Trojan:MSIL/WebShell.HNA!MTB information

The Trojan:MSIL/WebShell.HNA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/WebShell.HNA!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/WebShell.HNA!MTB?


File Info:
name: F9B6E4FD8C4CFE52D4F5.mlw
path: /opt/CAPEv2/storage/binaries/084ecaf81fd8494cfc5f1cf6bc7c5f11a74f45acbd281512110bce6d44120646
crc32: 6D57E195
md5: f9b6e4fd8c4cfe52d4f571487f2fa863
sha1: c7d34d12545cd66e6b70f47162876bca3fd8adc9
sha256: 084ecaf81fd8494cfc5f1cf6bc7c5f11a74f45acbd281512110bce6d44120646
sha512: 134cb6bcbc239a302353f10daf146c7b03ac5d47fac78bfc04c24aeff3e49d563654c10ead53551251eb51a7b980b83937b078e28bcc329d8d79e73654027fe4
ssdeep: 384:+sQ8Q/BGtL58KXjI/LLXOgXWeZzDeINEx7Yxe2oyYFTTleR94yElxWZ:5BnE/L7OHeZnEYkyYF6xH
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1460394126AD04127C1B785B95631A759FEA7A107E73ADA0834FC268B9FF3E108C137A5
sha3_384: 08e05a2c37e1222a79531ef7c78016329e6c9e57ef031eb11939ef5bdb9b6045a0361c35f482b2785f0586bb4720b1d2
ep_bytes: ff250020001000000000000000000000
timestamp: 2024-04-20 20:46:23

Version Info:
0: [No Data]

Trojan:MSIL/WebShell.HNA!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILHeracles.133487
FireEye	Gen:Variant.MSILHeracles.133487
ALYac	Gen:Variant.MSILHeracles.133487
VIPRE	Gen:Variant.MSILHeracles.133487
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Agent.EJA
TrendMicro-HouseCall	TROJ_GEN.R011C0DDM24
Avast	Win32:BackdoorX-gen [Trj]
ClamAV	Win.Packed.Webshell-10013238-0
Kaspersky	HEUR:Backdoor.MSIL.WebShell.gen
BitDefender	Gen:Variant.MSILHeracles.133487
Emsisoft	Gen:Variant.MSILHeracles.133487 (B)
F-Secure	Trojan.TR/Agent.cxpqd
DrWeb	BackDoor.WebshellNET.7
Zillya	Trojan.Agent.Win32.3891575
TrendMicro	TROJ_GEN.R011C0DDM24
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.MSILHeracles.133487
Google	Detected
Avira	TR/Agent.cxpqd
Antiy-AVL	Trojan[Backdoor]/MSIL.WebShell
Arcabit	Trojan.MSILHeracles.D2096F
ZoneAlarm	HEUR:Backdoor.MSIL.WebShell.gen
Microsoft	Trojan:MSIL/WebShell.HNA!MTB
AhnLab-V3	Trojan/Win.Backdoor.C5572694
MAX	malware (ai score=82)
Panda	Trj/GdSda.A
Ikarus	Trojan.MSIL.Agent
Fortinet	MSIL/Agent.EJA!tr
AVG	Win32:BackdoorX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/WebShell.HNA!MTB?

Trojan:MSIL/WebShell.HNA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X