Threat Database Trojans Trojan.Agent.MPSO

Trojan.Agent.MPSO

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 27,336
Threat Level: 80 % (High)
Infected Computers: 1
First Seen: June 13, 2026
Last Seen: June 22, 2026
OS(es) Affected: Windows

Security researchers have identified a threat detected as Trojan.Agent.MPSO. This detection flag is applied to a suspicious Windows PE executable that lacks a valid digital signature. Because the file is unsigned and operates as a standard executable, it falls outside the boundaries of trusted, verified software. Users are strongly advised to treat this detection seriously and take appropriate steps to identify and remove the associated files from their systems.

What Is Trojan.Agent.MPSO?

Trojan.Agent.MPSO is a detection name used for a Windows PE executable that exhibits behavior or characteristics consistent with trojan activity. A Windows PE (Portable Executable) file is a standard format for executables, DLLs, and other core components in the Windows operating system. In the context of this threat, the file is not accompanied by a digital signature. A digital signature is typically used by legitimate software developers to verify the publisher and ensure that the file has not been tampered with since its creation. The absence of a signature means the file cannot be cryptographically tied to a known, trusted developer, which is a common trait among unauthorized or malicious software.

How Trojan.Agent.MPSO Operates

As a Windows PE executable, Trojan.Agent.MPSO relies on being executed directly by the user or through another process on the system. Once launched, trojans of this classification generally attempt to perform unauthorized actions beneath the visible desktop environment. Because the file is unsigned, the operating system's native security mechanisms cannot verify its origin, allowing it to operate under the guise of a standard application.

Typical operational patterns for executables flagged under this detection include establishing persistence mechanisms to survive system reboots, modifying system configurations, or attempting to communicate with remote servers. Without a verified publisher, the executable operates with whatever privileges are granted to the user who launched it, potentially allowing it to alter system settings, interact with other processes, or facilitate the deployment of additional unauthorized payloads.

Symptoms of Infection

Identifying a Trojan.Agent.MPSO infection can be challenging because trojans are designed to operate quietly. However, users may notice several general indicators of compromise:

  • Unexpected system slowdowns or high resource usage when no visible applications are running.
  • Unrecognized processes appearing in the system task manager.
  • Unprompted modifications to system settings or the creation of new startup entries.
  • Unusual network activity or unexpected requests for network permissions.
  • Security software generating alerts regarding an unsigned executable attempting to run or make changes to the system.

How to Remove Trojan.Agent.MPSO

To effectively remove Trojan.Agent.MPSO from an affected system, users should follow a structured removal process to ensure all associated components are eliminated:

  1. Boot the computer into Safe Mode with Networking to limit the trojan's ability to execute and interfere with the removal process.
  2. Run a full system scan with a reputable anti-malware tool such as SpyHunter to detect and quarantine the unsigned executable and any related threats.
  3. Uninstall any suspicious or unrecognized programs from the system's control panel, particularly any software that may have been installed around the same time the detection occurred.
  4. Reset the Chrome, Firefox, and Edge browsers to default settings to clear any unauthorized extensions, search providers, or startup pages that the trojan may have introduced.
  5. Reboot the system normally and run a second scan with the anti-malware tool to confirm that the threat has been completely removed and no traces remain.

Conclusion

The detection of Trojan.Agent.MPSO serves as a reminder of the risks associated with executing unsigned Windows PE files. Because this threat lacks a valid digital signature, its origin and intent cannot be verified, making it a potential risk to system integrity and user privacy. By understanding how this executable operates and following a thorough removal process, users can effectively mitigate the threat. Maintaining a proactive security posture, including the use of reputable anti-malware tools and scrutinizing unsigned executables, remains essential for keeping systems secure.

Analysis Report

General information

Family Name: Trojan.Agent.MPSO
Signature status: No Signature

Known Samples

MD5: bc3a4c8f13b0c170f1adc72c30ece0df
SHA1: 84be87f8d82a95af36d19e0358102346a8dcd180
SHA256: 561E2EFEDE32AE7D5D31249373ACAB0CBDF83E5CA15CBF5989D1C09C80110DF2
File Size: 868.35 KB, 868352 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • dll
  • HighEntropy
  • x64

Block Information

Total Blocks: 516
Potentially Malicious Blocks: 10
Whitelisted Blocks: 506
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 x x x 0 x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 x 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.MPSO

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 �mtX �v �Z����(�*J1�1HO@V�G�IH[uH�p_�zb"hk�ql(�q�X{b��P����������m�����$�8წ���&M�=�SB1_T�Vw���%�������AE��D��&��$���L RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
Show More
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...