VirTool:MSIL/Meagre.A!MTB malicious file

The VirTool:MSIL/Meagre.A!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What VirTool:MSIL/Meagre.A!MTB virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine VirTool:MSIL/Meagre.A!MTB?


File Info:
name: 135E61A1C495B77A4723.mlw
path: /opt/CAPEv2/storage/binaries/c90b85714d0e0a18a9365c237fc29176654907deca3192b39fee799544d3dacd
crc32: E1AB69B7
md5: 135e61a1c495b77a4723ba18a07f6489
sha1: 6186a272255936926d801ac357f4e1ca06c9fe46
sha256: c90b85714d0e0a18a9365c237fc29176654907deca3192b39fee799544d3dacd
sha512: e62e612788ca19297fa9a2df0867a71a4a41ab517a55793ccb14601598c0f972144710498078fc163dad0d55d6b99399a634c5c9138c112fd626bbd3e1f37edd
ssdeep: 6144:OcLoYrGOsuYzDt5mCZ/X0+IOpBkPmYymVWGhP4ChW0oe1yda5MjJCrpWWeEYW5A:Oyo6JTKM0X06BkPmzmVWmP6UcKmee
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15694BE7AABE52FEBF43E0B720051260463F0D2820602E75B3DD842E45E967DD6B6F197
sha3_384: 7db2272dded60a8857d08e1b953550127fb8c2f2f83954a6bbdb59f52dac2c320c685fb7eed6cc05809a8a1eac515435
ep_bytes: ff250020400000000000000000000000
timestamp: 2006-04-30 00:36:08

Version Info:
Translation: 0x0000 0x04b0
Comments: IJ747DA6J<5;:CGF
CompanyName: =52G<:CGI9229HA65
FileDescription: =IEB5>2;E2I4@A?:?
FileVersion: 2.4.5.6
InternalName: bucrem.exe
LegalCopyright: Copyright © 1996 =52G<:CGI9229HA65
OriginalFilename: bucrem.exe
ProductName: =IEB5>2;E2I4@A?:?
ProductVersion: 2.4.5.6
Assembly Version: 1.0.0.0

VirTool:MSIL/Meagre.A!MTB also known as:

MicroWorld-eScan	Gen:Variant.MSILHeracles.99020
FireEye	Generic.mg.135e61a1c495b77a
ALYac	Gen:Variant.MSILHeracles.99020
Malwarebytes	Malware.AI.4079529339
VIPRE	Gen:Variant.MSILHeracles.99020
K7AntiVirus	Trojan ( 005a96251 )
K7GW	Trojan ( 005a96251 )
Cybereason	malicious.225593
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/MSIL_Kryptik.DSR.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AJIG
APEX	Malicious
Kaspersky	not-a-virus:HEUR:AdWare.Win32.Generic
BitDefender	Gen:Variant.MSILHeracles.99020
Avast	Win32:RansomX-gen [Ransom]
Tencent	Win32.AdWare.Generic.Dzlw
Emsisoft	Gen:Variant.MSILHeracles.99020 (B)
F-Secure	Trojan.TR/AD.Nekark.vmrqz
McAfee-GW-Edition	BehavesLike.Win32.Generic.gh
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
GData	Win32.Trojan-Ransom.Filecoder.6CQ0OD@gen
Google	Detected
Avira	TR/AD.Nekark.vmrqz
Arcabit	Trojan.MSILHeracles.D182CC
ZoneAlarm	not-a-virus:HEUR:AdWare.Win32.Generic
Microsoft	VirTool:MSIL/Meagre.A!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Leonem.C5463892
McAfee	Artemis!135E61A1C495
MAX	malware (ai score=88)
Panda	Trj/GdSda.A
Rising	Malware.Obfus/MSIL@AI.94 (RDM.MSIL2:FJ2b9ZoaL3RLjY+l0on6Uw)
Ikarus	Trojan.Inject
Fortinet	MSIL/Kryptik.AJIG!tr
BitDefenderTheta	Gen:NN.ZemsilF.36348.Bm0@aqVgC8d
AVG	Win32:RansomX-gen [Ransom]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove VirTool:MSIL/Meagre.A!MTB?

VirTool:MSIL/Meagre.A!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X