Trojan:Win32/WhisperGate.ES!MTB information

The Trojan:Win32/WhisperGate.ES!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/WhisperGate.ES!MTB virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan:Win32/WhisperGate.ES!MTB?


File Info:
name: B3F5F3FA29C404D62CEA.mlw
path: /opt/CAPEv2/storage/binaries/7d0e8645e7d805e7df349c2b93da73cb5efecd456c142257c5a1390d111d9dd3
crc32: AF133E53
md5: b3f5f3fa29c404d62ceaffd0c7be5958
sha1: 2257b9237e3e11c307aff801e0ce646f9777fe47
sha256: 7d0e8645e7d805e7df349c2b93da73cb5efecd456c142257c5a1390d111d9dd3
sha512: a601482aed4b60fe3b0428bb9563d98be908453954bd77f639763a68b997ebcef31cb70daba03de0634b064d8ae32a2eaf3047a744b63de234c30d426927cdbd
ssdeep: 768:xdvpEM3Yl3aSXlmQtakRcPP3lLuzZPKqEjeQJ+ABJCxGgO/2QgLR5:xd5YoKEQJ6PP3lLuBZEjR+ABJCIgO/2f
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1A0231A597E658CEBE651633E80EBC37B5B7CF5818B230B53B730BA305B137922494646
sha3_384: eb09f2ed8b5dcfb910f7f5bdde00e1e57b89094f9107e482c4087b91b6d5a31b9538009b1dde1878a81fe4abb591c389
ep_bytes: 83ec1cc7042401000000ff153c924000
timestamp: 2023-12-22 19:47:15

Version Info:
0: [No Data]

Trojan:Win32/WhisperGate.ES!MTB also known as:

Bkav	W32.Common.06458185
Lionic	Trojan.Win32.Dacic.4!c
Elastic	malicious (high confidence)
DrWeb	BACKDOOR.Trojan
MicroWorld-eScan	Generic.Dacic.1206.68E19D3A
FireEye	Generic.mg.b3f5f3fa29c404d6
Skyhigh	BehavesLike.Win32.Generic.pm
McAfee	Artemis!B3F5F3FA29C4
Malwarebytes	Trojan.Injector
Zillya	Trojan.AgentAGen.Win32.96149
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005b11261 )
Alibaba	Trojan:Win32/WhisperGate.6c9233a6
K7GW	Trojan ( 005b11261 )
Cybereason	malicious.a29c40
BitDefenderTheta	Gen:NN.ZexaF.36802.c0Y@aewk8pb
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Agent_AGen.CZP
TrendMicro-HouseCall	TROJ_GEN.R002C0DAK24
ClamAV	Win.Trojan.Generic-10017566-0
Kaspersky	HEUR:Trojan.Win32.Shellex.gen
BitDefender	Generic.Dacic.1206.68E19D3A
NANO-Antivirus	Trojan.Win32.AgentAGen.kimmzi
Avast	Win32:Evo-gen [Trj]
Tencent	Trojan.Win32.Agent.hel
Emsisoft	Generic.Dacic.1206.68E19D3A (B)
F-Secure	Trojan.TR/Agent_AGen.uisgd
VIPRE	Generic.Dacic.1206.68E19D3A
TrendMicro	TROJ_GEN.R002C0DAK24
Trapmine	suspicious.low.ml.score
Sophos	Troj/Inject-JGZ
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=86)
Jiangmin	Trojan.Generic.bjgvg
Webroot
Google	Detected
Avira	TR/Agent_AGen.uisgd
Varist	W32/Kryptik.LIO.gen!Eldorado
Antiy-AVL	Trojan/Win32.Shellex
Microsoft	Trojan:Win32/WhisperGate.ES!MTB
Arcabit	Generic.Dacic.1206.68E19D3A
ZoneAlarm	HEUR:Trojan.Win32.Shellex.gen
GData	Win32.Trojan.PSE.11FY7F6
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.TrojanX-gen.R629788
ALYac	Generic.Dacic.1206.68E19D3A
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Trojan.Agent!8.B1E (TFE:5:iPzPAgCSifU)
Ikarus	Trojan.Win32.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.CZK!tr
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:Win32/WhisperGate.ES!MTB?

Trojan:Win32/WhisperGate.ES!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X