Trojan:MSIL/Remcos!MTB (file analysis)

The Trojan:MSIL/Remcos!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Remcos!MTB virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:MSIL/Remcos!MTB?


File Info:
name: F5C34502DC6BFA6A3422.mlw
path: /opt/CAPEv2/storage/binaries/e1eb708f47303b831f6eb0ddc846e21782e8f727dcb0088fcb997c3bf0d4dbd3
crc32: EEBB1EB6
md5: f5c34502dc6bfa6a3422017f506d333c
sha1: bcc954d5ce331788078014e4228d45708b241260
sha256: e1eb708f47303b831f6eb0ddc846e21782e8f727dcb0088fcb997c3bf0d4dbd3
sha512: 9389372ec49798b38876d5655ba51c23c5896e134c727181f1678ab922c7a668f61fe6f54dfc79356475b4061c96e2b5b24c9404892384145009183ff0d8f5a4
ssdeep: 24576:04444+yWQDTaaZdVbID9YNKIbTPO2MADn87SumJEVK87v4/yWjslSey4444:Dy5sAKiTPtn87jSLy4sY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12D2512FEBB68CE37D96D587DD412198282B72D51EA02DF9E7DE032EC6C773920102196
sha3_384: af57abd063906866fdb629c95fa4421209b1c90477357d92fafbf47b2ce8e7f15fbddadb8f7fc7a1367f5bbca46fb3dd
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-07 11:51:49

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Ziyi
FileVersion: 1.0.0.0
InternalName: uEuC.exe
LegalCopyright: Copyright ©  2011
LegalTrademarks: 
OriginalFilename: uEuC.exe
ProductName: Ziyi
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/Remcos!MTB also known as:

Lionic	Trojan.MSIL.Remcos.m!c
tehtris	Generic.Malware
DrWeb	Trojan.Inject4.42180
MicroWorld-eScan	Gen:Variant.Marsilia.10180
FireEye	Generic.mg.f5c34502dc6bfa6a
McAfee	RDN/Real Protect-LS
Cylance	unsafe
Zillya	Trojan.GenKryptik.Win32.153886
Sangfor	Backdoor.Msil.Remcos.Va8g
K7AntiVirus	Trojan ( 00599a371 )
Alibaba	Trojan:Win32/Kryptik.ali2000016
K7GW	Trojan ( 00599a371 )
Cybereason	malicious.5ce331
VirIT	Trojan.Win32.MSIL_Heur.B
Cyren	W32/MSIL_Kryptik.DWR.gen!Eldorado
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.FZTU
Avast	Win32:RATX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Backdoor.MSIL.Remcos.gen
BitDefender	Gen:Variant.Marsilia.10180
NANO-Antivirus	Trojan.Win32.Remcos.jsgzrt
Tencent	Malware.Win32.Gencirc.13b9f685
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1323752
VIPRE	Gen:Variant.Marsilia.10180
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Marsilia.10180 (B)
GData	Gen:Variant.Marsilia.10180
Jiangmin	Backdoor.MSIL.fxzc
Webroot	W32.Trojan.Remcos
Avira	HEUR/AGEN.1323752
Antiy-AVL	Trojan/MSIL.GenKryptik
Arcabit	Trojan.Marsilia.D27C4
ZoneAlarm	HEUR:Backdoor.MSIL.Remcos.gen
Microsoft	Trojan:MSIL/Remcos!MTB
Google	Detected
AhnLab-V3	Trojan/Win.RunPE.C5233183
VBA32	TScope.Trojan.MSIL
MAX	malware (ai score=100)
Malwarebytes	Trojan.MalPack.PNG.Generic
Panda	Trj/Chgt.AD
APEX	Malicious
Rising	Backdoor.Remcos!8.B89E (CLOUD)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.73696032.susgen
Fortinet	MSIL/GenKryptik.FZTU!tr
AVG	Win32:RATX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:MSIL/Remcos!MTB?

Trojan:MSIL/Remcos!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X