Backdoor.BoratRAT removal instruction

The Backdoor.BoratRAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.BoratRAT virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine Backdoor.BoratRAT?


File Info:
name: 62BB54A78B24FA77DD2D.mlw
path: /opt/CAPEv2/storage/binaries/762768ab4b4552e0e29ccaf19f1105215c6b2a074791181f52e7280ec0ce6226
crc32: 9ED4E66D
md5: 62bb54a78b24fa77dd2d01eb39a04af0
sha1: da7a4bd4c02b1e84e803f07bf96fb3f2843cf8fe
sha256: 762768ab4b4552e0e29ccaf19f1105215c6b2a074791181f52e7280ec0ce6226
sha512: 5e45adaa3191b0bc09cc62a287410ec6c29cb517f9fecdeea4e92bc7f896671352b3eb54affc0afca103d8d46f2fd61569b87663bd25af12fa39969557def689
ssdeep: 768:kdiv4Kbwg2V+YV53fADYI1WQZWnqLMh0AoE7pwaambG4lROu07hXIMT:k+bwswqLzECafbX3H07pIMT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C433A043BA8859BD3EC5AB9A8F2535582B3F3632602E79E1CC451F60A177D74912EF3
sha3_384: ef129ab9b904ca02dc9e75ef371309b0d5ea25a9372bb35333c362c2e9b43538082e83c093f38b8556ed0b28c0fbe8e3
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-03-12 10:07:40

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.7.0
InternalName: Client.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Client.exe
ProductName: 
ProductVersion: 1.0.7.0
Assembly Version: 1.0.7.0

Backdoor.BoratRAT also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.16844
CAT-QuickHeal	Backdoor.MsilFC.S27416918
ALYac	IL:Trojan.MSILZilla.16844
Malwarebytes	Backdoor.BoratRAT
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
BitDefenderTheta	Gen:NN.ZemsilF.34712.dm0@aiXrTof
Cyren	W32/Agent.IZGU-1384
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Agent.CTE
ClamAV	Win.Malware.Msilzilla-9949767-0
Kaspersky	HEUR:Backdoor.MSIL.AsyncRat.gen
BitDefender	IL:Trojan.MSILZilla.16844
Avast	Win32:BackdoorX-gen [Trj]
Ad-Aware	IL:Trojan.MSILZilla.16844
TACHYON	Backdoor/W32.DN-AsyncRat.57344
Emsisoft	IL:Trojan.MSILZilla.16844 (B)
DrWeb	BackDoor.AsyncRATNET.2
Zillya	Trojan.Agent.Win32.2739171
McAfee-GW-Edition	BehavesLike.Win32.Trojan.qm
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.62bb54a78b24fa77
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.MSIL.Agent
GData	IL:Trojan.MSILZilla.16844
Jiangmin	Backdoor.MSIL.fmrw
Avira	HEUR/AGEN.1202902
Arcabit	IL:Trojan.MSILZilla.D41CC
APEX	Malicious
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.MSILZilla.C5012937
Acronis	suspicious
McAfee	GenericRXSY-BE!62BB54A78B24
MAX	malware (ai score=85)
Rising	Trojan.Generic/MSIL@AI.90 (RDM.MSIL:pd1lBphzkzPj+pZ0R9sROQ)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.CTE!tr
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.4c02b1
Panda	Trj/GdSda.A

How to remove Backdoor.BoratRAT?

Backdoor.BoratRAT removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X