Trojan:MSIL/SpyNoon.RPX!MTB malicious file

The Trojan:MSIL/SpyNoon.RPX!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/SpyNoon.RPX!MTB virus can do?

Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine Trojan:MSIL/SpyNoon.RPX!MTB?


File Info:
name: CE3272E6988DA37A38E7.mlw
path: /opt/CAPEv2/storage/binaries/086687e90c29cc6decf60aea8947579470a9706850abddfa3335adce20b0a119
crc32: B7993D30
md5: ce3272e6988da37a38e72ed2d490f046
sha1: 3816e4c54a03b09a8f2c8583faaf9f318a007811
sha256: 086687e90c29cc6decf60aea8947579470a9706850abddfa3335adce20b0a119
sha512: 0346ef9fe930e6a6889f0a256f86c2e1b96539273afd796cd45d174ba6a2f62a3133e11860e33bd9c0faa232818c3e4d5befcf5087898229e082a96a82330d9f
ssdeep: 48:6bLMAHctgOeg92hdWXyYKrpzFlYj0NMw5LSb9pa2JsV0ZqT54tosl0cwFWpfbNtm:NA8T2hd9zzFl1dF2JsVIbySzNt
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T19891830593F84736E9778732ADB253005ABDF710AC57CB6C24C4A29BAD273544E32AB1
sha3_384: 58815e17827d34660289c417cebbf58f8a03f6ac38f75dbd6e1a63d56e76e9267577b3b9aa11b422428b6e2e6e29c99c
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2078-08-02 23:28:06

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Family
FileVersion: 1.0.0.0
InternalName: JohnPorkSociety.exe
LegalCopyright: Copyright ©  2024
LegalTrademarks: 
OriginalFilename: JohnPorkSociety.exe
ProductName: Family
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/SpyNoon.RPX!MTB also known as:

Bkav	W64.AIDetectMalware.CS
MicroWorld-eScan	Gen:Variant.Zusy.531851
Malwarebytes	Trojan.Downloader.MSIL
VirIT	Trojan.Win64.MSIL_Heur.A
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.QDO
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.MSIL.Agent.gen
BitDefender	Gen:Variant.Zusy.531851
Avast	Win64:MalwareX-gen [Trj]
Emsisoft	Gen:Variant.Zusy.531851 (B)
DrWeb	Trojan.DownLoad4.16138
VIPRE	Gen:Variant.Zusy.531851
Sophos	Troj/MSILAg-AD
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Zusy.531851
Varist	W64/KryptoCibule.A.gen!Eldorado
Arcabit	Trojan.Zusy.D81D8B
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Agent.gen
Microsoft	Trojan:MSIL/SpyNoon.RPX!MTB
Google	Detected
AhnLab-V3	Trojan/Win.SpyNoon.C5570414
ALYac	Gen:Variant.Zusy.531851
TACHYON	Trojan-Downloader/W64.Agent.4608
Ikarus	Trojan.MSIL.SpyNoon
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.88EA!tr
AVG	Win64:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Trojan:MSIL/SpyNoon.RPX!MTB?

Trojan:MSIL/SpyNoon.RPX!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X