What is “Trojan:MSIL/Nekark.MBFQ!MTB”?

The Trojan:MSIL/Nekark.MBFQ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Nekark.MBFQ!MTB virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
.NET file is packed/obfuscated with SmartAssembly
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Nekark.MBFQ!MTB?


File Info:
name: 851BE974C3D648404C71.mlw
path: /opt/CAPEv2/storage/binaries/b0ec60381748dd1ca586e699274426da2171c06cbdf6584da7cb9045daf4c680
crc32: C458C91F
md5: 851be974c3d648404c716cb511a8ebc3
sha1: c4c88eb6c0955f19b38505d6570d52c1a88e04ac
sha256: b0ec60381748dd1ca586e699274426da2171c06cbdf6584da7cb9045daf4c680
sha512: cf0d1bd17b973e7459f8165722ad3d98f7abfb00c591b62fad3e63465ea488d07863c9d7b4408742eb98ae20f2f206bb0b4129bef61e1d76c0c90766b4c59058
ssdeep: 98304:oJTaF1hD9aRCITipCpy5wpRSyxk5UZzgzaMVb+q6lU4ol0p0PLzB1QuSBXGu:NF1hDv3syGpRS6k5MzcaMVCq6lpLp0fg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CD36337EB391AEF5C16E0AB380A1E2D02374F036275BD74759A72E911C2E35C4DE258B
sha3_384: f50382d30a4f9d75ac7ede833393130dce873e8f3a5f02c1f1c43dcb860202fff1ecf643429f534fb8250ebb9e1fd469
ep_bytes: 
timestamp: 2023-12-07 08:57:52

Version Info:
0: [No Data]

Trojan:MSIL/Nekark.MBFQ!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.70999438
FireEye	Trojan.GenericKD.70999438
Skyhigh	BehavesLike.Win32.Generic.rc
Zillya	Trojan.Kryptik.Win32.4391728
Alibaba	Trojan:MSIL/Nekark.891d78fe
Arcabit	Trojan.Generic.D43B5D8E
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Kryptik.AHUA
ClamAV	Win.Packed.Generic-10016656-0
BitDefender	Trojan.GenericKD.70999438
Tencent	Msil.Trojan.Kryptik.Yolw
Sophos	Mal/Generic-S
DrWeb	Trojan.PackedNET.2523
VIPRE	Trojan.GenericKD.70914064
Trapmine	suspicious.low.ml.score
Emsisoft	Trojan.GenericKD.70999438 (B)
Ikarus	Trojan.MSIL.Crypt
Jiangmin	TrojanSpy.MSIL.dchi
Varist	W32/MSIL_Agent.GZG.gen!Eldorado
Xcitium	Heur.Corrupt.PE@1z141z3
Microsoft	Trojan:MSIL/Nekark.MBFQ!MTB
GData	Trojan.GenericKD.70999438
Google	Detected
ALYac	Trojan.GenericKD.70914064
MAX	malware (ai score=83)
Malwarebytes	Malware.AI.1383527383
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:vl6D6XDiUIu0hFoi0bKprg)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Kryptik.AHUA!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

How to remove Trojan:MSIL/Nekark.MBFQ!MTB?

Trojan:MSIL/Nekark.MBFQ!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X