Backdoor

Backdoor.MSIL.DCRat.jh removal instruction

Malware Removal

The Backdoor.MSIL.DCRat.jh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.DCRat.jh virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Anomalous binary characteristics

How to determine Backdoor.MSIL.DCRat.jh?



File Info:

name: 8CA66EEA75DDC5390B5A.mlw
path: /opt/CAPEv2/storage/binaries/959ee53f72e7f04360b14ca177f1eca0e3553cecdd244ac6082f5b44a9d2afd9
crc32: 0560B7FB
md5: 8ca66eea75ddc5390b5a65c0a71e7191
sha1: 59882b372a884915bef850c914ae17bfac40da15
sha256: 959ee53f72e7f04360b14ca177f1eca0e3553cecdd244ac6082f5b44a9d2afd9
sha512: dbbf73c52eb50d1d4efb6ec7a74f229adf1c38cee64d74cc28ae8305a4632c6ce68904f4c6d399df608f26ac66c7b9c3fe2ad061d450876fee32de8cef609153
ssdeep: 24576:dA/T4nDJcU/RSKiKf0+HLpTwwfeYsZtzorVRmZWp9CBnBPbtxqMEXMV62PKN6:dWT4nDD/YKbXLpl1yA5HCvP6BX/W+6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ED75338CA8EF97DEF838EB7005BE62AB688B3DB1817709C71DB18421027777C5679419
sha3_384: fad6a8166e6954570e7c6a4cd1fb4ee373f0b5e4d5885f11d4cc57156f1c0f46175b2c773353e28568a23fe37bb773f9
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2022-04-21 14:53:38


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.0.0.2
InternalName: ZipFolder.exe
LegalCopyright: Copyright (C) 2018
OriginalFilename: ZipFolder.exe
ProductName: VIVE Software
ProductVersion: 1.0.0.2
Translation: 0x0404 0x04b0

Backdoor.MSIL.DCRat.jh also known as:

BkavW32.AIDetect.malware2
LionicTrojan.MSIL.DcRat.m!c
tehtrisGeneric.Malware
CAT-QuickHealBackdoor.MSIL
McAfeeArtemis!8CA66EEA75DD
CylanceUnsafe
Sangfor[ASPACK 1.02B OR 1.08.03]
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.50223334
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyBackdoor.MSIL.DCRat.jh
AlibabaBackdoor:MSIL/DCRat.396b68ca
MicroWorld-eScanTrojan.GenericKD.50223334
RisingPUF.Pack-Enigma!1.BA33 (CLOUD)
Ad-AwareTrojan.GenericKD.50223334
EmsisoftTrojan.GenericKD.50223334 (B)
FireEyeGeneric.mg.8ca66eea75ddc539
SophosGeneric ML PUA (PUA)
IkarusPUA.Packed.Enigma
AviraHEUR/AGEN.1215880
MicrosoftBackdoor:Win32/Bladabindi!ml
ArcabitTrojan.Generic.D2FE58E6
GDataTrojan.GenericKD.50223334
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34638.Nz0@ayj5efab
ALYacTrojan.GenericKD.50223334
MAXmalware (ai score=88)
VBA32Trojan.Zpevdo
MalwarebytesBackdoor.DarkCrystal
TrendMicro-HouseCallTROJ_GEN.R002H07DT22
TencentMsil.Backdoor.Dcrat.Edxu
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.165414040.susgen
FortinetRiskware/Application
AVGWin32:Malware-gen
Cybereasonmalicious.72a884
AvastWin32:Malware-gen

How to remove Backdoor.MSIL.DCRat.jh?

Backdoor.MSIL.DCRat.jh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment