Backdoor

What is “Backdoor.MSIL.DCRat.qp”?

Malware Removal

The Backdoor.MSIL.DCRat.qp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.DCRat.qp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Anomalous binary characteristics

How to determine Backdoor.MSIL.DCRat.qp?



File Info:

name: 709CD39DB4DA89A3AB33.mlw
path: /opt/CAPEv2/storage/binaries/e4433050312b5d1002fbbadca0e840221ecbfb2e7b69f209bfdbcc4fe8944e78
crc32: B7331471
md5: 709cd39db4da89a3ab3361cf30581305
sha1: 09b8bd6478f6c4d09f316893eabe36bd856e6349
sha256: e4433050312b5d1002fbbadca0e840221ecbfb2e7b69f209bfdbcc4fe8944e78
sha512: 2a74083f7875e2e361ecff21999553f7bd85cedc476fc503565b8e1f3cbf04ea4b8d23132850a32c2b89aa66e3959f01566c33b56033c4e230d30faa57a8d9ef
ssdeep: 49152:2CY240223dwIA3OiM9XebWgoV0pDCXZZu4CmJ:2CY21223dz/FJV0xy3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1937533817789CE9CFF5D44389928B2928681722248BDB50005E6BE671F3137A7AD7CED
sha3_384: 14856483379622164fc1d5446291ff5231360819987f211064ed441cf7b7e2271be53ebf3653499c061d893291f6d09f
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2022-05-04 16:03:35


Version Info:

FileVersion: 5.15.2.0
OriginalFilename: libGLESv2.dll
ProductName: libGLESv2
ProductVersion: 5.15.2.0
Translation: 0x0409 0x04b0

Backdoor.MSIL.DCRat.qp also known as:

BkavW32.AIDetect.malware2
LionicTrojan.MSIL.DCRat.m!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen17.64791
MicroWorld-eScanTrojan.GenericKD.49100981
FireEyeGeneric.mg.709cd39db4da89a3
McAfeeArtemis!709CD39DB4DA
CylanceUnsafe
Sangfor[ASPACK 1.02B OR 1.08.03]
K7AntiVirusRiskware ( 0040eff71 )
AlibabaBackdoor:MSIL/DCRat.0319ed88
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34712.Lz0@a4XUf5ei
CyrenW32/ABRisk.LPES-2394
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Nanocore-9863301-0
KasperskyBackdoor.MSIL.DCRat.qp
BitDefenderTrojan.GenericKD.49100981
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.49100981
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.49100981 (B)
IkarusPUA.EnigmaProtector
GDataWin32.Backdoor.DCRat.YF8JSJ
AviraBDS/Redcap.mwhkw
ViRobotTrojan.Win32.Z.Enigmaprotector.1662976
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R492705
Acronissuspicious
VBA32Trojan.Zpevdo
ALYacTrojan.GenericKD.49100981
MalwarebytesTrojan.Dropper
APEXMalicious
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
MAXmalware (ai score=81)
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
AVGWin32:Malware-gen
Cybereasonmalicious.db4da8

How to remove Backdoor.MSIL.DCRat.qp?

Backdoor.MSIL.DCRat.qp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment