Trojan

Trojan:MSIL/RevengeRat.RVT!MTB removal

Malware Removal

The Trojan:MSIL/RevengeRat.RVT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/RevengeRat.RVT!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • CAPE detected the RevengeRAT malware family

How to determine Trojan:MSIL/RevengeRat.RVT!MTB?



File Info:

name: 49F557CA9A1D3F3691E1.mlw
path: /opt/CAPEv2/storage/binaries/303b8795b691cde534bc2f9d0840906f06dafb8b060bffeace29b317e1f18c6e
crc32: 3EAEA4FF
md5: 49f557ca9a1d3f3691e15ec44178ac7a
sha1: d0d967dde3482000f18f2b1b47671f2195cdf72b
sha256: 303b8795b691cde534bc2f9d0840906f06dafb8b060bffeace29b317e1f18c6e
sha512: beeeddc24320b711536088366f1539f3c078c31f02f2feabdf4873a0fb071b5d74dac03c4b982b116512af4e44bdfa425ef17c2b9d8f028154397a21c3cad0dd
ssdeep: 1536:KYqZFu3mfS8VATqOuSg2aOEK47zR80yk9whdS4MOH6Fae8qERNtfuQX3i3nMyIeK:KYgVAuE+W4B/114MPce8bV/ihIe/e7r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BCD34A05B78B8722C86C487508E7A15003B2AFDBAB3396573E8D725E57333935A587CD
sha3_384: 9852cb6af81795020ec1f59718fbd1b04a79addb68802949d30c4d28c00e51c88bba8279240b4d2693e3f14e8d69985f
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-11-21 03:59:00


Version Info:

CompanyName: Eziriz                                                      
FileDescription: .NET Reactor Setup                                          
FileVersion: 6.9.0.0             
InternalName: dotnet_reactor_setup_6_9_0_0.exe
LegalCopyright: Copyright © Eziriz                                                                                  
OriginalFilename: dotnet_reactor_setup_6_9_0_0.exe
LegalTrademarks: 
ProductName: .NET Reactor                                                
ProductVersion: 6.9.0.0                                           
Translation: 0x0409 0x04b0

Trojan:MSIL/RevengeRat.RVT!MTB also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Skeeyah.4!c
Elasticmalicious (high confidence)
DrWebBackDoor.SpyBotNET.20
MicroWorld-eScanGen:Variant.MSILHeracles.49692
ALYacGen:Variant.MSILHeracles.49692
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005121fb1 )
K7AntiVirusTrojan ( 005121fb1 )
BitDefenderThetaGen:NN.ZemsilF.34796.iq0@aKqVZLii
CyrenW32/MSIL_Kryptik.AXY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.AZM
APEXMalicious
ClamAVWin.Dropper.LimeRAT-9776087-0
KasperskyHEUR:Trojan.MSIL.Skeeyah.gen
BitDefenderGen:Variant.MSILHeracles.49692
AvastWin32:RATX-gen [Trj]
TencentMsil.Trojan.Skeeyah.Ychl
Ad-AwareGen:Variant.MSILHeracles.49692
EmsisoftGen:Variant.MSILHeracles.49692 (B)
VIPREGen:Variant.MSILHeracles.49692
TrendMicroTROJ_GEN.R002C0DKL22
McAfee-GW-EditionArtemis!Trojan
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.49f557ca9a1d3f36
SophosML/PE-A
IkarusTrojan.MSIL.Injector
GoogleDetected
AviraTR/Dropper.Gen
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:MSIL/RevengeRat.RVT!MTB
GridinsoftRansom.Win32.Skeeyah.sa
ArcabitTrojan.MSILHeracles.DC21C
ZoneAlarmHEUR:Trojan.MSIL.Skeeyah.gen
GDataGen:Variant.MSILHeracles.49692
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Revenge.R353957
Acronissuspicious
McAfeeArtemis!49F557CA9A1D
MAXmalware (ai score=88)
VBA32Trojan.MSIL.DiscoStealer.Heur
MalwarebytesTrojan.Crypt.MSIL
TrendMicro-HouseCallTROJ_GEN.R002C0DKL22
RisingTrojan.Generic@AI.99 (RDML:/DMGkh0Okvcj8qIDBTemQA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.AZM!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.de3482
PandaTrj/GdSda.A

How to remove Trojan:MSIL/RevengeRat.RVT!MTB?

Trojan:MSIL/RevengeRat.RVT!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment