Categories: Backdoor

About “Backdoor.MSIL.NanoBot.aqsh” infection

The Backdoor.MSIL.NanoBot.aqsh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.NanoBot.aqsh virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
CAPE detected the NanoCore malware family
Creates a copy of itself
Creates known CypherIT/Frenchy Shellcode mutexes
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Backdoor.MSIL.NanoBot.aqsh?


File Info:
name: AFDCD1FBBCC896D421A2.mlwpath: /opt/CAPEv2/storage/binaries/c7bcd6bfb8874c0805b77dd4a6be020465280acfc2ae46b11cb226c72c50b89ecrc32: 71374211md5: afdcd1fbbcc896d421a29157fa8dbb4dsha1: 2e09c684e98e878a61b06fa35fc8a42046a66a2bsha256: c7bcd6bfb8874c0805b77dd4a6be020465280acfc2ae46b11cb226c72c50b89esha512: aa4a9f326f24909476c3e2856e4918437a1ec1bd4e9605723a57a35a48d1370ee55fa33e942d0c846c725d252f9649b4899bd331c661648fd32688c180612fb9ssdeep: 24576:GAHnh+eWsN3skA4RV1Hom2KXFmIawVBAB6p5losW2uFfJpQc5:hh+ZkldoPK1XaWG2C2Khttype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11055BE027792C036FEE6A2739F65F2465A7DBC690133C12F52983D78BD702B1276D262sha3_384: 033cea76438b37d72e20d7deb84849812bbd6bcb5ba692d6812e07f8632752d43bea5bb4174ea164f06bd234feacc8d9ep_bytes: e8c8d00000e97ffeffffcccccccccccctimestamp: 2019-06-07 17:15:15
Version Info:
FileDescription: AppvClientEventLogOriginalFilename: RtDCpl64CompanyName: tsconFileVersion: 777.557.698.676LegalCopyright: PackagedCWALauncherProductName: appmgmtsProductVersion: 125.348.318.512Translation: 0x0409 0x04b0

Backdoor.MSIL.NanoBot.aqsh also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.MSIL.NanoBot.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.AutoIT.16
ClamAV	Win.Malware.Dskb-6936526-0
ALYac	Gen:Trojan.Heur.AutoIT.16
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur.AutoIT.16
Sangfor	Virus.Win32.Save.a
K7AntiVirus	Trojan ( 0054ef461 )
Alibaba	Trojan:Win32/AutoitCrypt.180
K7GW	Trojan ( 0054ef461 )
Cybereason	malicious.bbcc89
Cyren	W32/AutoIt.QF.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Packed.AutoIt.QS
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.MSIL.NanoBot.aqsh
BitDefender	Gen:Trojan.Heur.AutoIT.16
NANO-Antivirus	Trojan.Win32.NanoBot.frezzx
Avast	AutoIt:Injector-JM [Trj]
Tencent	Msil.Backdoor.Nanobot.Bzlw
Ad-Aware	Gen:Trojan.Heur.AutoIT.16
Emsisoft	Gen:Trojan.Heur.AutoIT.16 (B)
DrWeb	Trojan.Nanocore.427
TrendMicro	Trojan.AutoIt.CRYPTINJECT.SMA
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.th
FireEye	Generic.mg.afdcd1fbbcc896d4
Sophos	Mal/Generic-S + Troj/NanoCo-OA
GData	Gen:Trojan.Heur.AutoIT.16
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1245455
Antiy-AVL	GrayWare/Autoit.DecData.a
Arcabit	Trojan.Heur.AutoIT.16
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Win-Trojan/AutoInj.Exp
Acronis	suspicious
McAfee	Artemis!AFDCD1FBBCC8
VBA32	Trojan.Autoit.F
Malwarebytes	Generic.Trojan.Injector.DDS
TrendMicro-HouseCall	Trojan.AutoIt.CRYPTINJECT.SMA
Rising	Trojan.Injector/Autoit!1.BB82 (CLASSIC)
Ikarus	Trojan.Win32.Autoit
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	AutoIt/Injector.EDB!tr
BitDefenderTheta	AI:Packer.53C124C417
AVG	AutoIt:Injector-JM [Trj]
Panda	Trj/CI.A