About “Trojan:MSIL/Injector.CP!MTB” infection

The Trojan:MSIL/Injector.CP!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Injector.CP!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Injector.CP!MTB?


File Info:
name: 487A5304DFA9F947339F.mlw
path: /opt/CAPEv2/storage/binaries/bc2daead2495b105daf35672cf27e9784268bc4f89e0c8e6ff541491aa0de4ff
crc32: 63A0F092
md5: 487a5304dfa9f947339fcf7d5ae552f5
sha1: 225fb8b7e03c449eaa0ff8ab65fb9d8f35c4b903
sha256: bc2daead2495b105daf35672cf27e9784268bc4f89e0c8e6ff541491aa0de4ff
sha512: a3ddb169963a88c02b813ecc934dc6a108160f5f44c2a5821608f8963e486f2b9726dabe5ff244a2aaa818f223baca6686384bf21d75617e6928b991fd3f7514
ssdeep: 384:arScHnC6Z0PL+zvXXPm+PP+yX/2qfP/mLn22X+XWu+mePXDn22X+XW7n22X+XWeb:hcpE+zvXXPm+PP+yX/2qfP/mLn22X+Xr
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1D952833AE78A5DB0EADFDBB914E202130A30D4D60A13DBDE64C453B7FB852D2855036D
sha3_384: 39cb4b8f59ec2734fca3482632bc83ea3ddeac0ee2d5b87383d54ef2ab6eb2ae2d7bf806eb06588d69ae247d56757f95
ep_bytes: ff250020001000000000000000000000
timestamp: 2021-10-19 13:07:22

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: igkhntja.dll
LegalCopyright:  
OriginalFilename: igkhntja.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Injector.CP!MTB also known as:

Bkav	W32.AIDetectMalware.CS
DrWeb	Trojan.Siggen11.62021
MicroWorld-eScan	Gen:Variant.Tedy.1958
Skyhigh	Trojan-FTXB!487A5304DFA9
McAfee	Trojan-FTXB!487A5304DFA9
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:MSIL/Injector.ef618d13
K7GW	Trojan ( 00588a941 )
K7AntiVirus	Trojan ( 00588a941 )
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Runner.AT
APEX	Malicious
ClamAV	Win.Packed.Bulz-9891112-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Tedy.1958
Avast	Win32:MalwareX-gen [Trj]
Tencent	Trojan.Win32.Injector.hf
Emsisoft	Gen:Variant.Tedy.1958 (B)
F-Secure	Trojan.TR/Dropper.Gen
VIPRE	Gen:Variant.Tedy.1958
FireEye	Generic.mg.487a5304dfa9f947
Sophos	Troj/MSILIn-BFE
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=84)
Google	Detected
Avira	TR/Dropper.Gen
Varist	W32/MSIL_Troj.C.gen!Eldorado
Antiy-AVL	Trojan/Win32.Generic
Microsoft	Trojan:MSIL/Injector.CP!MTB
Xcitium	Malware@#qdjjy19isxvr
Arcabit	Trojan.Tedy.D7A6
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Tedy.1958
AhnLab-V3	Trojan/Win32.RL_Generic.C4334637
VBA32	TScope.Trojan.MSIL
ALYac	Gen:Variant.Tedy.1958
Cylance	unsafe
Panda	Trj/GdSda.A
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Injector.VKE!tr
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/Injector.CP!MTB?

Trojan:MSIL/Injector.CP!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X