Backdoor.MSIL.Citrate.cw (file analysis)

The Backdoor.MSIL.Citrate.cw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.MSIL.Citrate.cw virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Backdoor.MSIL.Citrate.cw?


File Info:
name: 4649C880FA6EF9E6CFF7.mlw
path: /opt/CAPEv2/storage/binaries/54ef060a3158ba4fdca936d44de04807d567575d82d0b3e5187e87e726f0b49d
crc32: 1BEB1F19
md5: 4649c880fa6ef9e6cff7b4c75fba15c8
sha1: 0b55d2a48fc59f399dcb56cba854d527de778bcd
sha256: 54ef060a3158ba4fdca936d44de04807d567575d82d0b3e5187e87e726f0b49d
sha512: c8cc6886897b4f2ee848b296b01143dad8062c1eded0478013c6e56f14ba49f063c6713f4cb22d736c53dfb395385f25801e67cbd8265fbd1ca86218cf5b85b6
ssdeep: 384:tkqVphj/NST0DaSvvX06H+rc2tXs0lIQcc9aeRcpMQiW4zmkZXOfq1fKKZkLMhwZ:tBjFST01npH+rckctQXbOfq1PkgXKtP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FCF22918B7D8C12FF2EF4EB9799116602231F2BA1703D7C61DA916FEAA937004E11793
sha3_384: 6fc16706d9ebcc06959b2e094fcdd1916a3340017373cf341362e7044283f14ba62995e0237d8b26e327963e20940234
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-11-19 00:53:06

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: lime2.exe
LegalCopyright:  
OriginalFilename: lime2.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor.MSIL.Citrate.cw also known as:

Lionic	Trojan.Win32.Razy.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Trojan.GenericKD.38905553
FireEye	Generic.mg.4649c880fa6ef9e6
McAfee	RDN/Generic BackDoor
Cylance	Unsafe
Sangfor	Backdoor.MSIL.Citrate.cw
Alibaba	Backdoor:MSIL/Citrate.fb068535
BitDefenderTheta	Gen:NN.ZemsilF.34232.cm0@a4drgZb
Cyren	W32/Trojan.GPA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R002C0PB922
Paloalto	generic.ml
ClamAV	Win.Malware.Shelma-9937709-0
Kaspersky	Backdoor.MSIL.Citrate.cw
BitDefender	Trojan.GenericKD.38905553
NANO-Antivirus	Trojan.Win32.Citrate.icoebi
Avast	Win32:Malware-gen
Rising	Trojan.Kryptik!1.DB9C (CLASSIC)
Ad-Aware	Trojan.GenericKD.38905553
Sophos	Generic PUA AL (PUA)
TrendMicro	TROJ_GEN.R002C0PB922
McAfee-GW-Edition	BehavesLike.Win32.Trojan.nm
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.GenericKD.38905553 (B)
APEX	Malicious
GData	Trojan.GenericKD.38905553
Avira	BDS/Redcap.owccc
MAX	malware (ai score=80)
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.C4317955
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.38905553
Ikarus	Trojan.PowerShell.Crypt
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Citrate.CW!tr.bdr
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A

How to remove Backdoor.MSIL.Citrate.cw?

Backdoor.MSIL.Citrate.cw removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X