Categories: Backdoor

Backdoor.DCRat removal instruction

The Backdoor.DCRat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.DCRat virus can do?

Creates RWX memory
Detected script timer window indicative of sleep style evasion
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
A scripting utility was executed
Uses Windows utilities for basic functionality
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Attempts to interact with an Alternate Data Stream (ADS)
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.DCRat?


File Info:
crc32: DAFD4CF8md5: df64af933dfaf7aa30570cc9239f9168name: c9675be9896d63f4d3020729f4f2bddd854a7000.exesha1: 70f44dc2e7b918dea69ee962d01ce9b0da0b25b5sha256: 98b13d8d760055f2471072c97e60ee6cc9cf8b3daab2765cbe29a64894b5a0b5sha512: dc3a373544054bf7a24e4c6142446e4209595021aa650e7f0af4847b4b4b3e5c47c841a2a294e8db90a24ee799a1cefda1658e7b51e8294d5cbd58461561e344ssdeep: 49152:2+XvFDhff7eSR6FKnp2AThMm30yLWdOnB1N1lj2sTiHeQAvN:jBtgnATl3zLWcnRj2s+ANtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
0: [No Data]

Backdoor.DCRat also known as:

MicroWorld-eScan	Trojan.GenericKD.32993287
FireEye	Generic.mg.df64af933dfaf7aa
CAT-QuickHeal	Trojan.Wacatac
McAfee	GenericRXJO-BH!DF64AF933DFA
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Generic.lXNp
Sangfor	Malware
K7AntiVirus	Trojan ( 0054f7ba1 )
BitDefender	Trojan.GenericKD.32993287
K7GW	Trojan ( 0054f7ba1 )
Cybereason	malicious.33dfaf
TrendMicro	TROJ_GEN.R002C0WAS20
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Rasftuby-7369445-0
GData	Trojan.GenericKD.32993287
Kaspersky	Trojan.Win32.Vasal.akk
Alibaba	Trojan:Win32/Vasal.0e6058f0
Tencent	Win32.Trojan.Vasal.Wugy
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.32993287 (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Heuristic.HEUR/AGEN.1041002
DrWeb	Trojan.PWS.Stealer.27916
Zillya	Trojan.Vasal.Win32.23
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.PUPXDE.vc
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Rasftuby
Cyren	W32/Trojan.OANE-8344
Avira	HEUR/AGEN.1041002
MAX	malware (ai score=81)
Arcabit	Trojan.Generic.D1F77007
ZoneAlarm	Trojan.Win32.Vasal.akk
Microsoft	Trojan:Win32/Occamy.C
AhnLab-V3	Dropper/Win32.RL_Agent.R266317
Acronis	suspicious
VBA32	Trojan.Vasal
ALYac	Trojan.GenericKD.32993287
Ad-Aware	Trojan.GenericKD.32993287
Malwarebytes	Backdoor.DCRat
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Packed.Enigma.CC
TrendMicro-HouseCall	TROJ_GEN.R002C0WAS20
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Enigma.CC!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Generic/HEUR/QVM11.1.D58F.Malware.Gen