Backdoor.ArrowRAT.MSIL removal tips

The Backdoor.ArrowRAT.MSIL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.ArrowRAT.MSIL virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Mimics icon used for popular non-executable file format

How to determine Backdoor.ArrowRAT.MSIL?


File Info:
name: 845C9FC84813A1FE9390.mlw
path: /opt/CAPEv2/storage/binaries/cc2587c523d7b02c15f53dc1e13eb0bd6458d52e5179f4e5a369734bbf5e1e14
crc32: 8732B1DE
md5: 845c9fc84813a1fe93908ac3c4ef6f46
sha1: d49267ccff3afd35b0d5d9c7181db79c785bef8b
sha256: cc2587c523d7b02c15f53dc1e13eb0bd6458d52e5179f4e5a369734bbf5e1e14
sha512: d30fd83d78e595087728c5f0dbceebffda1b3273c5f0c984a8f7b3be7a0814e70559f9ba4aa23bcf2f945720d26f54fe2f8ebc0ff6e795ed907a1cd11b91bd8f
ssdeep: 12288:uRfOFqeWcoc+XU1FgNgyd0GztgJQ4PRtcfdJ1W302E12:ulOFXKIGOJQ4LEhWNB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13CF4CF2377986F97C67EB2768164AA0023F2F5C72211CA5E7DF402C865F3F825F2561A
sha3_384: e8e09d3a2876c66a333d7f4ad7688cc0b6533cf2e2709bfdc707742d363220ffbe47120f63a09844c12447fa9a375933
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-06-06 04:42:04

Version Info:
Translation: 0x0000 0x04b0
Comments:  
CompanyName:  
FileDescription:  
FileVersion: 1.0.1508.40811
InternalName: listen.exe
LegalCopyright:  
LegalTrademarks:  
OriginalFilename: listen.exe
ProductName:  
ProductVersion: 1.0.1508.40811
Assembly Version: 1.0.1508.40811

Backdoor.ArrowRAT.MSIL also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.135694
Sangfor	Suspicious.Win32.Save.a
BitDefender	Gen:Variant.Tedy.135694
Cybereason	malicious.cff3af
BitDefenderTheta	Gen:NN.ZemsilF.34712.Tm0@auHwm9p
Cyren	W32/MSIL_Kryptik.HEU.gen!Eldorado
ESET-NOD32	a variant of MSIL/Kryptik.AFII
TrendMicro-HouseCall	TROJ_GEN.R06CH0CF622
Paloalto	generic.ml
Kaspersky	UDS:Trojan-Spy.Win32.Noon.bcve
Rising	Trojan.Generic/MSIL@AI.93 (RDM.MSIL:EcIxpiW/wyglbiHzMJvLSg)
Ad-Aware	Gen:Variant.Tedy.135694
McAfee-GW-Edition	BehavesLike.Win32.Fareit.bh
FireEye	Generic.mg.845c9fc84813a1fe
Ikarus	Trojan.MSIL.Crypt
GData	Gen:Variant.Tedy.135694
Avira	HEUR/AGEN.1221841
MAX	malware (ai score=83)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!845C9FC84813
Malwarebytes	Backdoor.ArrowRAT.MSIL
APEX	Malicious
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
AVG	Win32:SpywareX-gen [Trj]
Avast	Win32:SpywareX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Backdoor.ArrowRAT.MSIL?

Backdoor.ArrowRAT.MSIL removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X