About “Backdoor.MSIL.XCore.d” infection

The Backdoor.MSIL.XCore.d is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.MSIL.XCore.d virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Backdoor.MSIL.XCore.d?


File Info:
name: 5B12024760EF84CBE257.mlw
path: /opt/CAPEv2/storage/binaries/926a57171a61447e08a0afe3d3bb9651fa72277cf25ae922dfec8da98ce82304
crc32: 4AB45665
md5: 5b12024760ef84cbe2574de387ba4245
sha1: 874e9bf8815a8ccf23f665681c20228c742d1db2
sha256: 926a57171a61447e08a0afe3d3bb9651fa72277cf25ae922dfec8da98ce82304
sha512: 392743a05801326a4c8107e450eac08395fae6f796ffe699fc062f4152c3a0001cf0b55f63a9e169a7068d19fa25da8f20cff275c57e11c50029bbebb135dc63
ssdeep: 768:/zGN/vQ9hDaXTtM5lAimMQRngqBNhPpJRWTVo10+LtVDqis70r+6+nvEmxzFPzGL:LGNXWWtuEssJSo10+/qN70rLuzIL
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T16573509C76A076DFC95BCC36CAA81D68EB60B477930B9207901716E8A94D9DBCF044F3
sha3_384: 21b3f3755b70b150141d0864f81b95404f33e88284d1ac62a5b558bf67bb5db4712c5f5a516015997370ebb1f140a038
ep_bytes: ff250020400000000000000000000000
timestamp: 2094-09-04 06:16:51

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Service
FileVersion: 1.0.0.0
InternalName: 
LegalCopyright: Copyright ©  2019
LegalTrademarks: 
OriginalFilename: 
ProductName: Service
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Backdoor.MSIL.XCore.d also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.604643
FireEye	Generic.mg.5b12024760ef84cb
Cylance	Unsafe
BitDefender	Gen:Variant.Razy.604643
BitDefenderTheta	Gen:NN.ZemsilF.34182.em0@aed6tpei
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.DEE
Kaspersky	HEUR:Backdoor.MSIL.XCore.d
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:bCAHT+cjbF+80MKr4emnnA)
Ad-Aware	Gen:Variant.Razy.604643
Emsisoft	Gen:Variant.Razy.604643 (B)
SentinelOne	Static AI – Malicious PE
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.MSIL.Agent
GData	Gen:Variant.Razy.604643
Jiangmin	Backdoor.MSIL.clum
Avira	HEUR/AGEN.1209552
ZoneAlarm	HEUR:Backdoor.MSIL.XCore.d
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.C3997796
ALYac	Gen:Variant.Razy.604643
MAX	malware (ai score=89)
Malwarebytes	Trojan.Agent.MSIL
APEX	Malicious
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.760ef8
Avast	Win32:BackdoorX-gen [Trj]

How to remove Backdoor.MSIL.XCore.d?

Backdoor.MSIL.XCore.d removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X