Backdoor.MSIL.Crysan.dhc (file analysis)

The Backdoor.MSIL.Crysan.dhc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.MSIL.Crysan.dhc virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine Backdoor.MSIL.Crysan.dhc?


File Info:
name: 3EE2FF8B43A78B26D5A0.mlw
path: /opt/CAPEv2/storage/binaries/b4c404305468bb0cf7e0ec138d63443bb517dfa6c66b4fe5d732f3ffa88e9f96
crc32: 578239FC
md5: 3ee2ff8b43a78b26d5a0d89c6ec82718
sha1: a934132377ce5f04050b57700ee230b44754f6ed
sha256: b4c404305468bb0cf7e0ec138d63443bb517dfa6c66b4fe5d732f3ffa88e9f96
sha512: 87be9d0ce11ccf10b6ce6e1649a5fe2c033d3c49ffc1ac7f2be1d84b30856612b7eb253434c1daf7fa25bc562b3e472a2253e7d2ad983ac6ad381cb28df6abce
ssdeep: 1536:1LlyWombONmk6qTzrk1T31XxUCB1Leqms9x1+hGhm8:15yWvS4PqTfk1T31XxVcqmsTHh7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ED24C9086B64C525C6991A76CE51C6B402142D4C3B61CE4F6BF43EAF3BBE6DB840B74B
sha3_384: a136c22b09eff76e7c32bdb8226d9bc84f6485766d30d2c2178f4de862f116f9d9ec86a8696097c3770e293d0eeb69f2
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-12-05 14:06:22

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.1
InternalName: you are an idiot.exe
LegalCopyright:  
OriginalFilename: you are an idiot.exe
ProductName: test bruh
ProductVersion: 0.0.0.1
Assembly Version: 0.0.0.1

Backdoor.MSIL.Crysan.dhc also known as:

Lionic	Trojan.MSIL.Crysan.m!c
MicroWorld-eScan	Trojan.GenericKD.38198197
McAfee	Artemis!3EE2FF8B43A7
Alibaba	Backdoor:MSIL/Crysan.db22c478
Cybereason	malicious.377ce5
Cyren	W32/MSIL_Kryptik.BWA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	Backdoor.MSIL.Crysan.dhc
BitDefender	Trojan.GenericKD.38198197
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.38198197
Sophos	Mal/Generic-R
TrendMicro	TROJ_GEN.R06BC0WL921
McAfee-GW-Edition	BehavesLike.Win32.Generic.dt
FireEye	Generic.mg.3ee2ff8b43a78b26
Emsisoft	Trojan.GenericKD.38198197 (B)
GData	Trojan.GenericKD.38198197
Jiangmin	Backdoor.MSIL.fibq
Webroot	W32.Trojan.Dropper
Arcabit	Trojan.Generic.D246DBB5
ViRobot	Trojan.Win32.Z.Agent.218112.QB
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.38198197
MAX	malware (ai score=84)
Malwarebytes	Backdoor.AsyncRAT
TrendMicro-HouseCall	TROJ_GEN.R06BC0WL921
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
BitDefenderTheta	Gen:NN.ZemsilF.34084.nm0@aCL8gdm
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A

How to remove Backdoor.MSIL.Crysan.dhc?

Backdoor.MSIL.Crysan.dhc removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X