Trojan:MSIL/Heracles.SPAP!MTB malicious file

The Trojan:MSIL/Heracles.SPAP!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Heracles.SPAP!MTB virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Trojan:MSIL/Heracles.SPAP!MTB?


File Info:
name: E5CF90529876136F3B9C.mlw
path: /opt/CAPEv2/storage/binaries/129ac4d502bba4d732d85e3db262ec3d048b77c217078b3cdfd03d4d865415e7
crc32: 1EF7B8AE
md5: e5cf90529876136f3b9cf1e806f6bc5a
sha1: 8120c1c81ed3acf1cf05c1df8d259883ce07c6fe
sha256: 129ac4d502bba4d732d85e3db262ec3d048b77c217078b3cdfd03d4d865415e7
sha512: 1a73da207698b9bef41f2dd0819b598e9125dd9d71e0604cc5adc95e5cdf9211e74531d65fa069a664c23b141a28ea540074a42d3f2be88c8493ea7aec3d9019
ssdeep: 98304:pLFAEak4uspdg3fJvIQhR305bF5ZJjDaABmDDv:skXIu05bRJfaABe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12416012132648C87FD2A56FA1411C500B7B22EC5D9DDC9C9BD9A35CE2EF5B834E28673
sha3_384: c383a20734ac0fa48af700207625e28459393f6d283f397c56b4aa62945a93eb7ad2f128c16925c595797d5f951680aa
ep_bytes: ff250020400000000000000000000000
timestamp: 2074-11-19 12:06:12

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: SkyCheats
FileVersion: 1.0.0.0
InternalName: MaloValo.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: MaloValo.exe
ProductName: SkyCheats
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/Heracles.SPAP!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Variant.MSILHeracles.38006
FireEye	Generic.mg.e5cf90529876136f
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Skyhigh	GenericRXTE-YF!E5CF90529876
ALYac	Gen:Variant.MSILHeracles.38006
Malwarebytes	Malware.AI.54918780
Sangfor	Trojan.Msil.Heracles.Vcia
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:MSIL/Heracles.0e4c5db5
K7GW	Trojan ( 700000121 )
K7AntiVirus	Trojan ( 700000121 )
Arcabit	Trojan.MSILHeracles.D9476
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/AntiVM.A suspicious
Cynet	Malicious (score: 99)
BitDefender	Gen:Variant.MSILHeracles.38006
Avast	Win32:MiscX-gen [PUP]
Emsisoft	Gen:Variant.MSILHeracles.38006 (B)
F-Secure	Trojan.TR/Redcap.ihdor
DrWeb	Trojan.Siggen17.51805
VIPRE	Gen:Variant.MSILHeracles.38006
TrendMicro	TROJ_GEN.R002C0DLD23
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	TR/Redcap.ihdor
MAX	malware (ai score=87)
Microsoft	Trojan:MSIL/Heracles.SPAP!MTB
GData	Gen:Variant.MSILHeracles.38006
Varist	W32/ABRisk.GJEV-2348
AhnLab-V3	Trojan/Win.Generic.C5121835
McAfee	GenericRXTE-YF!E5CF90529876
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0DLD23
Ikarus	Trojan-Downloader.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/HackTool
AVG	Win32:MiscX-gen [PUP]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Heracles.SPAP!MTB?

Trojan:MSIL/Heracles.SPAP!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X