About “Trojan:Win32/Downloader.RPE!MTB” infection

The Trojan:Win32/Downloader.RPE!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Downloader.RPE!MTB virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Trojan:Win32/Downloader.RPE!MTB?


File Info:
name: 0A4F7EB7C6804E457C03.mlw
path: /opt/CAPEv2/storage/binaries/04938d0c13e972cb89202c9ff012f43ec07742db2440b8b205bba0bfa2b427ba
crc32: AEE03F43
md5: 0a4f7eb7c6804e457c03fcd85898982c
sha1: 811a37bf91dc743ffad361c7c0f8f986925b339c
sha256: 04938d0c13e972cb89202c9ff012f43ec07742db2440b8b205bba0bfa2b427ba
sha512: b5e9376fb3da13e99ac619f86e8582487a3f3e4a5592b40f3bb8be6f722787c9a07f3a9a18fa412686cc0b2b901bbbc1f84741a863e4fdeeddf0635467ab52ac
ssdeep: 49152:IXnK017+DkGffGDoKKnsdllnK84ZvcyJZRCjh3liv8VOKYBA7Nm59pK:oK017+nsdllnK84ZvcymYBA7N698
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DBE5E84EFAC450E1C9B784B918B31A4769B0DCEE0B0153C87DBD9056277DA69ECCD8B8
sha3_384: 3c8bfec4faff0cb68c3fb8af6647aac9ec1ad2c0d63c407f89235f946430827f45b71e2d7738196e231af9fafe90aece
ep_bytes: ff2500204000280029007b007d005b00
timestamp: 2020-01-30 01:29:13

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Skisploit
FileVersion: 2.0.2.0
InternalName: Skisploit.exe
LegalCopyright: Copyright ©  2018
LegalTrademarks: 
OriginalFilename: Skisploit.exe
ProductName: Skisploit
ProductVersion: 2.0.2.0
Assembly Version: 2.0.2.0

Trojan:Win32/Downloader.RPE!MTB also known as:

Lionic	Trojan.Win32.Perseus.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34020689
FireEye	Generic.mg.0a4f7eb7c6804e45
McAfee	Artemis!0A4F7EB7C680
Cylance	Unsafe
Zillya	Trojan.DllInject.Win32.3177
Sangfor	Trojan.Win32.Occamy.C04
K7AntiVirus	Unwanted-Program ( 00518a641 )
K7GW	Unwanted-Program ( 00518a641 )
Cybereason	malicious.7c6804
BitDefenderTheta	Gen:NN.ZemsilF.34114.!o0@auW7q4p
ESET-NOD32	a variant of MSIL/DllInject.WV potentially unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0DA922
BitDefender	Trojan.GenericKD.34020689
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.34020689
Emsisoft	Trojan.GenericKD.34020689 (B)
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DA922
McAfee-GW-Edition	Artemis!Trojan
Sophos	Generic PUA IB (PUA)
Ikarus	PUA.MSIL.Dllinject
GData	Trojan.GenericKD.34020689
Webroot	W32.Malware.Gen
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Win32.Occamy
Gridinsoft	Ransom.Win32.Occamy.oa!s1
Arcabit	Trojan.Generic.D2071D51
ViRobot	Trojan.Win32.Z.Dllinject.3121664
APEX	Malicious
Microsoft	Trojan:Win32/Downloader.RPE!MTB
ALYac	Trojan.GenericKD.34020689
Malwarebytes	Malware.AI.3334984174
Yandex	Riskware.Agent!mzbotwRFXKU
SentinelOne	Static AI – Suspicious PE
AVG	Win32:Malware-gen
MaxSecure	Trojan.Malware.74415778.susgen

How to remove Trojan:Win32/Downloader.RPE!MTB?

Trojan:Win32/Downloader.RPE!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X