Trojan

How to remove “Trojan:Win32/OffLoader!MTB”?

Malware Removal

The Trojan:Win32/OffLoader!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/OffLoader!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Trojan:Win32/OffLoader!MTB?



File Info:

name: A788A2CE4C3B8C6AF4BE.mlw
path: /opt/CAPEv2/storage/binaries/0d3ebb1b2f6d06d7445b9caa46f81b717bdc1c89e86def5b1a08ae70859c7ecc
crc32: 4ADE2E91
md5: a788a2ce4c3b8c6af4be0c531e6e34d6
sha1: 3f806efb80ff964157baefdeba2e9d03d9b93c93
sha256: 0d3ebb1b2f6d06d7445b9caa46f81b717bdc1c89e86def5b1a08ae70859c7ecc
sha512: 0d3db7207b4d27aab6591ca3209d7fb86c3d84194f94569ef246d0b9a6e617b0e72d8db5cf16a49008e1d6e40fcabb9d83c3d73c62527bc3f8a057178dff6a07
ssdeep: 24576:s7FUDowAyrTVE3U5F/JpqKn/yJKic6QL3E2vVsjECUAQT45deRV9R+:sBuZrEU35WKIy029s4C1eH9Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BD85CF3FF268A13EC4AE1B3245739210997BBA61B81A8C1E47FC344DCF765601E3B656
sha3_384: f994db68f2d1be675d6dddd048f3d5db645bcde3424d75b1c89191741a33cbe94e2ac25664a1341b8af7b6ce9347307b
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2023-02-15 14:54:16


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Bloons TD Battles 2 Trainer.exe Setup                       
FileVersion: 5.0.0.0             
LegalCopyright: Bloons TD Battles 2 Trainer.exe                                                                     
OriginalFileName:                                                   
ProductName: Bloons TD Battles 2 Trainer.exe                             
ProductVersion: 5.0                                               
Translation: 0x0000 0x04b0

Trojan:Win32/OffLoader!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.OffLoader.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.30446
SkyhighBehavesLike.Win32.Trojan.tc
McAfeeTrojan-FVPO!A788A2CE4C3B
MalwarebytesAdware.Bundler.Generic
VIPREGeneric.Adware.Campaignz.B.F7D9F924
SangforAdware.Win32.Offloader.Vtqw
K7AntiVirusTrojan-Downloader ( 005a40d51 )
BitDefenderGeneric.Adware.Campaignz.B.F7D9F924
K7GWTrojan-Downloader ( 005a40d51 )
SymantecPUA.Gen.2
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.GVR
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Downloader.Win32.OffLoader.gen
AlibabaTrojanDownloader:Win32/OffLoader.a1fbdf2f
MicroWorld-eScanGeneric.Adware.Campaignz.B.F7D9F924
SophosGeneric Reputation PUA (PUA)
F-SecureTrojan.TR/Dldr.Agent.tcoja
TrendMicroTROJ_GEN.R002C0DH623
FireEyeGeneric.Adware.Campaignz.B.F7D9F924
EmsisoftGeneric.Adware.Campaignz.B.F7D9F924 (B)
SentinelOneStatic AI – Suspicious PE
VaristW32/OffLoader.A.gen!Eldorado
AviraTR/Dldr.Agent.tcoja
MicrosoftTrojan:Win32/OffLoader!MTB
ArcabitGeneric.Adware.Campaignz.B.F7D9F924
ZoneAlarmHEUR:Trojan-Downloader.Win32.OffLoader.gen
GDataGeneric.Adware.Campaignz.B.F7D9F924
GoogleDetected
AhnLab-V3Malware/Win.Generic.C5464805
ALYacGeneric.Adware.Campaignz.B.F7D9F924
MAXmalware (ai score=81)
DeepInstinctMALICIOUS
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DH623
TencentWin32.Trojan-Downloader.Oader.Cdhl
IkarusPUA.INNO.Offer
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Agent
AVGFileRepMalware [Misc]
AvastFileRepMalware [Misc]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/OffLoader!MTB?

Trojan:Win32/OffLoader!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment