What is “VirTool:MSIL/Dropgent!MTB”?

The VirTool:MSIL/Dropgent!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What VirTool:MSIL/Dropgent!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine VirTool:MSIL/Dropgent!MTB?


File Info:
name: A4405DCF70776C43B4D7.mlw
path: /opt/CAPEv2/storage/binaries/d40ade27f93e1aea2fea0278b58d37806450d711516817b418011589a6367c0d
crc32: 68348377
md5: a4405dcf70776c43b4d772dadbe27420
sha1: 94be93c3fbbe6ba3181dafebffe3d6bdccaedca2
sha256: d40ade27f93e1aea2fea0278b58d37806450d711516817b418011589a6367c0d
sha512: 21a7718e7b7f742ccb8ce8717227952da8dbc0b486c89749180f03f5090dda8474ecdbd733db36d55f10fcab39ce3c6f92951582a9d23bbe5e94d9d0a9223d2f
ssdeep: 192:lOcZcUkyw/HQz6Q37bol0TjcaYae6KeWrBmWk:lOHUkT/u6Q37bu8QaYa2eWrBmW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11922EA1267D4573AEA724B374C6792405736B712EC3ADB2F18C8181FADA33510EE3B65
sha3_384: f7bca4f76e3907b4f46e5c86d27d1abd2d3e41d5d851370067516535e7425546ec148f7e48112d31d3607a7fdb7556cb
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-12-16 04:05:21

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual Studio 2017
FileVersion: 15.9.28307.905 built by: D15.9
InternalName: devenv.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: devenv.exe
ProductName: Microsoft® Visual Studio®
ProductVersion: 15.9.28307.905
Translation: 0x0409 0x04b0

VirTool:MSIL/Dropgent!MTB also known as:

Lionic	Trojan.Win32.Ursu.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ursu.731674
FireEye	Gen:Variant.Ursu.731674
McAfee	Dropper-FXG!A4405DCF7077
VIPRE	Gen:Variant.Ursu.731674
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0055d7901 )
Alibaba	VirTool:MSIL/Dropgent.acddfc86
K7GW	Trojan ( 0055d7901 )
Cybereason	malicious.f70776
BitDefenderTheta	Gen:NN.ZemsilF.36250.am0@amJaEaci
Cyren	W32/MSIL_Kryptik.HT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDropper.Agent.EMD
APEX	Malicious
BitDefender	Gen:Variant.Ursu.731674
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Agen.Uimw
Emsisoft	Gen:Variant.Ursu.731674 (B)
F-Secure	Heuristic.HEUR/AGEN.1323670
TrendMicro	TROJ_GEN.R002C0DF823
McAfee-GW-Edition	Dropper-FXG!A4405DCF7077
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Injector
GData	Gen:Variant.Ursu.731674
Google	Detected
Avira	HEUR/AGEN.1323670
Antiy-AVL	HackTool[VirTool]/MSIL.Dropgent
Arcabit	Trojan.Ursu.DB2A1A
Microsoft	VirTool:MSIL/Dropgent!MTB
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ursu.731674
MAX	malware (ai score=85)
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DF823
Rising	Trojan.Starter!1.C2A9 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.EMD!tr.dldr
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove VirTool:MSIL/Dropgent!MTB?

VirTool:MSIL/Dropgent!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X