Should I remove “Trojan:MSIL/NjRat.NEAD!MTB”?

The Trojan:MSIL/NjRat.NEAD!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/NjRat.NEAD!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Trojan:MSIL/NjRat.NEAD!MTB?


File Info:
name: 85EB1EC7FCECE2A631E6.mlw
path: /opt/CAPEv2/storage/binaries/95824cd1eab771e2b90c3437d927520258977ff34c8b53969d36352eb4802c91
crc32: C513D226
md5: 85eb1ec7fcece2a631e6fab7341c9044
sha1: b6d832e7f34e7c727dad1cc6e2ca42817ab10e67
sha256: 95824cd1eab771e2b90c3437d927520258977ff34c8b53969d36352eb4802c91
sha512: 1b41ea975fb2881c613c96c1d80109baffa19a6834806054c4b6ed68f03f9e222fb98eec374f7a0710fa23d28aaeeb6c402d861bf20e4530967a6fdf047cbecc
ssdeep: 3072:jaUb9bnWJDCS/WAHjpUK3fBzw/2bLDwhjhNZU:jxb9hSuADRZ0ILDwhjh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14404170073F8560BF6BF2BBAA87511500B36BD5BDA32D76C2D8124DD0DB2B54DA217A3
sha3_384: 242d67e5afcd273e51f5f91763ceb384545d79f9b7902ae77f6a58990cd43a10f674021b0581e4f6b484f2d7ccb3ee36
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-26 13:09:53

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: A. Pilet SA
FileDescription: Interrogation
FileVersion: 2.6.0.0
InternalName: Interrogation.exe
LegalCopyright: A. Pilet SA 2022
LegalTrademarks: 
OriginalFilename: Interrogation.exe
ProductName: 
ProductVersion: 2.6.0.0
Assembly Version: 2.6.0.0

Trojan:MSIL/NjRat.NEAD!MTB also known as:

Lionic	Trojan.MSIL.Bladabindi.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.62689014
FireEye	Trojan.GenericKD.62689014
McAfee	GenericRXUJ-II!85EB1EC7FCEC
Cylance	Unsafe
VIPRE	Trojan.GenericKD.62689014
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Cyren	W32/ABRisk.EOJD-1222
Symantec	Trojan.Gen.MBT
Kaspersky	VHO:Backdoor.MSIL.Bladabindi.gen
BitDefender	Trojan.GenericKD.62689014
Avast	Win32:BackdoorX-gen [Trj]
Ad-Aware	Trojan.GenericKD.62689014
Emsisoft	Trojan.GenericKD.62689014 (B)
TrendMicro	TROJ_GEN.R002C0PJB22
McAfee-GW-Edition	GenericRXUJ-II!85EB1EC7FCEC
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.62689014
Google	Detected
MAX	malware (ai score=86)
Antiy-AVL	Trojan[Backdoor]/MSIL.Bladabindi
Kingsoft	Win32.Hack.Undef.(kcloud)
Arcabit	Trojan.Generic.D3BC8EF6
ZoneAlarm	VHO:Backdoor.MSIL.Bladabindi.gen
Microsoft	Trojan:MSIL/NjRat.NEAD!MTB
AhnLab-V3	Trojan/Win.II.C5275839
ALYac	Trojan.GenericKD.62689014
Malwarebytes	Malware.AI.1828851503
TrendMicro-HouseCall	TROJ_GEN.R002C0PJB22
Rising	Backdoor.Bladabindi!8.B1F (CLOUD)
MaxSecure	Trojan.Malware.73429756.susgen
Fortinet	PossibleThreat
AVG	Win32:BackdoorX-gen [Trj]
Panda	Trj/Chgt.AD

How to remove Trojan:MSIL/NjRat.NEAD!MTB?

Trojan:MSIL/NjRat.NEAD!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X