About “Trojan:MSIL/Heracles.GZZ!MTB” infection

The Trojan:MSIL/Heracles.GZZ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Heracles.GZZ!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Heracles.GZZ!MTB?


File Info:
name: 6057DA85D5FBF144BDD8.mlw
path: /opt/CAPEv2/storage/binaries/3c9302aafb1db6220730dd71ce77b602a54fd03a1e4fd818c0fa40672891171b
crc32: CAAEF513
md5: 6057da85d5fbf144bdd8a4f8b7f0daa2
sha1: 5060f2a0e2d87cf22f1c3c7ab7c85b94f6040f0a
sha256: 3c9302aafb1db6220730dd71ce77b602a54fd03a1e4fd818c0fa40672891171b
sha512: 1c017748283237c2c84218e406b517332fbe9ef6cc11c88a6c88c14614bbc33e4ad6154e3865233469fb92e2ba30a4e95b9fa4ab3e4962a58360c3a82629b98b
ssdeep: 48:6hpcDyY4JoisehwCCaaT1JbdUyid0lIcGxex6hL1ulJra3mEq:KaDyYaoFe5fa/Tid0lLGnh8HK
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T186817302A7F40A67E0FA4B3E5EE347462AB4F8118F62A75F18C4425C3CA53245E72BB1
sha3_384: db5ed048208cb2d8a928dde15074b3a024f2a844893890a578c9caf62df84fd525e4648fa817d9da4727a4190852c189
ep_bytes: ff250020001000000000000000000000
timestamp: 2024-01-05 22:55:09

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: cgikwtxb.dll
LegalCopyright:  
OriginalFilename: cgikwtxb.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Heracles.GZZ!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.ShellcodeRunner.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.MSILHeracles.121451
FireEye	Gen:Variant.MSILHeracles.121451
Skyhigh	BehavesLike.Win32.Infected.xz
McAfee	Artemis!6057DA85D5FB
Cylance	unsafe
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/ShellcodeRunner.DJ
Kaspersky	HEUR:Trojan.MSIL.Agent.gen
BitDefender	Gen:Variant.MSILHeracles.121451
Avast	Win32:TrojanX-gen [Trj]
Tencent	Msil.Trojan.Agent.Pgil
Emsisoft	Gen:Variant.MSILHeracles.121451 (B)
F-Secure	Trojan.TR/Redcap.dzcdy
VIPRE	Gen:Variant.MSILHeracles.121451
Sophos	Mal/Generic-R
Ikarus	Trojan.MSIL.Shellcoderunner
GData	Gen:Variant.MSILHeracles.121451
Google	Detected
Avira	TR/Redcap.dzcdy
MAX	malware (ai score=87)
Arcabit	Trojan.MSILHeracles.D1DA6B
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
Microsoft	Trojan:MSIL/Heracles.GZZ!MTB
Varist	W32/MSIL_Agent.HLI.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.C5570089
ALYac	Gen:Variant.MSILHeracles.121451
Panda	Trj/CI.A
SentinelOne	Static AI – Suspicious PE
Fortinet	MSIL/ShellcodeRunner.DJ!tr
AVG	Win32:TrojanX-gen [Trj]

How to remove Trojan:MSIL/Heracles.GZZ!MTB?

Trojan:MSIL/Heracles.GZZ!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X