Categories: Backdoor

Backdoor.MSIL.Agent.GD information

The Backdoor.MSIL.Agent.GD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.Agent.GD virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
A process created a hidden window
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to remove evidence of file being downloaded from the Internet
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Nanocore RAT
Creates a hidden or system file
Creates a copy of itself
Collects information to fingerprint the system

Related domains:

mafianclub222.dynu.com

redirector.gvt1.com

r5—sn-4g5ednsd.gvt1.com

How to determine Backdoor.MSIL.Agent.GD?


File Info:
crc32: B2EE4690md5: fa00b43bb6f875f298aee36d1f470d04name: nanobles.exesha1: 247c66eb734493a5ec66a352f11a2105e161cac0sha256: d0a96988300e4c6372326a6472b6c3a963cde093cd53c89880d87978d9e6c322sha512: 4d1a99e82541cd1dc90190022b8aae00d3b4f8d53d4f5118e268ad16513f99d9db0440970a34042eed0dbe7a42fd8a413e631c29e9e6d7be349b5031fa6ea9e0ssdeep: 6144:sLV6Bta6dtJmakIM5BcKVF+V2r4BZBVO87Wx:sLV6BtpmkW/+3BZd7Wxtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
0: [No Data]

Backdoor.MSIL.Agent.GD also known as:

Bkav	W32.DropperFraudropK.Trojan
MicroWorld-eScan	Backdoor.MSIL.Agent.GD
FireEye	Generic.mg.fa00b43bb6f875f2
CAT-QuickHeal	Trojan.Orbus.C3
McAfee	Trojan-FICC!FA00B43BB6F8
Malwarebytes	Backdoor.NanoCore
Sangfor	Malware
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Backdoor.MSIL.Agent.GD
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (D)
Invincea	heuristic
F-Prot	W32/NanoCore.C.gen!Eldorado
Symantec	Trojan.Nancrat
APEX	Malicious
Avast	MSIL:NanoCore-B [Trj]
ClamAV	Win.Trojan.Nanocore-5
GData	MSIL.Backdoor.Nancat.A
Kaspersky	Trojan.MSIL.Agent.fpar
NANO-Antivirus	Trojan.Win32.Dwn.edxxmu
ViRobot	Backdoor.Win32.NanoCore.Gen.A
Rising	Backdoor.NanoCore!1.B6F9 (CLASSIC)
Ad-Aware	Backdoor.MSIL.Agent.GD
Sophos	Troj/NanoCor-BT
Comodo	Backdoor.MSIL.Noancooe.JDE@5s4u9t
F-Secure	Trojan.TR/Dropper.MSIL.Gen7
DrWeb	Trojan.Nanocore.23
VIPRE	Trojan.MSIL.NanoCore.B (fs)
TrendMicro	BKDR_NOANCOOE.SM
McAfee-GW-Edition	BehavesLike.Win32.PUPXBZ.dc
Emsisoft	Backdoor.MSIL.Agent.GD (B)
Ikarus	Backdoor.Rat.Nanocore
Cyren	W32/NanoCore.C.gen!Eldorado
Jiangmin	Backdoor.Generic.zwu
MaxSecure	Trojan.Malware.300983.susgen
Avira	TR/Dropper.MSIL.Gen7
MAX	malware (ai score=80)
Endgame	malicious (high confidence)
Arcabit	Backdoor.MSIL.Agent.GD
SUPERAntiSpyware	Backdoor.Nanocore/Variant
ZoneAlarm	Trojan.MSIL.Agent.fpar
Microsoft	Backdoor:MSIL/Noancooe.A
AhnLab-V3	Win-Trojan/Nanocore.Exp
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.33558.mmW@aOOCDsd
ALYac	Backdoor.MSIL.Agent.GD
TACHYON	Backdoor/W32.DN-Nanocore.207872
VBA32	TScope.Trojan.MSIL
Cylance	Unsafe
Panda	Bck/Agent.KNM
Zoner	Trojan.Win32.48280
ESET-NOD32	MSIL/NanoCore.E
TrendMicro-HouseCall	BKDR_NOANCOOE.SM
SentinelOne	DFI – Malicious PE
eGambit	Trojan.Generic
Fortinet	W32/Generic.AC.A0C!tr
AVG	MSIL:NanoCore-B [Trj]
Cybereason	malicious.bb6f87
Paloalto	generic.ml
Qihoo-360	HEUR/QVM03.0.2569.Malware.Gen