Trojan

Should I remove “Trojan:MSIL/QuasarRat.NEAH!MTB”?

Malware Removal

The Trojan:MSIL/QuasarRat.NEAH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan:MSIL/QuasarRat.NEAH!MTB virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Anomalous binary characteristics

How to determine Trojan:MSIL/QuasarRat.NEAH!MTB?


File Info:

name: 51689B947E89885330D6.mlw
path: /opt/CAPEv2/storage/binaries/6761a89eaf9a2308c3d9027760285dd95febd97cad07fe743c34702fa8e0c4a1
crc32: 9BF6252C
md5: 51689b947e89885330d6137e519e11b0
sha1: 07bb948086d6e6a0f0e3f47b21d76cf43fd89323
sha256: 6761a89eaf9a2308c3d9027760285dd95febd97cad07fe743c34702fa8e0c4a1
sha512: 9e92c58dc8b202f4330a0dfd575d3fa52545cef2040ccfe1b0f2e25c5a4e5fb51fca136d0fddbf860ebbe80cac9b3627473159c3cda6319fa2e4e18c8da370d4
ssdeep: 6144:+q3Xy8+BLhxtGSCB+6iv99I9pMavQIBOuRclPpvjoaZt81wWHIXbveC9J:+EsBbtHCB+6qsuaVB1KlPJPt7Te0
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1EBD4EA4F12DFAF83D3C4246075B641CE72D096C4C52936BBE4A66D460F8DDEC896A83B
sha3_384: 3ed84f1e80f0c3f4015a07f75b8c8369020fec8c557f41456bc809cb922206f3226bfbc03513590da659a3aeb0b61e35
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2023-04-22 19:05:21

Version Info:

Translation: 0x0000 0x04b0
FileDescription:
FileVersion: 0.0.0.0
InternalName: Uninstall Streamlabs OBS.exe
LegalCopyright:
OriginalFilename: Uninstall Streamlabs OBS.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/QuasarRat.NEAH!MTB also known as:

LionicTrojan.Win32.Quasar.4!c
MicroWorld-eScanGen:Variant.Marsilia.27223
McAfeeArtemis!51689B947E89
Cylanceunsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0059f7c31 )
AlibabaTrojan:MSIL/Quasar.4a3b63f3
K7GWTrojan ( 0059f7c31 )
CyrenW64/MSIL_Kryptik.JGV.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik_AGen.AKH
APEXMalicious
KasperskyHEUR:Trojan.MSIL.Quasar.gen
BitDefenderGen:Variant.Marsilia.27223
AvastWin64:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.13b82bdb
EmsisoftGen:Variant.Marsilia.27223 (B)
F-SecureTrojan.TR/AD.Nekark.fcrpy
DrWebTrojan.DownLoaderNET.608
VIPREGen:Variant.Marsilia.27223
TrendMicroTROJ_GEN.R002C0DDP23
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.51689b947e898853
SophosTroj/DwnLd-AKV
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Marsilia.27223
AviraTR/AD.Nekark.fcrpy
ArcabitTrojan.Marsilia.D6A57
ZoneAlarmHEUR:Trojan.MSIL.Quasar.gen
MicrosoftTrojan:MSIL/QuasarRat.NEAH!MTB
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.TrojanX-gen.C5388503
ALYacGen:Variant.Marsilia.27223
MAXmalware (ai score=84)
MalwarebytesTrojan.Crypt.MSIL
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DDP23
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:WVnxKN6J+ZZT/CNKOCfmAg)
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.W32.MSIL.Quasar.gen_265937
FortinetMSIL/Kryptik.AKH!tr
AVGWin64:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/QuasarRat.NEAH!MTB?

Trojan:MSIL/QuasarRat.NEAH!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment