Should I remove “Trojan:MSIL/QuasarRat.NEAH!MTB”?

The Trojan:MSIL/QuasarRat.NEAH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/QuasarRat.NEAH!MTB virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous .NET characteristics
Anomalous binary characteristics

How to determine Trojan:MSIL/QuasarRat.NEAH!MTB?


File Info:
name: 51689B947E89885330D6.mlw
path: /opt/CAPEv2/storage/binaries/6761a89eaf9a2308c3d9027760285dd95febd97cad07fe743c34702fa8e0c4a1
crc32: 9BF6252C
md5: 51689b947e89885330d6137e519e11b0
sha1: 07bb948086d6e6a0f0e3f47b21d76cf43fd89323
sha256: 6761a89eaf9a2308c3d9027760285dd95febd97cad07fe743c34702fa8e0c4a1
sha512: 9e92c58dc8b202f4330a0dfd575d3fa52545cef2040ccfe1b0f2e25c5a4e5fb51fca136d0fddbf860ebbe80cac9b3627473159c3cda6319fa2e4e18c8da370d4
ssdeep: 6144:+q3Xy8+BLhxtGSCB+6iv99I9pMavQIBOuRclPpvjoaZt81wWHIXbveC9J:+EsBbtHCB+6qsuaVB1KlPJPt7Te0
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1EBD4EA4F12DFAF83D3C4246075B641CE72D096C4C52936BBE4A66D460F8DDEC896A83B
sha3_384: 3ed84f1e80f0c3f4015a07f75b8c8369020fec8c557f41456bc809cb922206f3226bfbc03513590da659a3aeb0b61e35
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2023-04-22 19:05:21

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Uninstall Streamlabs OBS.exe
LegalCopyright:  
OriginalFilename: Uninstall Streamlabs OBS.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/QuasarRat.NEAH!MTB also known as:

Lionic	Trojan.Win32.Quasar.4!c
MicroWorld-eScan	Gen:Variant.Marsilia.27223
McAfee	Artemis!51689B947E89
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0059f7c31 )
Alibaba	Trojan:MSIL/Quasar.4a3b63f3
K7GW	Trojan ( 0059f7c31 )
Cyren	W64/MSIL_Kryptik.JGV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik_AGen.AKH
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Quasar.gen
BitDefender	Gen:Variant.Marsilia.27223
Avast	Win64:TrojanX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13b82bdb
Emsisoft	Gen:Variant.Marsilia.27223 (B)
F-Secure	Trojan.TR/AD.Nekark.fcrpy
DrWeb	Trojan.DownLoaderNET.608
VIPRE	Gen:Variant.Marsilia.27223
TrendMicro	TROJ_GEN.R002C0DDP23
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.51689b947e898853
Sophos	Troj/DwnLd-AKV
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Marsilia.27223
Avira	TR/AD.Nekark.fcrpy
Arcabit	Trojan.Marsilia.D6A57
ZoneAlarm	HEUR:Trojan.MSIL.Quasar.gen
Microsoft	Trojan:MSIL/QuasarRat.NEAH!MTB
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.TrojanX-gen.C5388503
ALYac	Gen:Variant.Marsilia.27223
MAX	malware (ai score=84)
Malwarebytes	Trojan.Crypt.MSIL
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DDP23
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:WVnxKN6J+ZZT/CNKOCfmAg)
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.W32.MSIL.Quasar.gen_265937
Fortinet	MSIL/Kryptik.AKH!tr
AVG	Win64:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:MSIL/QuasarRat.NEAH!MTB?

Trojan:MSIL/QuasarRat.NEAH!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X