaries/ef0dc3f19266c56785d4625cba39dce05232c63256335ae924686170fc3d816c
crc32: 25C1E30A
md5: 346067dd1c87c5592572d84057121f17
sha1: e2a697e4fc0baeea8d9ffd9f7b7c2e92f7dff605
sha256: ef0dc3f19266c56785d4625cba39dce05232c63256335ae924686170fc3d816c
sha512: a58028c1a8e5f5f0432a3930a69b2da23e75553dc0a87d1d1b97cd2d2b604d012179aa5e8272dd2e892c44fb8a1cbf9f31834d08138d4dff342703a8638d9d42
ssdeep: 384:JJJo2hYvWMUMnYZa4UzOVeKS9bMTW4g1CwL1Rb+/cG7mWP3ZrVZrwtZvCvwaiZfV:GEHUOVeKSRM41v1RbpChiETAgm3HtH
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T142F2F9297CD9812EF17F8FF83EE125A59675F37A2606E9462C940B5B0E43740CD1237A
sha3_384: 579204d990822cb7e14742e8fe4aecf92290e394e6064709475e304815a16ddf9b901c21df818f2a703218efc539cb4a
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-11-04 09:00:10

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: PHXLegacy.exe
LegalCopyright:  
OriginalFilename: PHXLegacy.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Heracles.GCD!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Convagent.j!c
FireEye	Generic.Dacic.1976.86829B33
CAT-QuickHeal	Trojan.Generic.TRFH903
Skyhigh	BehavesLike.Win32.Generic.nm
McAfee	RDN/Ransom
Cylance	unsafe
Zillya	Trojan.Convagent.Win32.9454
Sangfor	Ransom.Win32.Convagent.Vt4a
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Kaspersky	VHO:Trojan-Ransom.Win32.Convagent.gen
BitDefender	Generic.Dacic.1976.86829B33
MicroWorld-eScan	Generic.Dacic.1976.86829B33
Avast	Win32:Malware-gen
Emsisoft	Generic.Dacic.1976.86829B33 (B)
F-Secure	Trojan.TR/Redcap.kuoau
VIPRE	Generic.Dacic.1976.86829B33
TrendMicro	Ransom_Convagent.R002C0DAA24
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Heracles
Varist	W32/Trojan.GPA.gen!Eldorado
Avira	TR/Redcap.kuoau
Antiy-AVL	Trojan[Ransom]/Win32.Convagent
Microsoft	Trojan:MSIL/Heracles.GCD!MTB
Arcabit	Generic.Dacic.1976.86829B33
ZoneAlarm	VHO:Trojan-Ransom.Win32.Convagent.gen
GData	Generic.Dacic.1976.86829B33
Google	Detected
AhnLab-V3	Ransomware/Win.Ransom.C5316630
ALYac	Generic.Dacic.1976.86829B33
MAX	malware (ai score=88)
Malwarebytes	Malware.AI.3863852734
Panda	Trj/RansomGen.A
TrendMicro-HouseCall	Ransom_Convagent.R002C0DAA24
Rising	Ransom.Convagent!8.123A1 (CLOUD)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.AEF7!tr
AVG	Win32:Malware-gen
Cybereason	malicious.d1c87c
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Heracles.GCD!MTB?

Trojan:MSIL/Heracles.GCD!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X