Trojan

Trojan:Win32/OffLoader.ASV!MTB removal instruction

Malware Removal

The Trojan:Win32/OffLoader.ASV!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/OffLoader.ASV!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Trojan:Win32/OffLoader.ASV!MTB?



File Info:

name: D819311AE7F0DBFCEDF2.mlw
path: /opt/CAPEv2/storage/binaries/1da427a46c35c46243dee1222ffba121e09bd8e219eebfc0f044e9f2104a3aad
crc32: D699FAA0
md5: d819311ae7f0dbfcedf2120de96022a3
sha1: a64c7ea2c89e0faeec608c04cca6356c30e629b0
sha256: 1da427a46c35c46243dee1222ffba121e09bd8e219eebfc0f044e9f2104a3aad
sha512: 2e254569feed7cfebcef51794ebd2c53926218e33f73fcb7ea8f7181372cc3ad6086885c396849dfacf92613dfd64ebe5cb92ca942e53ece33b777b4773a7a06
ssdeep: 24576:s7FUDowAyrTVE3U5F/FpqKnp4Kic6QL3E2vVsjECUAQT45deRV9RR:sBuZrEUj5p4KIy029s4C1eH9H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B085CF3FF268A13EC5AA1B3245739320997BBA51B81A8C1E07FC344DCF765601E3B656
sha3_384: 1b2713522050e2c8b6504b41079394572d75077d15d4aa077271652bc55bbab123045bbe2cc0b8b89da49fce55cb802d
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2023-02-15 14:54:16


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: besplatnyy-klyuch-dlya-keyran.exe Setup                     
FileVersion: 5.0.0.0             
LegalCopyright: besplatnyy-klyuch-dlya-keyran.exe                                                                   
OriginalFileName:                                                   
ProductName: besplatnyy-klyuch-dlya-keyran.exe                           
ProductVersion: 5.0                                               
Translation: 0x0000 0x04b0

Trojan:Win32/OffLoader.ASV!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Campaignz.a!c
DrWebTrojan.PWS.Stealer.30446
MicroWorld-eScanGeneric.Adware.Campaignz.B.5007B778
FireEyeGeneric.Adware.Campaignz.B.5007B778
SkyhighBehavesLike.Win32.Trojan.tc
McAfeeTrojan-FVPO!D819311AE7F0
MalwarebytesGeneric.Malware/Suspicious
SangforAdware.Win32.Offloader.Vb1x
K7AntiVirusTrojan-Downloader ( 005a40d51 )
AlibabaTrojanDownloader:Win32/OffLoader.3a74d1c1
K7GWTrojan-Downloader ( 005a40d51 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecPUA.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.GVR
APEXMalicious
KasperskyHEUR:Trojan-Downloader.Win32.OffLoader.gen
BitDefenderGeneric.Adware.Campaignz.B.5007B778
AvastFileRepMalware [Misc]
TencentWin32.Trojan-Downloader.Oader.Ymhl
EmsisoftGeneric.Adware.Campaignz.B.5007B778 (B)
GoogleDetected
F-SecureTrojan.TR/Dldr.Agent.pszvj
VIPREGeneric.Adware.Campaignz.B.5007B778
TrendMicroTROJ_GEN.R002C0DB424
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataGeneric.Adware.Campaignz.B.5007B778
VaristW32/OffLoader.A.gen!Eldorado
AviraTR/Dldr.Agent.pszvj
MAXmalware (ai score=83)
ArcabitGeneric.Adware.Campaignz.B.5007B778
ViRobotTrojan.Win.Z.Offloader.1766828
ZoneAlarmHEUR:Trojan-Downloader.Win32.OffLoader.gen
MicrosoftTrojan:Win32/OffLoader.ASV!MTB
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Campaignz.C5471485
ALYacGeneric.Adware.Campaignz.B.5007B778
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DB424
RisingDownloader.Agent/IFPS!1.EB30 (CLASSIC)
IkarusPUA.INNO.Offer
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Agent
AVGFileRepMalware [Misc]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/OffLoader.ASV!MTB?

Trojan:Win32/OffLoader.ASV!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment