Backdoor

Backdoor.RevengeRAT.MSIL (file analysis)

Malware Removal

The Backdoor.RevengeRAT.MSIL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.RevengeRAT.MSIL virus can do?

  • Creates RWX memory
  • Drops a binary and executes it
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
imaneblueyesvpn.ddns.net
a.tomx.xyz

How to determine Backdoor.RevengeRAT.MSIL?


File Info:

crc32: FF43FB5D
md5: 759e1216fa75f7fca3bc7c84094ca531
name: Client.jpeg
sha1: 399e938b13613873c3f50759ce9386a38968ca3f
sha256: d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
sha512: 7bb0bbe4033b966978c4a621822b40184e0a63748151cdfe50fb7d659c74dedae8c9e8fd142e1aaf495c23556683173b70ba65e4af14ebac44c6fa787fa66917
ssdeep: 192:KVXnf10lFOr1QRoTGe6ZLuM5UYBiVoo/MIPwdcvnbB+jR9nsVVIEytLu2s2:KVOztRo56Z7oEIPJvnbisVKEytLu2s2
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

0: [No Data]

Backdoor.RevengeRAT.MSIL also known as:

DrWebBackDoor.RevetRat.2
MicroWorld-eScanGen:Variant.Razy.478777
FireEyeGeneric.mg.759e1216fa75f7fc
CAT-QuickHealTrojan.MsilFC.S6060625
ALYacGen:Variant.Razy.478777
MalwarebytesBackdoor.RevengeRAT.MSIL
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.Razy.478777
K7GWTrojan ( 700000121 )
Cybereasonmalicious.6fa75f
TrendMicroBKDR_REVET.SM
BitDefenderThetaGen:NN.ZemsilF.34106.biW@aSwSeSn
CyrenW32/Revetrat.A.gen!Eldorado
TrendMicro-HouseCallBKDR_REVET.SM
ClamAVWin.Trojan.RevengeRat-6344273-0
GDataMSIL.Backdoor.RevengeRAT.B
KasperskyHEUR:Trojan.Win32.RRAT.gen
TencentWin32.Trojan.Rrat.Ahys
Ad-AwareGen:Variant.Razy.478777
SophosMal/Revet-A
ComodoTrojWare.MSIL.Revetrat.A@7osjcj
F-SecureTrojan.TR/ATRAPS.Gen
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.lm
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Razy.478777 (B)
F-ProtW32/Revetrat.A.gen!Eldorado
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Win32.RRAT
Endgamemalicious (high confidence)
ArcabitTrojan.Razy.D74E39
ZoneAlarmHEUR:Trojan.Win32.RRAT.gen
MicrosoftBackdoor:MSIL/RevengeRat.GA!MTB
AhnLab-V3Trojan/Win32.RL_Generic.C3444213
Acronissuspicious
McAfeeGenericRXEK-KS!759E1216FA75
MAXmalware (ai score=83)
VBA32TScope.Trojan.MSIL
PandaTrj/GdSda.A
APEXMalicious
ESET-NOD32a variant of MSIL/Agent.APN
RisingBackdoor.Revetrat!1.B8DA (CLASSIC)
YandexTrojan.Agent!kvDQ+RgVNIs
SentinelOneDFI – Malicious PE
eGambitTrojan.Generic
FortinetMSIL/RevengeRat.APN!tr
AVGWin32:MalwareX-gen [Trj]
AvastWin32:MalwareX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM03.0.A9CF.Malware.Gen

How to remove Backdoor.RevengeRAT.MSIL?

Backdoor.RevengeRAT.MSIL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment