Backdoor

What is “Backdoor.MSIL.Crysan.bjy”?

Malware Removal

The Backdoor.MSIL.Crysan.bjy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.MSIL.Crysan.bjy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Backdoor.MSIL.Crysan.bjy?


File Info:

name: 9BB082906EF5E6B0E64E.mlw
path: /opt/CAPEv2/storage/binaries/d664f97da227676bd8e9be3067e9ff103185e0281f93639de36a34fa6ace8fd8
crc32: 131556B4
md5: 9bb082906ef5e6b0e64e63837bf97782
sha1: d9ec0e151a671533dfe6f7960247632247bbce27
sha256: d664f97da227676bd8e9be3067e9ff103185e0281f93639de36a34fa6ace8fd8
sha512: 113045fceb367b1c7168710c660784772ce4a039cdc299b8d08ee85a66d91601f7ebf077dffb9224d75cbee2d12406d18ee2845e718063fb0704b47ea02627bf
ssdeep: 98304:Zviz/27qWGq/TzuqCDl2Ptao7jKZ5jgNT:Zviq75/TzufpZ6NT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11EF5334176CC042BC6B1137028FD23871FB9BCB352759B4EB0C5508E19674A5BABAFE6
sha3_384: b1b61b6b025cc8ce84130310733b7adf406280d0ed9d7341d05865341362dca62a80749dca32080bbd60d873fb94b7c7
ep_bytes: e800070000e9000000006a5868687240
timestamp: 2000-11-24 11:50:57

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Auto-extracteur de fichier CAB Win32
FileVersion: 11.00.19041.322 (WinBuild.160101.0800)
InternalName: Wextract
LegalCopyright: © Microsoft Corporation. Tous droits réservés.
OriginalFilename: WEXTRACT.EXE .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.19041.322
Translation: 0x040c 0x04b0

Backdoor.MSIL.Crysan.bjy also known as:

LionicTrojan.Win32.Stealer.trGK
MicroWorld-eScanTrojan.GenericKD.39630899
FireEyeGeneric.mg.9bb082906ef5e6b0
ALYacTrojan.Dropper.ZNM
CylanceUnsafe
SangforSuspicious.Win32.Strictor.243562
K7AntiVirusTrojan ( 00539f6a1 )
AlibabaBackdoor:MSIL/Crysan.b324bb75
K7GWTrojan ( 00539f6a1 )
Cybereasonmalicious.06ef5e
CyrenDropper.BJYT
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDropper.Agent.RVE
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Malware.Generic-6895514-0
KasperskyBackdoor.MSIL.Crysan.bjy
BitDefenderTrojan.GenericKD.39630899
NANO-AntivirusTrojan.Win32.NanoBot.hzndlb
TencentWin32.Backdoor.Nanobot.Hwwe
SophosMal/Generic-S
ComodoMalware@#1k6vtoe0u788f
ZillyaDropper.Agent.Win32.436825
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
EmsisoftTrojan.GenericKD.39630899 (B)
Paloaltogeneric.ml
GDataTrojan.GenericKD.39630899
AviraTR/Drop.Agent.bmjxz
KingsoftWin32.Hack.Undef.(kcloud)
ArcabitTrojan.Generic.D25CB833
ViRobotTrojan.Win32.Z.Agent.3347456.B
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!9BB082906EF5
MAXmalware (ai score=82)
MalwarebytesGeneric.Trojan.Malicious.DDS
IkarusTrojan.Win32.Cab
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.RVD!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Backdoor.MSIL.Crysan.bjy?

Backdoor.MSIL.Crysan.bjy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment