About “Trojan:MSIL/Malgent!MTB” infection

The Trojan:MSIL/Malgent!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Malgent!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary file triggered YARA rule
Binary compilation timestomping detected

How to determine Trojan:MSIL/Malgent!MTB?


File Info:
name: F9C0EB3E094A84221AF3.mlw
path: /opt/CAPEv2/storage/binaries/b1e1b85a232344d324c613aca77b00a9b0dfd76f6a250e10b2db2fc341b87aee
crc32: F34D66F5
md5: f9c0eb3e094a84221af3881c13465599
sha1: 70592c3f1e1816d121a875db012b0cc1df14e676
sha256: b1e1b85a232344d324c613aca77b00a9b0dfd76f6a250e10b2db2fc341b87aee
sha512: 579d612d1d59f63437e4d4125d6bee2e97b65f0eca7dfbfebf602e3173353e977a9e49592a1b3376a6080f917ba11ca07a5881b87fe0364dad7c43ddd1b2fb38
ssdeep: 6144:Xe3Bhj1eb1dY9R92waF9S95NnwY0ozR5spzvSrnHefQOWdFQJvUhq36Fz:XDO9No85GY0YR5VrnHefgd6JvUe6Fz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16305382632ECE163FC448D740C6E73BD16E67D720EDCC78E768CEA6A15B9694D12900E
sha3_384: 98b8c911877164a228e0cd4d1912516c485d9034081f60ae55726faa60b27e1a338e1c43c90bb6ab89692d1aaf00de2d
ep_bytes: ff250020400000000000000000000000
timestamp: 2087-01-18 07:47:30

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft
FileDescription: 网络锁客户端
FileVersion: 1.0.0.0
InternalName: 网络锁客户端.exe
LegalCopyright: Copyright © Microsoft 2023
LegalTrademarks: 
OriginalFilename: 网络锁客户端.exe
ProductName: 网络锁客户端
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/Malgent!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	IL:Trojan.MSILZilla.44280
FireEye	IL:Trojan.MSILZilla.44280
Malwarebytes	Malware.AI.4247324323
Sangfor	Trojan.Win32.Agent.Vvoh
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	IL:Trojan.MSILZilla.44280
VIPRE	IL:Trojan.MSILZilla.44280
Emsisoft	IL:Trojan.MSILZilla.44280 (B)
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Agent
Microsoft	Trojan:MSIL/Malgent!MTB
Arcabit	IL:Trojan.MSILZilla.DACF8
GData	IL:Trojan.MSILZilla.44280
Google	Detected
ALYac	IL:Trojan.MSILZilla.44280
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09AE24
Ikarus	Trojan.IL.MSILZilla
MaxSecure	Trojan.Malware.220179445.susgen
Fortinet	PossibleThreat
Cybereason	malicious.e094a8
DeepInstinct	MALICIOUS
alibabacloud	Trojan:Win/MSILZilla

How to remove Trojan:MSIL/Malgent!MTB?

Trojan:MSIL/Malgent!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X